Configure Apache reverse proxy and regular virtual host - linux

I've read several posts like mine, but none of them seem to work.
I've got a regular apache config on CentOS 7 with a working website, both HTTP and HTTPS (certbot).
I have another service with a web port of `:3000 and i'd like to have it work as such:
http(s)://example.com (regular website content)
http(s)://example.com/new_site (the service on port 3000)
I've got the website set up as a virtual host with a custom webroot in /var/www/example.com/docroot
This is my current working config. I realized that the connection between the localhost does not need to be HTTPS, just the incoming requests:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
ProxyPass /my_site http://localhost:3000
ProxyPassReverse /my_site http://localhost:3000
ErrorLog /var/log/httpd/my_vhost_log
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
</IfModule>
I also cleared up permissions issues by enabling the httpd_can_network_connect SELinux boolean.
UPDATE:
My issue now is that the above config overwrites my regular website content, so if you go to the https://example.com, it will just show the Apache welcome page, rather than the content in the /var/www/example.com/docroot.
Main config:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/docroot
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
</IfModule>

In the event that anyone comes across this,
The fix is simply to add the Proxy lines to your main domain config. You only need a single config file.

Related

How can I run NodeJS and Apache together with an Apache virtual host file on Centos8?

I have my NodeJS application running on example.com:3000. Obviously, this would be unpresentable to have to tell a user to type in :3000. I want it running on example.com, and I cannot set Node to :80 since my Apache PHP front end is on :80.
I am running CentOS 8. I created a file called proxy.conf in /etc/httpd/conf.d and dropped the following lines in it.
<VirtualHost *:80>
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
ProxyRequests On
ProxyPass / http://localhost:3000
ProxyPassReverse / http://localhost:3000
</VirtualHost>
But, it's just going to my regular non node page.
The question is, how does apache know you when you want the PHP server, or when you want the Node server. You need to split them by ServerName.
You need a ServerName attribute so that apache knows to send that VirtualHost to the other process.
<VirtualHost *:80>
// PHP Server
ServerName example.com www.example.com
</VirtualHost>
<VirtualHost *:80>
// Node Server
ServerName node.example.com
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
ProxyRequests On
ProxyPass / http://localhost:3000
ProxyPassReverse / http://localhost:3000
</VirtualHost>
Additionally, you will have to put node.example.com within DNS.

WHM/cPanel - Multiple IPs pointing to one root dir

we need our new dedicated IP address (and all future ones) to "point" to the same root directory of our VPS' "parent" domain (main domain with all business logic, where $_SERVER['host'] is detected to connect associated files etc. )
So, for example, domain.net (x.x.x.146) should show content of domain.com (x.x.x.170) etc
We have list of dedicated IPs, added to WHM. We have number of domain names, with those IPS as DNS A records. We have added those domains via cPanel to point to the same public_html..
But all the domains resolve to : cgi-sys/defaultwebpage.cgi with "SORRY! If you are the owner of this website, please contact your hosting provider:" error.
Any suggestions? This is supposed to be quite an easy task, but clearly - not so.
Thank you
Why do you need many IP address? one IP address should be enough for what you want to do.
Indeed HTTP/1.1 protocol is meant for this purpose: many different domains for one IP.
In your VPS you can use for example "Apache" as a Web server with this basic configuration:
ceate/edit on "/etc/apache2/sites-available/" example.com.conf :
<VirtualHost *:80>
DocumentRoot /home/user/pulic_html
ServerName example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
then create/edit example.org.conf:
<VirtualHost *:80>
ServerName example.org
Redirect permanent / http://example.com/
</VirtualHost>
and so on..
then to enable your configuration :
a2ensite example.com.conf example.org.conf
sudo service apache2 restart
If you still want to use many IPs you can install apache in every machine hosting the IP, then redirect to your main site/domain(http://example.com), as shown above. Otherwise, if your hosting provider allow, you can redirect your children domain to your parent domain from your provider website with GUI.
here is the solution. It is not ideal bot it looks like there's not much we can do, having cPanel/WHM installed.
<VirtualHost x.x.x.x:443>
ServerName domain.net
ServerAlias www.domain.net
DocumentRoot /home/user/public_html
#todo common contact mail
ServerAdmin support#domain.net
UseCanonicalName Off
<IfModule mod_suphp.c>
suPHP_UserGroup user user
</IfModule>
<IfModule ssl_module>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.net/chain.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</IfModule>
<IfModule headers_module>
RequestHeader set X-HTTPS 1
</IfModule>
</VirtualHost>
redirect from 80 to 443 set separately:
RewriteEngine On
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Host multiple asp.net core web application under a single linux server

