I have an environment where the JBOSS server sits on a linux machine and it's services accessed via Apache server running there.
I am not able access the JBOSS console as "http://:/console"
What changes apparently will I have to make in "httpd.conf" to access this url from outside.
The safer way of accessing your JBoss console is through an ssh tunnel.
Execute locally
ssh -L 7990:localhost:9990 username#your.jboss.server -N
and enjoy your remote server's console on your local machine on port 7990.
Opening console port on your web server is also a solution, but less secure one.
Try with:
<Location /console>
ProxyPass http://localhost:9990
ProxyPassReverseCookiePath / /console/
ProxyPassReverseCookieDomain localhost <YOUR PUBLIC IP ADDRESS>
</Location>
<Location /console/>
ProxyPassReverse /
</Location>
ProxyPreserveHost On
The thing with the ProxyPassand ProxyPassReverse directives is that it preserves the domain so you can handle cookies as is on JBoss side without any problems, and that sessions are tracked correctly.
The ProxyPassReverseCookiePath directive rewrites the path string in Set-Cookie headers. If the beginning of the cookie path matches internal-path, the cookie path will be replaced with public-path. And ProxyPassReverseCookieDomain rewrites the domain string in Set-Cookie headers.
See more:
apache httpd JBoss AS 7 admin console proxy
Apache Module mod_proxy
Related
I setup a local guacamole server for people in my work to access several VM's that we have running in the server. IN order to access guacamole the have to type http://ip:port/guacamole or after the host override I did in my pfsense DNS resolver http://guac.loc:port/guacamole. The problem is that even that some times is problematic for some of them so I want to do something like http://guac.loc so they can remember it easily. I did it for some with the hosta file but I can't different functionallities for some of them. So can anyone help on how to do that? Can I do it somehow from the web server? Or do I need to setup a DNS Server?
If I understand correctly, you want to have "simpler" URL, without port and "guacamole" path.
Guacamole by default runs under Tomcat on port 8080. However, you can put Apache in front of the Tomcat and proxy request to the guacamole. Apache can proxy and forward all requests to the Guacamole on the given port and path.
Something like the example below should work and also will redirect all http requests to the htpts. It is not mandatory to have SSL enabled, you can proxy http as well.
<VirtualHost *:80>
ServerName guac.loc
Redirect permanent / https://guac.loc/
</VirtualHost>
<VirtualHost *:443>
ServerName guac.loc
SSLEngine on
SSLCertificateFile /etc/ssl/certs/guac-loc.cer
SSLCertificateKeyFile /etc/ssl/private/guac-loc.key
SSLCACertificateFile /etc/ssl/certs/guac-loc-ca.crt
<Location /guacamole/>
ProxyPass http://localhost:8080/guacamole/ flushpackets=on
ProxyPassReverse http://localhost:8080/guacamole/
Order allow,deny
Allow from all
</Location>
</VirtualHost>
I have two web servers running Apache 2.4 on CentOS 7 and I am trying to set up a reverse proxy server for my web server. As of now, the proxy server is using a Let's Encrypt certificate, and when I access the proxy server before making changes to any virtual host configurations, I access the domain I have set up on the proxy and see a green lock in the upper left hand corner (no problems). I am using Firefox by the way.
Now, when I configure a virtual host to redirect the request to my web server, I get a web page with missing content (yellow exclamation point on the browser lock). My web browser appears to be blocking the images for my own protection, apparently. The proxy server appears to be redirecting my original request, which is good, but I am not see all the content load on-screen. It's likes it's been filtered out (it is) because the browser is just saying it's insecure.
How can I solve it?
Here is my configuration for a virtual host:
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
#
ProxyRequests Off
ProxyPass / http://IP:80/
ProxyPassReverse / http://IP:80/
</virtualhost>
I reviewed this article too: http://awesometoast.com/cors/
You should read about CORS (Cross Origin Resource Sharing)
After proxy pass (in the vhost config), try adding this (make sure you have apache mod_headers installed)
Header add "Access-Control-Allow-Origin" "*"
This is not a secure configuration, but the reason your resources are not loading and the yellow exclamation sign is showing up is because you are trying to load resources from a different domain, thus the browser is showing the site as not secure. Allowing the specific domains with the resources in the headers will tell the browser that the server with the resources is allowed.
Here are some links to refer:
Apache proxy with cors headers
Server Apache
I am running a java web application on tomcat 7.0, which is setup on media temple Ubuntu 16.04 server. The application is running on port 8080, and I have a domain which is binded to the port.
e.g. public-ip-of-server:8080 xyz.com
Now, I want to run a node js application (rocket-chat) on the same Linux server using port 3000. I have configured the whole application, and the application is running on localhost:3000/ but when I am trying to access the application using public IP of the server (e.g. public-ip:3000/), I am not able to access it.
