I setup ProxyPass & ProxyPassReverse. But the website I need to access still detect my real IP (my ISP IP) instead my proxy server IP. What I notice is HTTP_CF_CONNECTING_IP showing my real IP. Is there a way to modify so that it detect my proxy server IP.
I unset the X-Forwarded-For and able to change the IP except HTTP_CF_CONNECTING_IP
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLProxyVerify none
SSLProxyCheckPeerName off
ProxyRequests On
ProxyAddHeaders Off
ProxyPass / https://otherwebsite.com/
ProxyPassReverse / https://otherwebsite.com/
ProxyPassReverseCookiePath / /
ProxyPassReverseCookieDomain .otherwebsite.com .myproxy.com
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s/otherwebsite.com/myproxy.com/ni"
RequestHeader unset Accept-Encoding
RequestHeader unset X-Forwarded-For
Related
I have a springboot application that serves a page of images. These images live in a directory outside of the application in order to give certain people access to add more photos over a network share. /home/user1/share/static-images. Running this locally I am able to get things to work. But when putting this application behind nginx, I've setup the proxy_pass like this:
server {
listen 80;
listen [::]:80;
server_name www.domain.com;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
This seems to work as far as it is displaying the page and any local images inside the springboot app. But none of the images from the static path are showing up. I've tried adding a path like this:
location /static-images {
root /home/user1/share/static-images;
}
But this throws a 403 forbidden message. I've new to nginx, so I'm assuming this is just an nginx configuration problem. Any clues?
please try this
location /static-images/ {
alias /home/user1/share/static-images/;
}
and reload the nginx
The requested URL path is appended to the configured root. So if someone requests http://www.example.com/static-images/img.png, the URL path is /static-images/img.png and nginx translates this to /home/user1/share/static-images/static-images/img.png in your current configuration.
Changing the root to /home/user1/share; here is probably what you want.
Sorry #slauth I am unable to verify if that works. I ended up switching to Apache and this configuration worked.
<Virtualhost *:80>
ServerName domain.com
ServerAlias www.domain.com
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</Virtualhost>
I have a Pyramid application running on an internal server using mod_wsgi-express. The address internally is http://172.31.15.111:6543/myapp/
I want to make it available externally using Proxy and SSL. So I have the following Apache configuration:
<VirtualHost *:443>
ServerName myapp.org
ProxyRequests Off
ProxyPreserveHost On
# proxy pass /myapp to the internal:6543/myapp
ProxyPass /myapp http://172.31.15.111:6543/myapp/
ProxyPassReverse /myapp http://172.31.15.111:6543/myapp/
<Proxy *>
allow from all
</Proxy>
ProxyTimeout 1200
</VirtualHost>
The problem that I have is that when I use "request.route_url()" or "request.host_url" it resolves to HTTP and not to HTTPS.
I am using Waitress with the following configuration:
[server:main]
use = egg:waitress#main
listen = localhost:6543
I tried also:
[server:main]
use = egg:waitress#main
#listen = localhost:6543
host = 172.31.15.111
port = 6543
url_scheme = https
I also tried having request headers in apache:
RequestHeader set X-Forwarded-Port 443
RequestHeader set X-Forwarded-Scheme https
But I get the same result. Any idea how to resolve it is highly appreciated.
What I want to achieve:
Browser -> Apache (https) -> Sonarqube (http)
Problem:
Location header from Sonar is http://.., so accessing
https://trm.tine.no/sonar
redirects to
http://trm.tine.no/sonar
I have folllowed the instructions for standard reverse proxy infrastructure as described here:
http://docs.sonarqube.org/display/SONAR/Running+SonarQube+Over+HTTPS
ProxyPreserveHost On
ProxyRequests Off
..
.. SSL config goes here
..