I am new to asp.net core. I read the whole Microsoft official document and able to host the application in Linux Apache server. But I want to host multiple asp.net core web applications under a single IP Address. Please, anyone have the solution post here.
Thanks in Advance
The official document shows us a way to use Apache as a reverse proxy :
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName www.example.com
ServerAlias *.example.com
ErrorLog ${APACHE_LOG_DIR}helloapp-error.log
CustomLog ${APACHE_LOG_DIR}helloapp-access.log common
</VirtualHost>
Basically, this configuration will make Apache listens on *:80 and proxy any HttpRequest whose ServerName equals www.example.com to http://127.0.0.1:5000/.
This is how Apache used as an proxy to ASP.NET Core works.
As for your question, suppose you have two asp.net core web applications:
the first one is called WebApp1 and listens on 0.0.0.0:5000 .
and the other is called WebApp2 and listens on 0.0.0.0:6000 .
Your Apache server listens on 0.0.0.0:80. For any incoming http request,
when Host equals www.webapp1.org, proxy this request to 0.0.0.0:5000
when Host equals www.webapp2.org, proxy this request to 0.0.0.0:6000
So you could add two proxies :
proxy 1 :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName www.webapp1.org
ServerAlias *.webapp1.org
ErrorLog ${APACHE_LOG_DIR}webapp1-error.log
CustomLog ${APACHE_LOG_DIR}webapp1-access.log common
</VirtualHost>
proxy 2 :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:6000/
ProxyPassReverse / http://127.0.0.1:6000/
ServerName www.webapp2.org
ServerAlias *.webapp2.org
ErrorLog ${APACHE_LOG_DIR}webapp1-error.log
CustomLog ${APACHE_LOG_DIR}webapp2-access.log common
</VirtualHost>

Set up SVN Server over https

I'm trying to get an SVN server up and running. CentOS 6.4, apache 2.2.15. More importantly, I need to have it running on https only. So I figure that I'll get ssl running first, as I've already tested it on port 80, and SVN works the way I want it to.
In /etc/httpd/ssl, I have ..
intermediate.crt wildcard.mycompany.com.crt wildcard.mycompany.com.key
We bought a wildcard certificate from GeoTrust, and I downloaded the intermediate.crt from their website. In /etc/httpd/httpd.conf, I have..
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin my.email#mycompany.com
ServerName hostname.mycompany.com
ErrorLog logs/error_log
CustomLog logs/access_log common
Redirect permanent / https://hostname.mycompany.com
</VirtualHost>
<VirtualHost hostname.mycompany.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/wildcard.mycompany.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/wildcard.mycompany.com.key
SSLCertificateChainFile /etc/httpd/ssl/intermediate.crt
ServerName hostname.mycompany.com
ServerAdmin my.email#mycompany.com
ErrorLog logs/subversion-error_log
CustomLog logs/subversion-access_log common
</VirtualHost>
I can connect to the server, but my browser tells me that the certificate is untrusted. So I'm guessing that there's an error in the permissions, or perhaps in the format of the file?
I can't see anything in the logs.
I set this up at home on my own server, but wasn't using a wildcard certificate.
Anyone care to advise as to what's gone wrong?
Thanks.

Secure page with SSL in Apache and Document Root

i created the certificates with OpenSSL for use in localhost.
Fine, but when I set VirtualHost in Apache, if I set DocumentRoot the page is loaded normal, without a different mark in address bar.
When I don't specify a DocumentRoot, the Firefox load the Xampp page, but with secure mark in adress bar.
My actual Vhost is:
<VirtualHost *:443>
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ServerName www.agurbana.com.br
SSLCertificateFile "E:/agenda.crt"
SSLCertificateKeyFile "E:/server_unsecured.key"
SSLCACertificatePath "E:/"
SSLCACertificateFile "E:/ca.crt"
<FilesMatch "\.(cgi|shtml|pl|asp|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
DocumentRoot "E:/SITES/AU2/"
ErrorLog "E:/error.log"
<Directory "E:/SITES/AU2/">
AllowOverride All
Allow from All
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
how I can do appear a secure mark in address bar when i set up DocumentRoot?
By chance, do you also have a vhost set-up to listen to port:80 in your httpd-vhosts.conf file?
In that case, the scheme will be determined by the user, not by the server. You can get rid of the :80 listener, but now the user has to remember to type https, which is bad. Therefore use Apache re-directs to force usage of SSL, e.g. http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html

Resources