I have to setup a website https://xyz.abc.co.in using self-signed certificate. I have apache 2.2.3 on Redhat Linux. But the home page of that website should come from a remote server application i.e http://10.x1.x2.x3:7080/app working on glassfish.
When i write http://10.x1.x2.x3:7080/app in browser it opens http://10.x1.x2.x3:7080/app_web/login.html
Now on my Apache 2.2.3 i have following entry in my httpd.conf to call http://10.x1.x2.x3:7080/app through remote proxy :-
< VirtualHost * :443 >
ServerName xyz.abc.co.in
SSLEngine On
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
SSLCertificateFile /etc/*/redhat.crt
SSLCertificateKeyFile /etc/*/redhat1.key
SetOutputFilter proxy-html
ProxyPass / http://10.x1.x2.x3:7080/app/
ProxyPassReverse / http://10.x1.x2.x3:7080/app/
< /VirtualHost>
Now when i use https://xyz.abc.co.in in browser it gives error "NO DATA RECIEVED".
I have loaded module proxy_html also.
When i remove directive "SetOutputFilter proxy-html" then it gives error that :-
/app_web/login.html is not found on port 80 of apache 2.2.3 ( although it is hosted on glassfish on remote server). When I use "ProxyHTMLInterp On" then also there are the same errors recieved in browser.
....When i use "ProxyHTMLEnable On" it says invalid command while starting apache.
Please suggest.
Related
Following is my server environment
Server : VPS
Host : AWS EC2
OS : CentOS Linux 8.3.2011
Plesk : Plesk Obsidian 18.0.34
.Net Version : .Net Core 3.0 (Installed manually from linux CLI)
What I am look for
I am trying to deploy ASP.Net Core 3.0 api project to CentOS 8 server. Is there a way to use plesk to deploy this? May be by providing additional settings under "Apache & nginx Settings" (or any other way)?
Edit
Tried following this article - Error using ASP.NET Core in Ubuntu with Plesk
Have turned off - Reverse Proxy Server (nginx) from plesk
Added following configuration to "Additional Apache directive" under Apache & nginx Settings
.
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
SSLProxyEngine On
SSLProxyVerify none
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001/
ProxyPassReverse / https://127.0.0.1:5001/
But getting different error.
AH00898: Error during SSL Handshake with remote server returned by /
Any help would be highly appreciated.
Many Thanks & Regards
Finally after some detailed debugging and understanding how the flow works between Plesk, Apache, NginX and ASP.Net Core, managed to get it working. Added following configuration to "Additional Apache directive" under Apache & nginx Setting.
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder off
SSLCompression off
SSLSessionTickets on
SSLUseStapling off
SSLProxyEngine On
SSLProxyVerify none
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
Key thing to notice is that Proxy is redirecting to http and not https. But that is just internal in AWS server and user end is already protected by SSL configured through Apache.
I setup a local guacamole server for people in my work to access several VM's that we have running in the server. IN order to access guacamole the have to type http://ip:port/guacamole or after the host override I did in my pfsense DNS resolver http://guac.loc:port/guacamole. The problem is that even that some times is problematic for some of them so I want to do something like http://guac.loc so they can remember it easily. I did it for some with the hosta file but I can't different functionallities for some of them. So can anyone help on how to do that? Can I do it somehow from the web server? Or do I need to setup a DNS Server?
If I understand correctly, you want to have "simpler" URL, without port and "guacamole" path.
Guacamole by default runs under Tomcat on port 8080. However, you can put Apache in front of the Tomcat and proxy request to the guacamole. Apache can proxy and forward all requests to the Guacamole on the given port and path.
Something like the example below should work and also will redirect all http requests to the htpts. It is not mandatory to have SSL enabled, you can proxy http as well.
<VirtualHost *:80>
ServerName guac.loc
Redirect permanent / https://guac.loc/
</VirtualHost>
<VirtualHost *:443>
ServerName guac.loc
SSLEngine on
SSLCertificateFile /etc/ssl/certs/guac-loc.cer
SSLCertificateKeyFile /etc/ssl/private/guac-loc.key
SSLCACertificateFile /etc/ssl/certs/guac-loc-ca.crt
<Location /guacamole/>
ProxyPass http://localhost:8080/guacamole/ flushpackets=on
ProxyPassReverse http://localhost:8080/guacamole/
Order allow,deny
Allow from all
</Location>
</VirtualHost>
I've configured proxy reverse with apache 2.4 on a server (ip for example 192.168.1.10) as follows:
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost Off
ProxyPass "/foo/" "http://172.20.0.3/"
ProxyPassReverse "/foo/" "http://172.20.0.3/"
mod_proxy_html is loaded.
Where 172.20.0.3 is a docker container, hosted by the server.
When I browse to 192.168.1.10/foo/ I see on the url bar 192.168.1.10/index.php (index.php is the page I actually would like to browse), but the resources required to load index.php are not found. So I get 404 page not found.
Setting / instead of /foo works, but I need to configure other proxy on the same server too.
This Q/A does not provide solution for my case: Apache ProxyPass not loading Resources
What I'm missing? Thank you
I have a virtual cloud server on aws where there is tomcat 7 running on port 8080 eg. a.x.y.z:8080 (where a.x.y.z is the public ip). I have an application deployed on the tomcat on context path "hello" so that I can access it like a.x.y.z:8080/hello .