RequestHeader set X-Forwarded-Proto "https"
#SONAR related configurations
AllowEncodedSlashes NoDecode
ProxyPass /sonar http://<my.ip>:9000/sonar disablereuse=On nocanon
ProxyPassReverse /sonar http://<my.ip>:9000/sonar
I have verfied the X-Forwarded-Proto header by proxying Nexus (which also relies on X-Forwarded-Proto), and this works as expected.
curl confirms the Location header as http, not https
curl -I https://trm.tine.no/sonar
HTTP/1.1 302 Found
Date: Wed, 21 Oct 2015 13:49:39 GMT
Server: Apache-Coyote/1.1
Location: http://trm.tine.no/sonar/
Transfer-Encoding: chunked
Wondering what I might be missing, or if this is an actual bug?
Running Sonarqube 5.1.1
Solution
The proposed solution from #kraal did not have any effect for us, but if you append / to the URI it works.
E.g.
curl -I https://trm.tine.no/sonar
HTTP/1.1 302 Found
Date: Thu, 22 Oct 2015 10:53:23 GMT
Server: Apache-Coyote/1.1
Location: http://trm.tine.no/sonar/
Transfer-Encoding: chunked
As we can see, Location is still set to http, but the following works (note the / at the end)
curl -I https://trm.tine.no/sonar/
HTTP/1.1 302 Found
Date: Thu, 22 Oct 2015 10:53:25 GMT
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Location: https://trm.tine.no/sonar/sessions/new
X-Frame-Options: SAMEORIGIN
Content-Type: text/html;charset=utf-8
Content-Length: 104
Set-Cookie: JSESSIONID=A8B19F73D93B35BCA24F019EEB848666; Path=/sonar/; HttpOnly
So there seems to be something happening when Sonar redirects to /sonar/sessions/new (the login page), which behaves differently from /sonar/ to /sonar
Appending the / to the URI is a workaround which works for us.
The issue is probably due to your ProxyPassReverse. Here follows an excerpt from our configuration (with apache < 2.2.18):
<VirtualHost *:443>
# https and port are specified in order to make sure that the server generates the correct
# self-referential URLs.
ServerName https://visiblehost:443
# ... SSL and other configuration here
# ProxyRequests must be set to "off" as we use Apache as a reverse proxy.
ProxyRequests Off
# ProxyPreserveHost must be set to "on" in order to pass the Host: line from the incoming request to the
# proxied host, instead of the hostname specified in the ProxyPass line.
ProxyPreserveHost On
# AllowEncodedSlashes must be set to "on" in order to preserve urls built by SonarQube which include
# encoded slashes. Once we upgrade to Apache 2.2.18, the property will need to be set to "NoDecode".
AllowEncodedSlashes On
# Some RequestHeaders must be set in order for the headers to have the right value required for https
# communications.
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
# ProxyPass defines that Apache communicates with SonarQube using ajp protocol
# and that no canonalization has to be done.
# ReverseProxyPass defines that https communications are only done between client
# and Apache.
ProxyPass /sonar ajp://hiddenhost:port/sonar nocanon
ProxyPassReverse /sonar https://visiblehost/sonar
</VirtualHost>
As you can see, on the one hand, ProxyPassReverse defines that https communications have to be done between users and the reverse proxy on /sonar context root. The specified URL is the Apache URL that is "visible" to users.
On the other hand ProxyPass defines that Apache sends all trafic on /sonar to a "hidden" URL. In our case we use AJP protocol in order to make sure that this URL is not accessible directly, but if you're using http the configuration should be similar (replace ajp with http).
Hope it helps,
Michel
(For anyone who stumbles on this post, I posted a similar problem in the google group: https://groups.google.com/forum/#!topic/sonarqube/mztZGAvG_I0 and was notified off this post by a replyer, it was not my intention to cause duplication)
Regarding the fix that works for you by changing the trailing slashes, sadly this did not work for me (I already appended them) Removing them does also not work.
In my case with Apache 2.4 and Sonarqube 8.0 I solved with:
<Location /sonarqube>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
ProxyPreserveHost On
ProxyPass http://192.168.10.15:9000/sonarqube
ProxyPassReverse http://192.168.10.15:9000/sonarqube
</Location>
I created a web application that runs on a ubuntu server with JBoss EAS 6.2 and Apache2 with mod_proxy enabled, but when I open the page in the browser, the images do not load.