I have allowed the traffic on port 3000 using command,
ufw allow 3000
I also edited apache2.conf,
ProxyPass /rocketchat http://public-ip-of-server:3000/
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module
modules/mod_proxy_http.so
but after changing this parameter I am not able to restart the apache2 service.
so I revert back the changes.
what should I do to run both the application (java and node js) on the same Linux server ? can anyone please help me out.
Just bind nodejs app to interface 0.0.0.0 instead of 127.0.0.1.
In your Apache configuration, you should use the localhost instead of public ip. So instead of:
ProxyPass /rocketchat http://public-ip-of-server:3000/
use:
ProxyPass /rocketchat http://localhost:3000/
I am using Ubuntu server so httpd.conf is not present there, so I have created another file, in sites-available folder of apache2.(e.g xyz.conf).
I have two domain which pointing to the same media temple name server,
I used one domain for pointing tomcat application on port 8080 and another domain for node js application on port 3000, by making virtual host in xyz.conf
<VirtualHost *:80>
ServerName xyz.com
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost *:80>
ServerName abc.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
After this I enabled proxy mode using command :
sudo a2enmod proxy
And also make this xyz.conf file as site configuration file, using command,
sudo a2ensite xyz.conf
It will ask you to reload the apache2 service,
just reload it and restart,
e.g sudo systemctl restart apache2.service
The problem resolved by forwarding the request, which is received on port 80 of apache2, to tomcat:8080 and nodejs:3000, by creating virtual host.
I have a virtual cloud server on aws where there is tomcat 7 running on port 8080 eg. a.x.y.z:8080 (where a.x.y.z is the public ip). I have an application deployed on the tomcat on context path "hello" so that I can access it like a.x.y.z:8080/hello .
Now I have bought a domain name example.com and have translated it to the public ip a.x.y.z so that now I can access my application via the url example.com:8080/hello but actually what I want is that on hitting example.com I would be able to access my application. How to achieve it ?
You can access your tomcat application with your domain name using mod_proxy modules, please login your server and update your httpd configuration with following code.
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
NOTE : Update your correct server IP instead of 0.0.0.0 in above code.
Ok, I solved the issue :
After installing apache2, in the /etc/apache2/apache2.conf file
I appended :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias example.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
Saved the file and restarted the apache2 server.
With this, whenever I hit example.com, I will get the homepage of tomcat (localhost:8080). then i opened the tomcat manager (example.com/manager/html) and stopped & undeployed the application at root (/) path. (As a result of this, whenever you hit example.com, you will no longer see tomcat homepage, instead a blank page)
Now I deployed my application as root in tomcat. If you are using maven you can do so like here .
As a result of this my application was available in example.com .
(If you don't deploy your application as root, you have to access it using example.com/myapp)
Now, whenever I hit example.com myapp will be accessed.
I have configured Sonar webserver to have all of the requests to go through Microsoft IIS server.
It was confirmed to work fine with requests via http protocol.
However, once the https was enabled, after successful login, Sonar webapp is trying to redirect to non-https url, causing it to timeout. If I then go and change the url to go to https, it shows as authenticated and continues to work as normal.
The same issue happens when you trying to logout - instead of redirecting to https page, it goes out to http.
What needs to be done to make Sonar post-login action to use the same protocol via which the login page was requested originally?
sonar.properties has:
sonar.web.host: 127.0.0.1
sonar.web.port: 9000
sonar.web.context: /sonar
IIS plugin has:
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:443"/>
<VirtualHost Name="*:9000"/>
</VirtualHostGroup>
<ServerGroup Name="sonar_group">
<Server Name="sonar_server">
<Transport Hostname="127.0.0.1" Port="9000" Protocol="http"/>
</Server>
</ServerGroup>
<UriGroup Name="sonar_host_URIs">
<Uri Name="/sonar*"/>
</UriGroup>
<Route ServerGroup="sonar_group" UriGroup="sonar_host_URIs" VirtualHostGroup="default_host"/>
Thanks.
In the web UI (while logged in as an admin user), go to Settings -> General and make sure the URL listed under Server Base URL starts with "https". This can also be set in the server's sonar.properties file using sonar.core.serverBaseURL
This is a well-known issue with the Ruby stack, and requires tweaking the web-server config -- not that of Sonar. On Apache you'd have to do the following, Im sure the pointers in the ticket will also lead you to a solution for IIS:
RequestHeader set X_FORWARDED_PROTO "https"