Now I have bought a domain name example.com and have translated it to the public ip a.x.y.z so that now I can access my application via the url example.com:8080/hello but actually what I want is that on hitting example.com I would be able to access my application. How to achieve it ?
You can access your tomcat application with your domain name using mod_proxy modules, please login your server and update your httpd configuration with following code.
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
NOTE : Update your correct server IP instead of 0.0.0.0 in above code.
Ok, I solved the issue :
After installing apache2, in the /etc/apache2/apache2.conf file
I appended :
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.com
ServerAlias example.com
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
Saved the file and restarted the apache2 server.
With this, whenever I hit example.com, I will get the homepage of tomcat (localhost:8080). then i opened the tomcat manager (example.com/manager/html) and stopped & undeployed the application at root (/) path. (As a result of this, whenever you hit example.com, you will no longer see tomcat homepage, instead a blank page)
Now I deployed my application as root in tomcat. If you are using maven you can do so like here .
As a result of this my application was available in example.com .
(If you don't deploy your application as root, you have to access it using example.com/myapp)
Now, whenever I hit example.com myapp will be accessed.
I am able to establish a websocket connection, from a clienJS to NodeJs. But fails to connect websocket, when the request pass through apache httpd.
Using Httpd2.4.7, I am getting the below error. Please let me know what needs to be corrected.
WebSocket connection to 'ws://172.27.38.86/socket.io/1/websocket/_uW8Sv7lgQfrZncTSzKu' failed: Error during WebSocket handshake: Unexpected response code: 502
Thanks & Regards
Jawahar
Apache SUCKS at handling websockets through proxies. I recommend either getting rid of the Apache layer, or modifying your socket.io settings to use XHR polling.
After 2.4.5, apache included a module called proxy_wstunnel on their trunk, not available yet on current ubuntu production versions of apache (2.4.7). It was somehow painful, but following roughly the steps listed on this blog-post I managed to install the module and use it successfully.
dpkg -s apache2 //this gives you the version of apache in my case "2.4.7-1ubuntu4.1"
//then you checkout that version of apache
svn co http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.7/
//you get into the directory just checked out
cd 2.4.7
//in there you checkout the Apache Portable Runtime Project and utils
svn co http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x srclib/apr
svn co http://svn.apache.org/repos/asf/apr/apr-util/branches/1.3.x srclib/apr-util
//you compile with the corresponding modules flags
./buildconf
./configure --enable-proxy=shared --enable-proxy_wstunnel=shared
make
//You copy the modules (mod_proxy and mod_proxy_wstunnel) to your apache working copy
//It could be advisable to backup the old mods first
sudo cp modules/proxy/.libs/mod_proxy{_wstunnel,}.so /usr/lib/apache2/modules/
sudo chmod 644 /usr/lib/apache2/modules/mod_proxy{_wstunnel,}.so
sudo echo -e "# Depends: proxy\nLoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so" | sudo tee -a /etc/apache2/mods-available/proxy_wstunnel.load
//you then enable your module and restart your apache... so now the module is ready to use
sudo a2enmod proxy_wstunnel
sudo service apache2 restart
and after all that, researching a little bit I found this page I configured my apache vhost file accordingly like this
<VirtualHost *:80>
ServerAdmin yourmail#mail.com
ServerName yoursubdomain.yourdomain.info
Redirect permanent / https://yoursubdomain.yourdomain.info
</VirtualHost>
<VirtualHost *:443>
ServerAdmin yourmail#mail.com
ServerName yoursubdomain.yourdomain.info
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
//these next two lines are to enable the wstunnel
ProxyPass /socket.io/1/websocket ws://localhost:9091/socket.io/1/websocket
ProxyPassReverse /socket.io/1/websocket ws://localhost:9091/socket.io/1/websocket
//this line is to retrieve the socket.io.js to use
ProxyPass /socket.io/ http://localhost:9091/socket.io/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/yourcert.crt
SSLCertificateKeyFile /etc/ssl/private/yourcert.key
SSLCertificateChainFile /etc/ssl/certs/your_bundle.crt
//your logs
CustomLog /var/log/apache2/yoursubdomain.yourdomain.info.log combined
ErrorLog /var/log/apache2/yoursubdomain.yourdomain.info.error.log
</VirtualHost>
And TaDaaa... I have a working node websocket responding on port 9091 through an apache proxy that gets everything trough the 443 standard ssl port.
I suppose ubuntu will soon include this module on their production version, but meanwhile this is the way to go
I had to setup ws tunnel in CentOs, where apache 2.2.15 was installed by default.
I have tried patching proxy_wstunnel module with apache 2.2.15. But no help. Finally I have decided to remove apache 2.2.15 and install apache 2.4 by following the official documentation from http://httpd.apache.org/docs/2.4/install.html
After installation (I have installed in the default location /usr/local/apache2/), I did the following to get tunneling work
uncomment the following lines from /usr/local/apache2/conf/httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Add a virtual host for tunneling websocket requests
<VirtualHost *:80>
ServerName subdomain.mydomain.com
ProxyPass / ws://localhost:8081/
ProxyPassReverse / ws://localhost:8081/
</VirtualHost>
from my frontend the websocket is connected via ws://subdomain.mydomain.com:80
restart apache using
sudo /usr/local/apache2/bin/apachectl -k restart