I’ll just briefly explain what I have and what I’d like.
On same server I have a service which has also a web gui on http port 9091 for example. The service does not have a option to change the config to https within the app.
I also have apache on that server for snmp traps graphs. So I’d like to use that apache as a https proxy, so communication to apache is https, from apache to that mentioned web plain http.
Client <-> https proxy <-> http web ui
I don’t want just redirect.
Can you advise me a simple solution. Not lucky yet with search.
Thank you!
Mario
Worked with
<VirtualHost *:8843>
ServerName xxx
ServerAdmin webmaster#localhost
# DocumentRoot /var/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLCertificateFile /xxx.crt
SSLCertificateKeyFile /XXX.key
ProxyPreserveHost On
ProxyPass /transmission http://localhost:9091/transmission
ProxyPassReverse /transmission http://localhost:9091/transmission
Related
I have recently built a website using MapServer for an academic course. The course is finished, but I wanted to continue developing it. The website is using Apache/2.4.53 (Debian), running on Debian 11, set up as a Virtual Host.
I have recently installed https using Let's Encrypt.
The website works when using either http (http://kina3.net/) or https (https://kina3.net/), so I know that https is working.
I can serve up a example file through MapServer when using: http://kina3.net/cgi-bin/mapserv?map=bluemarble&mode=map
However when I try using https://kina3.net/cgi-bin/mapserv?map=bluemarble&mode=map it generates the following error:
msLoadMap(): Regular expression error. MS_DEFAULT_MAPFILE_PATTERN validation failed.
My research (MS_DEFAULT_MAPFILE_PATTERN validation failed) suggests that problem is because "The map location is missing or wrongly formatted".
However in the apache2 VirtualHosts config file both references point to the same mapfile. See extract from site configuration file below:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName kina3.net
ServerAlias www.kina3.net
# Redirect permanent / https://kina3.net
DocumentRoot /var/www/kina3.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SetEnv bluemarble "/var/www/map/bluemarble.map"
</VirtualHost>
### ERROR LOGS IN /var/log/apache2/access.log ###
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName kina3.net
ServerAlias www.kina3.net
DocumentRoot /var/www/kina3.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /****
SSLCertificateKeyFile /****
Include /****
SetEnv bluemarble "/var/www/map/bluemarble.map"
</VirtualHost>
What am i missing?
I managed to fix this problem ... and it's not glorious. Turns out that I had two VirtualHosts files running, with the other one taking precedence. So whatever changes I made in the VH example above would have no effect as the other took precedence.
So if you find yourself with a similar problem to me, try running:
sudo apachectl -S
and see what the VirtualHost configuration: is pointing to.
Also, once you post a link to your own website on StackOverflow, expect regular visits from web scrapers plus various shady IP addresses.
I'm trying to connect to my websockets server from outside the local network. I deployed a web app based on Laravel, everything works fine when developing locally, but deploying the app to my Raspberry Pi won't let my websockets server work. The problem might be with my Apache config, but I'm not sure. I'm using a Let's Encrypt certificate, so everything is configured as it should in Laravel and in Apache.
The browser can reach the websockets server, but at websocket's console messages it says this: Error during WebSocket handshake: Invalid status line.
It looks like the Websocket server is not returning a 101 code, but I don't know how to debug or fix this. I'm using the 443 port for websockets, so this is my Apache config:
<VirtualHost *:443>
ServerName drink.myhost.org
ServerAlias www.drink.myhost.org
# WEBSOCKETS CONFIG
ProxyRequests off
ProxyPass "/app/ABCFEDG" "ws://127.0.0.1:6001"
ProxyPass "/app/ABCFEDG" "wss://127.0.0.1:6001"
ProxyPassReverse "/app/ABCFEDG" "ws://127.0.0.1:6001/app/ABCFEDG"
ProxyPassReverse "/app/ABCFEDG" "wss://127.0.0.1:6001/app/ABCFEDG"
ServerAdmin webmaster#drink.myhost.org
DocumentRoot /var/www/html/drink/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/drink.myhost.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/drink.myhost.org/privkey.pem
</VirtualHost>
I'm stuck with my Apache-config and appreciate any help on this.
The config is like this:
The Apache redirects all http traffic to https
It proxies requests like https://domain.tld/app1 to http://domain.tld:9000/app1 (play apps are running at app-context /app*/...)
