I am using AWS Elasticbeanstalk for my Spring MVC web application. I want to redirect all the request to https. I tried following this How to force https on elastic beanstalk? but this didn't work for me. This code redirects to https but my app didn't work. It shows "This page isn’t working". Code for your reference
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<Proxy *>
Order Allow,Deny
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
Assuming you've already tested HTTPS working fine when your website is visited with HTTPS already. If not you can add this file .ebextensions/loadbalancer-terminatehttps.config with content as below:
option_settings:
aws:elb:listener:443:
ListenerProtocol: HTTPS
SSLCertificateId: arn:aws:acm:us-west-2:<your-account-id>:certificate/<certificate-arn-on-aws-acm>
InstancePort: 80
InstanceProtocol: HTTP
All what's left is to configure the instances Apache config to redirect the clients visiting your website with HTTP to HTTPS, add the code below to a new file .ebextensions/001_ssl_rewrite.config
Apache 2.4+
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
RewriteEngine On
<If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</If>
Apache 2.2.X
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
You can check which Apache is installed on your Elastic Beanstalk from here
For more, please read both of those answers: https://stackoverflow.com/a/38751749/1772245 and https://stackoverflow.com/a/40670047/1772245
Related
I have an Apache2.4 config, which works well with HTTPS request.
Now, I'm trying to redirect wss(WebSocket) request to another server, where it running(On same server but on port 8000).
<VirtualHost *:8080>
ServerAdmin YYYY.YYYY#XXXXX.com
SSLEngine on
SSLCertificateFile "D:/cert/certificate.cert"
SSLCertificateKeyFile "D:/cert/privatekey.key"
# This is how I tried to redirect.
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) wss://127.0.0.1:8000/$1 [P,L]
My WebSocket URL:
wss://127.0.0.1:8000/ws/home
The above config is not working. Please help!
Where I hit browser https://127.0.0.1:8080/ Page is loading for a long time without any response on the screen.
Edit-1:
I solved by using <Location 'path'>. Can anyone help me to handle all WebSocket URLs?
I have solved this by using the below code.
<VirtualHost *:8080>
ServerAdmin YYYY.YYYY#XXXXX.com
SSLEngine on
SSLCertificateFile "D:/cert/certificate.cert"
SSLCertificateKeyFile "D:/cert/privatekey.key"
<Location "/ws/home">
ProxyPass "wss://127.0.0.1:8000/ws/home"
</Location>
But this won't work will all WebSocket URLs.
I am setting up a reverse proxy with apache for a program that uses kestrel.
I attempted in httpd.conf:
<Location /asf>
ProxyPass http://localhost:1242/
ProxyPassReverse http://localhost:1242/
RewriteEngine On
RewriteRule ^asf/$ http://localhost:1242/$1 [R=301,L]
</Location>
and in .htaccess, placed in htdocs (root of site):
RewriteEngine On
RewriteRule ^asf/$ http://localhost:1242/$1 [R=301,L]
however neither of them has worked.
<Location /asf>
ProxyPass http://localhost:1242/
ProxyPassReverse http://localhost:1242/
</Location>
by itself in httpd.conf works without problems, but however api requests do not make it to the desired location.
I expect requests sent to example.com/asf/api/X to go to localhost:1242/api/X.
In addition to this, /api/NLog is a websocket, if that matters.
I've installed Oracle Apex and trying to deploy multiple applications with a apache reverse proxy but I cannot get apache to limit a virtual host to one application id.
The virtual host
<VirtualHost *:80>
ServerName www.example.com
ServerAlias test.example.com
ServerAlias example.com
ProxyPass / http://127.0.0.1:8080/ords/
ProxyPassReverse / http://127.0.0.1:8080/ords/
RewriteCond %{QUERY_STRING} !^p=101$
RewriteRule ^/$ f?p=101 [L,P]
<Location /i>
ProxyPass http://127.0.0.1:8080/i
ProxyPassReverse http://127.0.0.1:8080/i
</Location>
</VirtualHost>
What im trying to do is if the variable p is not 101 I want the proxy to redirect the user /f?p=101 so only the application that I want on that virtual host is accessible and not the other application but I wont work.
If I do /f?p=102 it will show the other application and not redirect me to application 101 again.
Does anyone know how to fix this?
I found the solution:
RewriteCond %{QUERY_STRING} ^f?p=100 [OR]
RewriteCond %{QUERY_STRING} ^f?p=4550 [OR]
RewriteCond %{QUERY_STRING} ^f?p=4000
RewriteRule ^/(.*) https://%{HTTP_HOST}/f?p=101:1 [R]
So what I am doing is checking if we get the application ID I need to filter out.
