Our server has been upgraded from Apache 2.2.32->2.4.20, and with that change, my mod_rewrites don't pass-through to Tomcat endpoints any longer.
Here is the Tomcat Load Balancer config:
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
<Proxy balancer://tomcatHttpCluster>
BalancerMember http://localhost:9946 loadfactor=100
</Proxy>
And the rewrite rule of interest:
RewriteCond %{REQUEST_METHOD} POST [NC]
RewriteRule ^/catalog/preferences$ /ac/rest/preferences [B,PT,L,QSA]
And also the Location config which applies to all /ac requests:
<Location /ac/>
ProxyPass balancer://tomcatHttpCluster/ac/ stickysession=JSESSIONID
...
</Location>
If I go directly to the /ac Tomcat endpoint, it works. The Apache log:
mod_rewrite.c(477): [client 10.20.3.63:50485] 10.20.3.63 - - [tesla/sid#caa5f8] [rid#f75c230/initial] pass through /ac/rest/preferences
mod_proxy_balancer.c(73): [client 10.20.3.63:50485] canonicalising URL //tomcatHttpCluster/ac/rest/preferences
mod_lbmethod_byrequests.c(95): AH01207: proxy: Entering byrequests for BALANCER (balancer://tomcathttpcluster)
mod_lbmethod_byrequests.c(142): AH01208: proxy: byrequests selected worker "http://localhost:9946" : busy 0 : lbstatus 0
mod_proxy_balancer.c(614): [client 10.20.3.63:50485] AH01172: balancer://tomcathttpcluster: worker (http://localhost:9946) rewritten to http://localhost:9946/ac/rest/preferences
proxy_util.c(1783): AH00924: worker http://localhost:9946 shared already initialized
proxy_util.c(1825): AH00926: worker http://localhost:9946 local already initialized
mod_proxy.c(1159): [client 10.20.3.63:50485] AH01143: Running scheme balancer handler (attempt 0)
mod_proxy_ajp.c(738): [client 10.20.3.63:50485] AH00894: declining URL http://localhost:9946/ac/rest/preferences
mod_proxy_http.c(1903): [client 10.20.3.63:50485] HTTP: serving URL http://localhost:9946/ac/rest/preferences
proxy_util.c(2158): AH00942: HTTP: has acquired connection for (localhost)
proxy_util.c(2212): [client 10.20.3.63:50485] AH00944: connecting http://localhost:9946/ac/rest/preferences to localhost:9946
proxy_util.c(2421): [client 10.20.3.63:50485] AH00947: connected /ac/rest/preferences to localhost:9946
mod_proxy_http.c(1374): [client 10.20.3.63:50485] Status from backend: 200
mod_proxy_http.c(1048): [client 10.20.3.63:50485] Headers received from backend:
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Server: Apache-Coyote/1.1
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Content-Type: application/json
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Content-Length: 218
mod_proxy_http.c(1051): [client 10.20.3.63:50485] Date: Fri, 28 Oct 2016 00:32:26 GMT
mod_proxy_http.c(1646): [client 10.20.3.63:50485] start body send
proxy_util.c(2173): AH00943: http: has released connection for (localhost)
mod_proxy_http.c(1791): [client 10.20.3.63:50485] end body send
mod_proxy_balancer.c(669): [client 10.20.3.63:50485] AH01176: proxy_balancer_post_request for (balancer://tomcathttpcluster)
BUT. If I try to use the rewrite URL - the rewrite happens...then nothing:
mod_rewrite.c(477): [client 10.20.3.63:50457] 10.20.3.63 - - tesla/sid#c6a5f8rid#dc2a110/initial RewriteCond: input='GET' pattern='GET' [NC] => matched
mod_rewrite.c(477): [client 10.20.3.63:50457] 10.20.3.63 - - tesla/sid#c6a5f8rid#dc2a110/initial rewrite '/catalog/preferences' -> '/ac/rest/preferences'
mod_rewrite.c(477): [client 10.20.3.63:50457] 10.20.3.63 - - tesla/sid#c6a5f8rid#dc2a110/initial forcing '/ac/rest/preferences' to get passed through to next API URI-to-filename handler
I'm no expert at Apache (until now!), but I did try changing the mod_rewrite flags to just [R] and that worked fine. I am not able to make that change on the server because that code is not under my control. I assumed the [PT] rewrite flag would send the rewritten url back through the mod_proxy_balancer and voila, but that doesn't appear to be happening.