This is my Apache configs:
<VirtualHost *:*>
ProxyRequests On
ProxyPreserveHost On
ProxyPass / http://pegabuzz.com:8080
ProxyPassReverse / http://pegabuzz.com:8080
ServerName pegabuzz.com
<Location />
Order deny,allow
Allow from All
</Location>
</VirtualHost>
What can I do?
EDIT 2:
In the browser console, I get this:
Failed to load resource: the server responded with a status of 502
(Proxy Error)
The path is:
http://pegabuzz.com/images/pegabuzz_site.jpg
The site URL:
pegabuzz.com
It looks that you have missed the trailing bar after the server port on your ProxyPass and ProxyPassReserves directives.
Try using:
ProxyPass / http://pegabuzz.com:8080/
ProxyPassReverse / http://pegabuzz.com:8080/
Because your server return an error during the DNS query:
Reason: DNS lookup failure for: pegabuzz.com:8080images
Please see what URL it creates for images with help of Firebug plugin in Firefox.
Thing which you need to focus would be missing slashes or path in the URL.
I'am having troubles configuring Apache and Tomcat, this is the scenario:
I have an Apache Web Server, running and working normally, I can access to this one just typing:
http://localhost
Also, in this host, I have a Tomcat running and working fine; I've created a mini web-app which files are inside "prueba" directory, I can access typing:
http://localhost:8080/prueba
(I know that Apache is running in 80 port and Tomcat in 8080)
What I want to do is that througt Apache an user can access to 'pruebas'(running on Tomcat), I mean:
http://localhost/prueba
I've readen a lot of this, and I think that there are 2 ways to do this, and I've decided enabling the proxy modules(proxy and proxy_ajp, with a2enmod), also I've readed I must edit this file: sites-available/default, this is the content:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName 127.0.0.1
DocumentRoot /var/www
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /static/ !
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
.
.
.
Alias /static/ "/apache/www/"
</VirtualHost>
But this hasn't work propperly :(
I have to say that I've tried whit many changes, ont this 2 lines, like:
ProxyPass /prueba ajp://localhost:8009/prueba
ProxyPassReverse /prueba ajp://localhost:8009/prueba
or
ProxyPass / ajp://localhost:8009/prueba
ProxyPassReverse / ajp://localhost:8009/prueba
(each time I edit the file, I restart apache)
But when I access to [http://localhost/prueba/], I have:
Service Temporarily Unavailable
Has anyone knows why?
Thanks in advance guys.
Pd: I'm working with apache 2.2.17 and tomcat6.
You have to put
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
on your apache virtual host
Then you have to uncomment ajp listener in tomcat
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
Then you have to configure host and context path in server.xml
REFF:
http://www.ntu.edu.sg/home/ehchua/programming/howto/ApachePlusTomcat_HowTo.html
Hope this will help you..
ProxyPassReverse defines the URL Apache httpd should rewrite the URLs to, which would redirect to the proxied (hidden) URL. Because of this, you should change your ProxyPassReverse line to something like this:
ProxyPassReverse / http://localhost/prueba/
See also: http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html#usage
Try this:
ProxyPass /prueba/ http://localhost:8009/prueba/
ProxyPassReverse /prueba/ http://localhost:8009/prueba/
and then hit the following URL from browser: http:// localhost/prueba/
note: it is mandatory to add "/prueba/"
Service not available might be coming due to SELinux ,try disabling SE Linux : setenforce 0
you may try adding:
ProxyPreserveHost On
From the documentation:
"When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.
This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server."
You stated: I can access typing:
http://localhost:8080/prueba
but the following does not work:
ProxyPass /prueba/ http://localhost:8009/prueba/
8080 != 8009
make sure your port numbers are the same
Port 8009 is Tomcat so use ajp instead of http
ProxyPass /prueba/ ajp://localhost:8009/prueba/
ProxyPassReverse /prueba/ ajp://localhost:8009/prueba/