I have a NodeJs app running behind an Apache configuration using ProxyPass. The HTTPS is setup using Letsencrypt.
As you probably know, to validate a Letsencrypt certificat, we have to handle a request like the one bellow, sent by Letsencrypt server.
http://sub.afakedomain.com/.well-known/acme-challenge/some-random-stringhere
At the moment, the request results into a 404 Not Found because the ProxyPass redirect the request directly to my NodeJs app which didn't handle this request.
A solution would be to define a route in my NodeJs app to handle the request
Another solution would be to detect the request in Apache and instead of routing the request to the NodeJs app, route it directly to the folder containing the .well-known directory.
I would like to use the Apache solution, but I'm not able to find the right way to do it.
Path to well-known directory
/var/www/html/.well-known/
My vhost setting
<VirtualHost *:80>
DocumentRoot /var/www/html/fail
ServerName sub.afakedomain.com
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyRequests Off
ServerName sub.afakedomain.com
Proxypass / http://localhost:5555/
ProxyPassReverse / http://localhost:5555/
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/afakedomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/afakedomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/afakedomain.com/chain.pem
SSLCACertificateFile /etc/letsencrypt/live/afakedomain.com/fullchain.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
If you have some suggestions, feel free! Thanks!
If you want to exclude the .well-known directory from being proxied, you just need to add an exclusion. Add the following before the existing ProxyPass lines:
ProxyPass /.well-known/ !
And you should be all set. See the ProxyPass documentation for more info.
Related
I am hosting a website on an EC2 instance that also hosts a Node.js backend app. I have the page running on an apache server and I am trying to figure out the correct settings to have the front end call the node app on a different port instead of attempting to hit port 80/443.
Website: https://my.website.com/
When user submits a form, they're redirected to: https://my.website.com/auth/
Node app listening on port 4000
I think what needs to happen is when a user is redirected, "https://my.website.com/auth" shows in the address bar but "localhost:4000/auth" is what is being fetched in the background. I have tried changing around the conf file several different ways to no avail.
My current apache2 my.website.com.conf file looks like this:
LoadModule proxy_http_module modules/mod_proxy_http.so
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerAdmin admin#my.website.com
ServerName my.website.com
ServerAlias www.my.website.com
DocumentRoot /var/www/my.website.com/html
<Location /auth/twitter>
ProxyPass http://localhost:4000/auth/
ProxyPassReverse http://localhost:4000/auth/
</Location>
RewriteEngine on
RewriteCond %{SERVER_NAME} =my.website.com [OR]
RewriteCond %{SERVER_NAME} =www.my.website.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>```
Any help is appreciated, I'm banging my head against the wall trying to get it towork.
I have installed and configured Wordpress on my server using also apach2 virtualhosts.
I made a virtualhost with this config
<VirtualHost *:80 *:443>
ServerAdmin yourluxuryroad#gmail.com
ServerName yourluxuryroad.com
ServerAlias www.yourluxuryroad.com
DocumentRoot /var/www/yourluxuryroad
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.yourluxuryroad.com [OR]
RewriteCond %{SERVER_NAME} =yourluxuryroad.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /node-yrl-book http://localhost:5000
ProxyPassReverse /node-yrl-book http://localhost:5000
</VirtualHost>
<Directory /var/www/yourluxuryroad/>
AllowOverride All
</Directory>
As you can see from the config i'm trying to set the ProxyPass directive for redirect the requests recived on the path /node-yrl-book to a nodejs service ( made using expressjs ) at port 5000 but this is not working, instead of getting a redirect to that service i get the 404 Page not found wordpress page.
If I make a request at my_ip/node-yrl-book instead it works correctly and i am redirected to the service at port :5000
I suppose that i'm missing something in my configuration but i'm not understanding what..
Maybe is something in wordpress that has to be changed?
You have way too much going on.
ProxyPass -or- DocumentRoot, not both.
You can either serve the page from apache (by using DocumentRoot), or you can serve the page from nodejs (by using ProxyPass).
Finally i solved this, I made an SSL certificate for my website using let's encrypt certbot, This script created a new virtualhost in another file for the https requests ( called /etc/apache2/sites-available/myDomain-le-ssl.conf ) That virtualhost was overriding my proxypass directive, editing also this virtualhost made all work
In my apache error logs, I have bunch of ssl warnings saving You configured HTTPS(443) on the standard HTTP(80) port!