Is there something obvious that changed from 2.2 to 2.4 that would cause this? Help! I've been stuck on this for days.
try to use P instead of PT in rewriterule. It works for me.
RewriteRule ^/catalog/preferences$ /ac/rest/preferences [B,P,L,QSA]
Related
I'm trying to setup my laravel application on different server centos 7 running httpd
my old configuration on other servers: i always setup document root to be in "laravelProjectDir/public"
however in this server i've tried the following:
here is my apache config file:
<IfModule mod_ssl.c>
<VirtualHost subdomain.domain.com:443>
ServerName subdomain.domain.com
ServerAdmin email#gmail.com
DocumentRoot /home/MyUser/public_html/subDomain/public2
<Directory /home/MyUser/public_html/subDomain/public2/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
LogLevel debug
ErrorLog /home/MyUser/log-subDomain.txt
CustomLog /home/MyUser/customlog-subDomain.txt combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/subdomain.domain.com/chain.pem
</VirtualHost>
</IfModule>
============================================================
Option 1
public2 which is Laravel root directory is the Apache RootDocument
accessing website from web browser with following link: https://subdomain.domain.com**/public** works good (all files in public are shown + routes work)
accessing website from web browser with following link: https://subdomain.domain.com/ routes works but all files inside public now doesn't show (ERROR 404)
==============================================================
Option 2
this is the option that always worked for me on my previous servers but not on this server.
public2/public <-- laravelRoot/public/ directory is the Apache RootDocument
/etc/httpd/sites-enabled < changed the following lines:
DocumentRoot /home/MyUser/public_html/subDomain/public2/public
<Directory /home/MyUser/public_html/subDomain/public2/public/>
result:
500 Internal Server Error
Apache Log:
[Sat Mar 06 11:32:42.550524 2021] [core:alert] [pid 6173] [client 109.161.x.x:8789] /home/myUser/public_html/subDomain/public2/.htaccess: Options not allowed here, referer: https://subdomain.domain.com/public/home
[Sat Mar 06 11:32:42.550695 2021] [ssl:debug] [pid 6173] ssl_engine_io.c(993): [client 109.161.x.x:8789] AH02001: Connection closed to child 1 with standard shutdown (server subdomain.domain.com:443)
[Sat Mar 06 11:32:44.626866 2021] [ssl:debug] [pid 6174] ssl_engine_kernel.c(225): [client 109.161.x.x:8790] AH02034: Initial (No.1) HTTPS request received for child 2 (server subdomain.domain.com:443)
[Sat Mar 06 11:32:44.627360 2021] [core:alert] [pid 6174] [client 109.161.x.x:8790] /home/myUser/public_html/subDomain/public2/.htaccess: Options not allowed here
[Sat Mar 06 11:32:44.627537 2021] [ssl:debug] [pid 6174] ssl_engine_io.c(993): [client 109.161.x.x:8790] AH02001: Connection closed to child 2 with standard shutdown (server subdomain.domain.com:443)
[Sat Mar 06 11:32:45.126934 2021] [ssl:debug] [pid 6176] ssl_engine_kernel.c(225): [client 109.161.x.x:8791] AH02034: Initial (No.1) HTTPS request received for child 4 (server subdomain.domain.com:443), referer: https://subdomain.domain.com/
[Sat Mar 06 11:32:45.127497 2021] [core:alert] [pid 6176] [client 109.161.x.x:8791] /home/myUser/public_html/subDomain/public2/.htaccess: Options not allowed here, referer: https://subdomain.domain.com/
[Sat Mar 06 11:32:45.127686 2021] [ssl:debug] [pid 6176] ssl_engine_io.c(993): [client 109.161.x.x:8791] AH02001: Connection closed to child 4 with standard shutdown (server subdomain.domain.com:443)
what is the issue here. why Apache cant allow options while I'm already setting it up with .htaccess and AllowOverride all ?
