Apache reverse proxy configuration issue - linux

i have a problem with setting up an apache reverse proxy server and hope you can help.
I have 3 ubuntu web servers, available on https://service1.domain.com, https://service2.domain.com:4433 and so on...
Now, i will access these servers without typing the port in the addressbar.
So my idea is to use an reverse proxy server, that i can type in service2.domain.com and it redirects to service2 (https).
I installed an ubuntu server with apache and enabled the modules:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
Then i set up the 000-default.conf on the proxy with the following content:
<VirtualHost service1.domain.com:80>
ProxyPreserveHost On
ProxyPass / https://service1.domain.com/
ProxyPassReverse / https://service1.domain.com/
</VirtualHost>
<VirtualHost service2.domain.com:80>
ProxyPreserveHost On
ProxyPass / https://service2.domain.com/
ProxyPassReverse / https://service2.domain.com/
</VirtualHost>
The ports 80 and 443 on the router are forwarded to the proxy server.
On the service(1-3) servers, SSL is enabled with certificates from Lets Encrypt.
Now, if i try to open site service1.domain.com, i get an error (cert_name).
The sites now should not be accessible directly, because there is no port forwarding anymore.
My question is now, how is the right config for reverse proxies? Do i need to enable a certificate for each service also on the proxy server?
Thank you for your help!

Not exactly sure what your end goal is. The certificate is for the client facing server. If you want people to hit the site without having to set the port, you can use the Redirect statement in the virtual host config.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://www.example.com
</VirtualHost>
Which would forward any non ssl traffic to use the ssl virtual host.

Related

Change name of local web service

I setup a local guacamole server for people in my work to access several VM's that we have running in the server. IN order to access guacamole the have to type http://ip:port/guacamole or after the host override I did in my pfsense DNS resolver http://guac.loc:port/guacamole. The problem is that even that some times is problematic for some of them so I want to do something like http://guac.loc so they can remember it easily. I did it for some with the hosta file but I can't different functionallities for some of them. So can anyone help on how to do that? Can I do it somehow from the web server? Or do I need to setup a DNS Server?
If I understand correctly, you want to have "simpler" URL, without port and "guacamole" path.
Guacamole by default runs under Tomcat on port 8080. However, you can put Apache in front of the Tomcat and proxy request to the guacamole. Apache can proxy and forward all requests to the Guacamole on the given port and path.
Something like the example below should work and also will redirect all http requests to the htpts. It is not mandatory to have SSL enabled, you can proxy http as well.
<VirtualHost *:80>
ServerName guac.loc
Redirect permanent / https://guac.loc/
</VirtualHost>
<VirtualHost *:443>
ServerName guac.loc
SSLEngine on
SSLCertificateFile /etc/ssl/certs/guac-loc.cer
SSLCertificateKeyFile /etc/ssl/private/guac-loc.key
SSLCACertificateFile /etc/ssl/certs/guac-loc-ca.crt
<Location /guacamole/>
ProxyPass http://localhost:8080/guacamole/ flushpackets=on
ProxyPassReverse http://localhost:8080/guacamole/
Order allow,deny
Allow from all
</Location>
</VirtualHost>

How can I make a ProxyPass work for all pages without defining a new rule for each page

I'm very new to setting up apache configs. The docs don't make much sense to me, I have a node app running on a port that functions as a website, but I want to be able to connect to it with my domain. I've been looking around and figured I need to use a ProxyPass to redirect traffic from port 443 (https) to the port the app is running on (I already use apache for other stuff so I didn't want to switch). And it works generally, but is there a way to make only a single ProxyPass rule that will handle all pages (e.g. I go to https://example.com/ it will use https://localhost:4450/ and if I go to https://example.com/example it will use https://localhost:4450/example and for all other pages).
I would think I need a RewriteRule, but I don't really understand how I can get the page (whatever is after the first / or none) using it.
You simply run apache as a reverse proxy here is an example configuration:
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/file.pem
ProxyPreserveHost On
ServerName localhost
ProxyPass / http://0.0.0.0:4450/
ProxyPassReverse / http://0.0.0.0:4450/
</VirtualHost>
and you have to enable the proxy modules like that
a2enmod proxy
a2enmod proxy_http

how to run multiple cross platform web application on the same server using different ports?

