How to configure a Pyramid application behind Apache HTTPS Proxy - https

I have a Pyramid application running on an internal server using mod_wsgi-express. The address internally is http://172.31.15.111:6543/myapp/
I want to make it available externally using Proxy and SSL. So I have the following Apache configuration:
<VirtualHost *:443>
ServerName myapp.org
ProxyRequests Off
ProxyPreserveHost On
# proxy pass /myapp to the internal:6543/myapp
ProxyPass /myapp http://172.31.15.111:6543/myapp/
ProxyPassReverse /myapp http://172.31.15.111:6543/myapp/
<Proxy *>
allow from all
</Proxy>
ProxyTimeout 1200
</VirtualHost>
The problem that I have is that when I use "request.route_url()" or "request.host_url" it resolves to HTTP and not to HTTPS.
I am using Waitress with the following configuration:
[server:main]
use = egg:waitress#main
listen = localhost:6543
I tried also:
[server:main]
use = egg:waitress#main
#listen = localhost:6543
host = 172.31.15.111
port = 6543
url_scheme = https
I also tried having request headers in apache:
RequestHeader set X-Forwarded-Port 443
RequestHeader set X-Forwarded-Scheme https
But I get the same result. Any idea how to resolve it is highly appreciated.

Related

SpringDoc/Swagger behind an apache proxy

I have a working Swagger at a URL like http://myserver.myhost.net:8080/swagger-ui/index.html and I have set this configuration on Apache side to map it to the port 80:
<Location /myservice>
ProxyPass http://localhost:8080
ProxyPassReverse http://localhost:8080
Order allow,deny
Allow from all
</Location>
Now when I go to http://myserver.myhost.net/myservice/swagger-ui/index.html I get the default Swagger Petstore.
Can I fix that by changing some properties?

modify HTTP_CF_CONNECTING_IP showing proxy IP instead true IP

I setup ProxyPass & ProxyPassReverse. But the website I need to access still detect my real IP (my ISP IP) instead my proxy server IP. What I notice is HTTP_CF_CONNECTING_IP showing my real IP. Is there a way to modify so that it detect my proxy server IP.
I unset the X-Forwarded-For and able to change the IP except HTTP_CF_CONNECTING_IP
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLProxyVerify none
SSLProxyCheckPeerName off
ProxyRequests On
ProxyAddHeaders Off
ProxyPass / https://otherwebsite.com/
ProxyPassReverse / https://otherwebsite.com/
ProxyPassReverseCookiePath / /
ProxyPassReverseCookieDomain .otherwebsite.com .myproxy.com
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s/otherwebsite.com/myproxy.com/ni"
RequestHeader unset Accept-Encoding
RequestHeader unset X-Forwarded-For

Spring Redirect Command Redirects to Localhost under Load Balancer

I have a Java web app built with Spring MVC running on Tomcat proxied with Apache Httpd running on an EC2 instance at AWS and configured a load balancer with SSL.
The request
https://some_domain/first_uri
first goes to load-balancer, load-balancer redirects the connection to Apache as (https to http because SSL is configured for the load-balancer)
http://some_domain/first_uri
Apache redirects to the localhost (Tomcat).
When the controller for "/first_uri" makes a redirect like
redirect:https://sub.some_domain/some_uri
I see the result at browser as
https://localhost/first_uri
I just couldn't figure out what I must configure here, configure the Spring? configure the Apache HTTPD or the Load Balancer?
If someone faced the same issue please help.
Not: Also using Spring Security.
Not2: I just tried without SSL (using http) and the same thing happens, I think this is not related to the https usage.
Update: This problem may occur only where I try to redirect to a subdomain
The following worked for me:
In tomcat server.xml:
(mostly at /opt/tomcat/conf/server.xml)
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyName="localhost"
proxyPort="443"
scheme="https"/>
Here proxyName is "localhost".
Change proxyName to your required domain.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyName="mydomain.com"
proxyPort="443"
scheme="https"/>
Refer: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Proxy_Support
Solution: ProxyPreserveHost must be turned off!
Reason: If it is switched on, the response headers returned by the proxy backend will contain “localhost” or the real domain without the port number (or 80). So the ProxyPassReverse pattern does not match (because of the different port and if another domain name is used, also the domain name will not match).
Config:
<VirtualHost localhost:80>
ProxyPreserveHost Off
ProxyPass / http://localhost:8080/WebApp/
ProxyPassReverse / http://localhost:8080/WebApp/
</VirtualHost>
But this works only via http, not via ajp (I don’t know why).
If you still want to use ajp you could use the following workaround - Let Apache do another redirect after the wrong redirect:
<VirtualHost localhost:80>
ProxyPass /WebApp !
ProxyPass / ajp://localhost:8009/WebApp/
ProxyPassReverse / ajp://localhost:8009/WebApp/
RedirectMatch 301 ^/WebApp/(.*)$ /$1
RedirectMatch 301 ^/WebApp$ /
</VirtualHost>
The ProxyPass /WebApp ! directive is needed to exclude the path from further processing in mod_proxy (because proxy directives are evaluated before redirect directives)
Then the RedirectMatch directives redirect everything stating with /WebApp/... respectively /WebApp to the URL without /WebApp at the beginning.
The only drawback is that you must not have any sub folder named WebApp in your web application
After viewing this answer, I set the below setting on my httpd.conf (at the end of the document):
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
And after that configuration, spring started to redirect to the proper domain again :) I hope this will help to many like me, thanks to all!