I have installed my Spring Boot application at an Ubuntu version 18 server.
I use apache2 and lets encrypt to secure the application with SSL.
The application works fine in 95%, sometimes I get a HTTP 503 error at the client (Browser debugging view)
If HTTP 503 appears at the Browser/Client an entry is also made at apache2 log file which looks like this:
[Thu Mar 26 00:10:52.731383 2020] [proxy_ajp:error] [pid 16266:tid 139926293157632] [client
xxxx.xxxx.3.59:60869] AH00893: dialog to 127.0.0.1:9090 (localhost) failed, referer:
https domain
[Thu Mar 26 00:10:57.802571 2020] [proxy_ajp:error] [pid 16266:tid 139926720988928]
(70014)End of file found: AH01030: ajp_ilink_receive() can't receive header
[Thu Mar 26 00:10:57.802597 2020] [proxy_ajp:error] [pid 16266:tid 139926720988928] [client
xxx.xxx.3.59:60875] AH00992: ajp_read_header: ajp_ilink_receive failed, referer:
https domain
[Thu Mar 26 00:10:57.802628 2020] [proxy_ajp:error] [pid 16266:tid 139926720988928]
(120006)APR does not understand this error code: [client xxx.xxx.3.59:60875] AH00878: read
response failed from 127.0.0.1:9090 (localhost), referer: https domain
I found this thread:
We did some more investigation and found that the Apache setting that enables packets > 8192
(ProxyIOBufferSize 65536) was not going into effect because it was wrapped in an <IfModule
... > condition. (The module is loaded but we are investigating why the condition isn't
satisfied.) Tomcat 8.5 worked because it never sent packets larger than 8192, even though it
was allowed to, Tomcat 9 is sending bigger packets as it is configured to. With
ProxyIOBufferSize outside of the conditional, it is now working as expected.
My question now would be if it is possible that the size of ProxyIOBufferSize is to small and how can I adjust ProxyIOBufferSize in apache2 config file.
You can change ProxyIOBufferSize Directive of Module mod_proxy ref : https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyiobuffersize
Edit proxy section of /etc/apache2/sites-enabled/000-default.conf :
<Proxy>
ProxyIOBufferSize 65536
</Proxy>
I have this problem with a magento 1.5 CE installation that creates random issues with error pages that should not appear:
The error is: This webpage has a redirect loop and is generated apparently in a random manner, so that is very difficult to trace and replicate.
Also a very strange behavior is that when I click the first product in a particular category it simply refreshes the page and is not going to that product page.
The website is hosted on a Ubuntu machine. I have recently increased the PHP memory limit to 512M with no effect.
The error log on the server does not trace this error however which is very strange.
The problem is that Google from time to time does log this error and is very bad on ranking and also on customer interaction as users cannot see the pages that are supposed to see.
Update #1:
Options in Configuration > Catalog > Catalog are as fallows:
product URL suffix - .html
category URL suffix - .html
use category path for product URL - y
create permanent redirect for old URL is URL key changed - y
This setting used to work for a long time, but now for some particular reason is no longer working.