I am running a java web application on tomcat 7.0, which is setup on media temple Ubuntu 16.04 server. The application is running on port 8080, and I have a domain which is binded to the port.
e.g. public-ip-of-server:8080 xyz.com
Now, I want to run a node js application (rocket-chat) on the same Linux server using port 3000. I have configured the whole application, and the application is running on localhost:3000/ but when I am trying to access the application using public IP of the server (e.g. public-ip:3000/), I am not able to access it.
I have allowed the traffic on port 3000 using command,
ufw allow 3000
I also edited apache2.conf,
ProxyPass /rocketchat http://public-ip-of-server:3000/
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module
modules/mod_proxy_http.so
but after changing this parameter I am not able to restart the apache2 service.
so I revert back the changes.
what should I do to run both the application (java and node js) on the same Linux server ? can anyone please help me out.
Just bind nodejs app to interface 0.0.0.0 instead of 127.0.0.1.
In your Apache configuration, you should use the localhost instead of public ip. So instead of:
ProxyPass /rocketchat http://public-ip-of-server:3000/
use:
ProxyPass /rocketchat http://localhost:3000/
I am using Ubuntu server so httpd.conf is not present there, so I have created another file, in sites-available folder of apache2.(e.g xyz.conf).
I have two domain which pointing to the same media temple name server,
I used one domain for pointing tomcat application on port 8080 and another domain for node js application on port 3000, by making virtual host in xyz.conf
<VirtualHost *:80>
ServerName xyz.com
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost *:80>
ServerName abc.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
After this I enabled proxy mode using command :
sudo a2enmod proxy
And also make this xyz.conf file as site configuration file, using command,
sudo a2ensite xyz.conf
It will ask you to reload the apache2 service,
just reload it and restart,
e.g sudo systemctl restart apache2.service
The problem resolved by forwarding the request, which is received on port 80 of apache2, to tomcat:8080 and nodejs:3000, by creating virtual host.

Hide remote Node URL when reverse proxying with Apache

I have a CentOS VPS which is serving HTTP requests via Apache and delivers a HTML site. I am also hosting a Ghost blog on the same VPS, which listens on port 2368. Therefore the main site can be accessed via www.domain.co.uk and the Ghost blog via www.domain.co.uk:2368/blog.
I have configured a Reverse Proxy via Apache so that the port can be hidden from the user, i.e. www.domain.co.uk/blog proxies to www.domain.co.uk:2368/blog.
Is it possible for me to 'hide' the original blog URL so that a user never sees the 2368 port? Therefore, if a user ever accesses www.domain.co.uk:2368/blog this will actually 'redirect' to www.domain.co.uk/blog.
I guess something like a proxy from www.domain.co.uk:2368/blog -> www.domain.co.uk/blog; though this would have to be handled by the node application as it listens on that port?
Virtual Host configuration is as such:
<VirtualHost *:80>
ServerName www.domain.co.uk
ServerAlias domain.co.uk
DocumentRoot /var/www/domain.co.uk/public_html
ErrorLog /var/www/domain.co.uk/error.log
CustomLog /var/www/domain.co.uk/requests.log combined
ProxyRequests Off
ProxyPass /blog http://127.0.0.1:2368/blog
ProxyPassReverse /blog http://127.0.0.1:2368/blog
</VirtualHost>

Exposing a webserver not listening on port 80

My question is probably trivial and a duplicate, but either I cannot formulate it or it's not been answered on SO yet.
I have two webservers on a Digital Ocean droplet. One is listening on port 80 and can be accessed via example.com (DNS are on route 53), and the other is on port 8080: how can I make it accessible from example-2.com?
I suppose the software I'm looking for would intercept the HTTP requests, check the referrer, and route those coming from example.com to port 80 and those coming from example-2.com to port 8080. What is it?
This can not be done using only DNS. By default web browsers attempt to connect to port 80 when the url starts with "http" without specifying a port. The user would have to know to connect to port 8080 and explicitly access the URL as
http://example-2.com:8080
I am assuming you are running both web server instances on the same OS environment/IP address, though this would also work for separate hosting environments. What you probably want is a reverse web proxy which can inspect the requested domain name and route to an appropriate server instance. You would run the reverse web proxy on port 80, and probably move the server you are currently running on port 80 to another port (say, 8081).
Apache with mod_proxy and the virtual hosting settings is a possible solution. Assuming example.com and example-2.com point to the Apache instance configure it something like this:
<VirtualHost *:80>
ServerName example.com
ServerAdmin webmaster#example.com
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>
<VirtualHost *:80>
ServerName example-2.com
ServerAdmin webmaster#example-2.com
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
</VirtualHost>

Resources