Jboss EAS + Apache mod_proxy don't load image

I created a web application that runs on a ubuntu server with JBoss EAS 6.2 and Apache2 with mod_proxy enabled, but when I open the page in the browser, the images do not load.
This is my Apache configs:
<VirtualHost *:*>
ProxyRequests On
ProxyPreserveHost On
ProxyPass / http://pegabuzz.com:8080
ProxyPassReverse / http://pegabuzz.com:8080
ServerName pegabuzz.com
<Location />
Order deny,allow
Allow from All
</Location>
</VirtualHost>
What can I do?
EDIT 2:
In the browser console, I get this:
Failed to load resource: the server responded with a status of 502
(Proxy Error)
The path is:
http://pegabuzz.com/images/pegabuzz_site.jpg
The site URL:
pegabuzz.com
It looks that you have missed the trailing bar after the server port on your ProxyPass and ProxyPassReserves directives.
Try using:
ProxyPass / http://pegabuzz.com:8080/
ProxyPassReverse / http://pegabuzz.com:8080/
Because your server return an error during the DNS query:
Reason: DNS lookup failure for: pegabuzz.com:8080images
Please see what URL it creates for images with help of Firebug plugin in Firefox.
Thing which you need to focus would be missing slashes or path in the URL.

Apache & Tomcat: ProxyPass and ProxyPassReverse

I'am having troubles configuring Apache and Tomcat, this is the scenario:
I have an Apache Web Server, running and working normally, I can access to this one just typing:
http://localhost
Also, in this host, I have a Tomcat running and working fine; I've created a mini web-app which files are inside "prueba" directory, I can access typing:
http://localhost:8080/prueba
(I know that Apache is running in 80 port and Tomcat in 8080)
What I want to do is that througt Apache an user can access to 'pruebas'(running on Tomcat), I mean:
http://localhost/prueba
I've readen a lot of this, and I think that there are 2 ways to do this, and I've decided enabling the proxy modules(proxy and proxy_ajp, with a2enmod), also I've readed I must edit this file: sites-available/default, this is the content:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName 127.0.0.1
DocumentRoot /var/www
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /static/ !
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
.
.
.
Alias /static/ "/apache/www/"
</VirtualHost>
But this hasn't work propperly :(
I have to say that I've tried whit many changes, ont this 2 lines, like:
ProxyPass /prueba ajp://localhost:8009/prueba
ProxyPassReverse /prueba ajp://localhost:8009/prueba
or
ProxyPass / ajp://localhost:8009/prueba
ProxyPassReverse / ajp://localhost:8009/prueba
(each time I edit the file, I restart apache)
But when I access to [http://localhost/prueba/], I have:
Service Temporarily Unavailable
Has anyone knows why?
Thanks in advance guys.
Pd: I'm working with apache 2.2.17 and tomcat6.
You have to put
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
on your apache virtual host
Then you have to uncomment ajp listener in tomcat
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
Then you have to configure host and context path in server.xml
REFF:
http://www.ntu.edu.sg/home/ehchua/programming/howto/ApachePlusTomcat_HowTo.html
Hope this will help you..
ProxyPassReverse defines the URL Apache httpd should rewrite the URLs to, which would redirect to the proxied (hidden) URL. Because of this, you should change your ProxyPassReverse line to something like this:
ProxyPassReverse / http://localhost/prueba/
See also: http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html#usage
Try this:
ProxyPass /prueba/ http://localhost:8009/prueba/
ProxyPassReverse /prueba/ http://localhost:8009/prueba/
and then hit the following URL from browser: http:// localhost/prueba/
note: it is mandatory to add "/prueba/"
Service not available might be coming due to SELinux ,try disabling SE Linux : setenforce 0
you may try adding:
ProxyPreserveHost On
From the documentation:
"When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.
This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server."
You stated: I can access typing:
http://localhost:8080/prueba
but the following does not work:
ProxyPass /prueba/ http://localhost:8009/prueba/
8080 != 8009
make sure your port numbers are the same
Port 8009 is Tomcat so use ajp instead of http
ProxyPass /prueba/ ajp://localhost:8009/prueba/
ProxyPassReverse /prueba/ ajp://localhost:8009/prueba/

Resources