Update #2 (solved this ... apparently does not relate to the redirect loop problem):
I have deleted the previous error log and now it appears to be logging some strange behavior:
[Mon Apr 28 12:46:42 2014] [error] [client 82.76.226.240] Directory index forbidden by Options directive: /var/www/vhosts/cissmarket.ro/public_html/skin/frontend/default/ciss/, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa.html
[Mon Apr 28 12:46:42 2014] [error] [client 82.76.226.240] File does not exist: /var/www/vhosts/cissmarket.ro/error_docs/forbidden.html, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa.html
[Mon Apr 28 12:46:45 2014] [error] [client 82.76.226.240] Directory index forbidden by Options directive: /var/www/vhosts/cissmarket.ro/public_html/skin/frontend/default/ciss/, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa/epson-expression-home-xp-215-cu-ciss.html
[Mon Apr 28 12:46:45 2014] [error] [client 82.76.226.240] File does not exist: /var/www/vhosts/cissmarket.ro/error_docs/forbidden.html, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa/epson-expression-home-xp-215-cu-ciss.html
[Mon Apr 28 12:46:48 2014] [error] [client 82.76.226.240] Directory index forbidden by Options directive: /var/www/vhosts/cissmarket.ro/public_html/skin/frontend/default/ciss/, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa.html
[Mon Apr 28 12:46:48 2014] [error] [client 82.76.226.240] File does not exist: /var/www/vhosts/cissmarket.ro/error_docs/forbidden.html, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa.html
[Mon Apr 28 12:46:50 2014] [error] [client 82.76.226.240] Directory index forbidden by Options directive: /var/www/vhosts/cissmarket.ro/public_html/skin/frontend/default/ciss/, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa.html
[Mon Apr 28 12:46:50 2014] [error] [client 82.76.226.240] File does not exist: /var/www/vhosts/cissmarket.ro/error_docs/forbidden.html, referer: http://www.cissmarket.ro/imprimanta-ciss/acasa.html
[Mon Apr 28 12:47:08 2014] [error] [client 178.138.97.255] Directory index forbidden by Options directive: /var/www/vhosts/cissmarket.ro/public_html/skin/frontend/default/ciss/, referer: http://www.cissmarket.ro/imprimanta-ciss/imprimante-sublimare.html
[Mon Apr 28 12:47:08 2014] [error] [client 178.138.97.255] File does not exist: /var/www/vhosts/cissmarket.ro/error_docs/forbidden.html, referer: http://www.cissmarket.ro/imprimanta-ciss/imprimante-sublimare.html
After hitting F5 one time pages with this error are loading normally. Could this be a server configuration error?
Update #3
Here is the mod_rewrite part of .htaccess - apprently it looks just fine.
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
RewriteBase /
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
GitLab can be started and shows as running. When running curl git.myserver.com, this fails with HTTP 503. No interesting entries in the unicorn.stderr.log or unicorn.stdout.log.
Versions:
GitLab 6.5.1
Apache 2.4.6
Ubuntu 13.10
sites-available/git.myserver.com:
<VirtualHost *:80>
ServerName git.myserver.com
DocumentRoot /home/git/gitlab/public
<Directory /home/git/gitlab/public>
AllowOverride All
Options -MultiViews
</Directory>
ProxyPass /uploads !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost on
</VirtualHost>
config/unicorn.rb:
worker_processes 2
listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 64
listen "127.0.0.1:8080", :tcp_nopush => true
timeout 900
config/gitlab.yml:
gitlab:
## Web server settings
host: git.myserver.com
port: 80
https: false
Apache access log file:
SOMEIPADDRESS - - [17/Feb/2014:20:25:20 +0000] "GET / HTTP/1.1" 503 566 "-" "curl/7.32.0"
Apache error log file:
[Mon Feb 17 20:25:08.919614 2014] [proxy_http:error] [pid 1321:tid 139972136904448] [client SOMEIPADDRESS:48578] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Feb 17 20:25:20.114281 2014] [proxy:error] [pid 2092:tid 140263968208640] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed
[Mon Feb 17 20:25:20.114353 2014] [proxy:error] [pid 2092:tid 140263968208640] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 60s
[Mon Feb 17 20:25:20.114364 2014] [proxy_http:error] [pid 2092:tid 140263968208640] [client SOMEIPADDRESS:48580] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
Solved. I had used Ruby 2.1.0 while the install guide tells to use Ruby 2.0.0. Closely re-installed and restored the backup, which now works perfectly.