After that I just redirect the page to the original page for the application.
I'm using Tomcat on port 8080 behind Apache 2.4 on port 443. I've setup the usual reverse proxy configuration on Apache virtual host which is working okay. This is my setup:
<VirtualHost *:443>
ServerName www.example.com
ServerAlias www.example.com
ServerAdmin admin#example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://example.com:8080/
ProxyPassReverse / http:example.com:8080/
<Location />
Order allow,deny
Allow from all
</Location>
SSLEngine on
SSLCertificateFile /etc/ssl/example.com.crt
SSLCertificateKeyFile /etc/ssl/example.com.key
SSLCertificateChainFile /etc/ssl/CA.crt
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]
LogLevel alert rewrite:trace6
RewriteRule ^post$ post.xhtml [NC]
</VirtualHost>
I want to use mod_rewrite on Apache, however, this seems not to be working. I realized that when doing rewrite on .htaccess (which is not applicable in my case), the rewrite rules work okay. However, when I try the same rule from the virtual host, it is not working. For example, using the rule below:
RewriteEngine on
LogLevel alert rewrite:trace6
RewriteRule ^test$ test.php [QSA]
I get the 404 error with the following from the error logs:
[Tue Aug 14 12:12:40.135059 2018] [rewrite:trace2] [pid 11554] mod_rewrite.c(482): [client 127.0.0.1:53326] 127.0.0.1 - - [localhost/sid#7efc776e9518][rid#7efc776710a0/initial] init rewrite engine with requested uri /test
[Tue Aug 14 12:12:40.135108 2018] [rewrite:trace3] [pid 11554] mod_rewrite.c(482): [client 127.0.0.1:53326] 127.0.0.1 - - [localhost/sid#7efc776e9518][rid#7efc776710a0/initial] applying pattern '^test$' to uri '/test'
[Tue Aug 14 12:12:40.135121 2018] [rewrite:trace1] [pid 11554] mod_rewrite.c(482): [client 127.0.0.1:53326] 127.0.0.1 - - [localhost/sid#7efc776e9518][rid#7efc776710a0/initial] pass through /test
What could be missing? I wish it were possible to do rewrite rule on .htaccess
Here is the solution; first of all, .htaccess does not apply. According to the documentation, server config and virtual host are the context for mod_proxy that apply (.htaccess in our case doesn't make sense anyway).
The solution is to use a rewrite rule with the flag P, which causes the request to be handled by mod_proxy, and handled via a proxy request. See more here.
The virtual host should be modified as follows:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\.(?:css|js|jpe?g|gif|png)$ [NC]
RewriteRule ^/post/(.*)$ post.xhtml\?id=$1 [P]
ProxyPass / http://example.com:8080/
ProxyPassReverse / http:example.com:8080/
What I am trying to achieve is the following:
I want to have numerous subdomains such as abc.domain.com redirect to a url such as www.domain.com/something?subdomain=abc
Since I am redirecting to a fully qualified domain, I needed to use a reverse proxy to avoid the change of the URL in the browser. (using the [P] Flag and turning on the mod_proxy module and some other modules)
This is my DNS setup
*.domain.com. 14400 A 111.111.11.1
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:80>
ServerName www.domain.com
ServerAlias *.lionite.com
DocumentRoot /var/www/html
ErrorLog /var/www/logs
UseCanonicalName off
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTP_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTP_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) http://www.domain.com/something?subdomain=$1 [P,L]
This setup is working fine (Let me know if you think you can improve it of course).
My main problem is when I am trying to setup https://
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:443>
ServerName www.domain.com:443
ServerAlias *.domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf.d/cert/server.crt
SSLCertificateKeyFile /etc/httpd/conf.d/cert/server.key
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTPS_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTPS_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) https://www.domain.com/something?subdomain=$1 [P,L]
</VirtualHost>
Whenever I call https://abc.domain.com - the response I am getting is the homepage but no matter what I am appending to the end of the subdomain, I will get the same response. It's like the rewrite isn't responding well.
Any help would be appreciated, or if you could share how you'd setup reverse proxy, rewrite, wildcard subdomain and SSL all together
Thanks,
I have had this same problem as well. The only way I solved it was to put different domains that need secure connection on different Listen ports because I was limited with IP addresses.
From my understanding, the problem is that in the https protocol the HOST is not included in the request. So when the request reaches the server, apache just uses the first match on the IP and port the connection was received on because it does not know the domain it was requested from.
The only work around for this is to have a different IP for each domain, or a different port.
Unfortunately you are out of luck using https with a wildcard domain setup, I don't believe there is anyway to get it to work.