Here is my site.ca.conf file
<VirtualHost *:80>
ServerName site.ca:80
DocumentRoot "/var/www/site/public"
<Directory "/var/www/site/public">
AllowOverride all
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =site.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
and here is my site.ca-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName site.ca:80
DocumentRoot "/var/www/site/public"
<Directory "/var/www/site/public">
AllowOverride all
</Directory>
ServerAlias site.ca
SSLCertificateFile /etc/letsencrypt/live/site.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site.ca/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Every thing works fine. I am not sure why this warning shows up every day in my apache log files, and how can I resolve it?
Generally, this is because you do not have any SSL configuration on the virtual host on port 443. You may need to enable "SSLEngine on" and provide certificate information. The warning indicates are serving regular HTTP traffic on what is usually an HTTPS port.
In these config files listed by the requester, there are some tweaks/corrections to be done:
we don't need to have a DocumentRoot in the site.ca.conf because we will redirect HTTP to the HTTPS (site.ca-le-ssl.conf)
the ServerName directive shouldn't have a port number, instead it should be in the VirtualHost level
the ServerName and ServerAlias should be near to each other and there should be www.site.ca as an Alias too in both files to handle the requests containing the www
in site.ca-le-ssl.conf file there is a ServerName site.ca:80 and that's not correct (there should be no port number)
there must be a SSLEngine on in the site.ca-le-ssl.conf
I hope that help someone even this is an old question
I have a single VPS with one IP. I'm using Apache to serve cloud.mysite.com and I have a NodeJS application listening on port 3000.
I'm trying to configure my VPS in a way so that when I visit mysite.com, I get my NodeJS application.
Instead, when I visit mysite.com, I'm forwarded to cloud.mysite.com.
My .conf files are below.
mysite.com.conf
<VirtualHost mysite.com:80>
ServerName mysite.com
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
cloud.mysite.com
<VirtualHost cloud.mysite.com:80>
ServerName cloud.mysite.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.mysite.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
<VirtualHost cloud.mysite.com:443>
# Basics
ServerName www.cloud.mysite.com
ServerAlias www.cloud.mysite.com
# Next line puts ownCloud at the domain root instead of a /owncloud/ subdirectory (e.g. example.com vs. example.com/owncloud/)
Alias /owncloud "/var/www/owncloud/"
DocumentRoot /var/www/owncloud
# SSTL STUFF GOES HERE
# ownCloud
<Directory /var/www/owncloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
</Directory>
</VirtualHost>
SSLStaplingCache shmcb:/var/run/ocsp(128000)
Edit: I resolved this by clearing my cache.
It seems that it should proxy requests to your Node app if it's running on and listening on port 3000 on the same host, or fail if it isn't - but not to proxy requests to the other virtual host.
Make sure that you restarted Apache or made it reload the configuration after you made those changes and that your new config file is where it should be and is enabled.
I have searched like crazy to find an answer for this... so here goes the scenario:
I have a server that hosts several domains. However, the main domain should be the only one loading as HTTPS.
Whenever I try the following code:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.MAINDOMAIN.com/$1 [R,L]
The rest of the domains change from http://www.site.com to HTTP(S)://www.MAINDOMAIN.com/FolderName and so on.
How can I go about this?
The most straightforward way to do this is to have only one virtual host, www.maindomain.com, available on port 443, and have only www.maindomain.com:80 redirect to https.
<VirtualHost *:80>
ServerName www.maindomain.com
Redirect / https://www.maindomain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.maindomain.com
SSLEngine on
...
</VirtualHost>
<VirtualHost *:80>
ServerName www.site.com
...
</VirtualHost>
No RewriteRule is needed. If you want you can also have HTTPS on the other sites redirect to HTTP:
<VirtualHost *:443>
ServerName www.site.com
SSLEngine on
Redirect / http://www.site.com/
</Virtualhost>
Otherwise https://www.site.com will be served by https://www.maindomain.com, since that will be the only virtual host available by HTTPS. That will make it the default virtual host for HTTPS, so it will serve all HTTPS requests.