I have a big problem with websockets and my reverse proxy configuration on Apache. When I access Tomcat directly, the application with websockets works perfectly. But as soon is I try it with Apache, the websockets are not working.
I use:
Tomcat 7.0.42 on Windows
Apache 2.4.6 on Windows
<VirtualHost _default_:80>
ServerName myserver
RewriteEngine on
RedirectMatch ^/$ /myserver/
RewriteRule ^/myserver$ /myserver/ [R]
RewriteRule ^/myserver/active$ /myserver/active/ [R]
ProxyRequests Off
ProxyPreserveHost On
ProxyVia On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
LogLevel debug
ProxyHTMLEnable On
ProxyHTMLBufSize 102400
ProxyHTMLExtended On
ProxyHTMLStripComments Off
ProxyHTMLDocType "<!DOCTYPE html>" XML
ProxyHTMLMeta On
DocumentRoot "${SRVROOT}/htdocs/"
<Location /myserver/active/ws/atmsphr/>
ProxyPass ws://localhost:8080/myapp/ws/atmsphr/
ProxyPassReverse ws://localhost:8080/myapp/ws/atmsphr/
</Location>
ProxyPass /myserver/active/ ajp://localhost:8009/myapp/
ProxyHTMLURLMap ajp://localhost:8009/myapp /myserver/active/
<Location /myserver/active/>
ProxyPassReverse ajp://localhost:8009/myapp/
SetOutputFilter proxy-html
ProxyHTMLURLMap /myapp/ /myserver/active/
ProxyPassReverseCookiePath /myapp/ /myserver/active/
</Location>
ProxyPass /myserver/ ajp://localhost:8009/mylogin/
ProxyHTMLURLMap ajp://localhost:8009/mylogin /myserver/
<Location /myserver/>
ProxyPassReverse ajp://localhost:8009/mylogin/
SetOutputFilter proxy-html
ProxyHTMLURLMap /mylogin/ /myserver/
ProxyPassReverseCookiePath /mylogin/ /myserver/
</Location>
</VirtualHost>
In the Apache logs I can see that the workers were initialized:
[Tue Oct 22 17:25:21.625342 2013] [proxy:debug] [pid 4116:tid 164] proxy_util.c(1693): AH00925: initializing worker ws://localhost:8080/myapp/ws/atmsphr/ shared
[Tue Oct 22 17:25:21.625342 2013] [proxy:debug] [pid 4116:tid 164] proxy_util.c(1733): AH00927: initializing worker ws://localhost:8080/myapp/ws/atmsphr/ local
I followed the Ordering ProxyPass Directives, but the first request is processed by mod_proxy_ajp and not by mod_proxy_wstunnel:
[Tue Oct 22 17:26:19.283043 2013] [proxy_http:debug] [pid 4116:tid 840] mod_proxy_http.c(1891): [client 192.168.5.68:49451] AH01113: HTTP: declining URL ajp://localhost:8009/myapp/websock/atmsphr?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.0.2-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json&X-atmo-protocol=true
[Tue Oct 22 17:26:19.283043 2013] [proxy_ajp:debug] [pid 4116:tid 840] mod_proxy_ajp.c(713): [client 192.168.5.68:49451] AH00895: serving URL ajp://localhost:8009/myapp/ws/atmsphr?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.0.2-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json&X-atmo-protocol=true
What is wrong in my configuration?
After a long research I found a workaround which fullfills my requirements. I've to run this webapplication via HTTPS and with port 443 it works perfectly. I can not explain why there is a problem with the default HTTP port 80, but if I access the webapp through port 443 there is no problem. In addition i tried port 8000 via HTTP und it also works.
Summary:
Port 80 / HTTP --> not working
Port 8000 / HTTP --> working
Port 443 / HTTPS --> working
In conclusion I have an virtual host config for port 80 with a permanent redirct to 443.
It has to do with the effective order of your ProxyPass directives. Have a look at the server-status page to see what it really is. When you embed them in Location blocks the effective order is changed from the order you wrote them in. See the mod_proxy_wstunnel documentation.