This works very well with the following Apache-config:
<VirtualHost *:80>
ServerName domain.tld
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://domain.tld/
Redirect permanent / https://domain.tld/
</VirtualHost>
<VirtualHost _default_:443>
#ssl-config here
<Proxy http://localhost:9000/*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /app1 http://domain.tld:9000/app1
ProxyPassReverse /app1 http://domain.tld:9000/app1
ProxyPassReverse /app1 http://domain.tld/app1
</VirtualHost>
The problem ist, that one play-application got a WebSocket added. Which isn't working with the above setup. So I read the stuff on the play-pages. Which led me to install mod_proxy_wstunnel. I also add the following lines to the config, but had no success with that:
ProxyPass /app1/timerWs ws://domain.tld:9000/app1/timerWs
ProxyPassReverse /app1/timerWs ws://domain.tld:9000/app1/timerWs
When I'm trying to connect to https://domain.tld/rlc/timerWs I got an 500 Internal Server Error, but there are no new, more specific errors in the apache error log.
How can I configure Apache to proxy WebSocket requests properly to my play applications?
My play-apps do not have https-adapters. All the https stuff is done by the Apache-proxy.
Play-apps are on version 2.5.
Apache is on 2.4.7.
Thanks a lot for your help.
Tobias
I have solved the issue now. What did the trick was to set-up https not only on the Apache, but also on Plays application server Jetty. To do so see this link. This leads to another ProxyPass address (notice the wss instead of ws):
ProxyPass /app1/timerWs wss://domain.tld:9000/app1/timerWs
ProxyPassReverse /app1/timerWs wss://domain.tld:9000/app1/timerWs
I also had to change the WebSocket address in my Javascript, to let the Browser know, where to find the WebSocket-Backend.
$(function() {
var WS = window['MozWebSocket'] ? MozWebSocket : WebSocket
var dateSocket = new WS("wss://domain.tld/rlc/timerWs")
var receiveEvent = function(event) {
$("#timer").html(event.data);
}
dateSocket.onmessage = receiveEvent
});
Before that I used a Play-route #routes.Application.timerWs().webSocketURL(request) to address the WebSocket.
I am running a Node.JS HTTP server on an Amazon EC2 instance.
My IP address and port are 54.169.62.98:7001. How do I point my Godaddy domain to this IP and port?
Is it possible to use a port other than 80?
Yes, simple.
Go to godady DNS manager and add a type A record pointing to your ip address like bellow.
Then go to your aws-ec2 console and add a custom inbound TCP rule under your AWS security group like bellow.
Open firewall for 7001/tcp on your server sudo ufw allow 7001/tcp
Run the node.js app on your server and then type 54.169.62.98:7001 on your browser
Good luck!
Some protocols such as XMPP can use SRV records, which does allow you to publish the port used. However, in the general case, especially web traffic, you can't point an A record to a TCP port.
It sounds like you would want to either get Node to listen on port 80, or install a reverse proxy (such as Nginx) on your EC2 instance to forward traffic on port 80 to 127.0.0.1:7001. There's a simple guide here.
Yes, you can point any instance of AWS via GoDaddy domain. You have to save A record for hit your instance via host # and point to your IP(54.169.62.98), after this you can hit you IP but not port 7001, for port distribution you will have to some config some file.
for Virtual host
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.example.org
ServerAlias example.org
Redirect permanent / https://example.org/
</VirtualHost>
For ssl config
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName example.org
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:7001/
ProxyPassReverse / http://localhost:7001/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /home/ubuntu/today.crt
SSLCertificateKeyFile /home/ubuntu/today.key
SSLCertificateChainFile /home/ubuntu/intermediate.crt
SSLCACertificateFile /home/ubuntu/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
I've just installed Jenkins on an EC2 machine. Jenkins is served via Apache with SSL on port 443. I haven't bought a certificate yet, so the https connection is insecure.
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName my_host_name
ServerAlias ci
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
ProxyRequests Off
ProxyPreserveHost off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy http://localhost:8080/*>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Jenkins refused to update my plugins. I've checked the URL at Manage Jenkins → Manage Plugins → advanced, and it was http://updates.jenkins-ci.org/update-center.json. I've tried downloading the file from curl at the server and it was downloaded without problems.
Why can't Jenkins download the json file for the updates?
This was fixed by using the secure coutnerpart for the url
https://updates.jenkins-ci.org/update-center.json
Instead of:
http://updates.jenkins-ci.org/update-center.json