I am trying to use Apache as a reverse proxy to my Jetty server running cometd.
My setup is working like this:
Apache(HTTPS) --> Jetty(HTTP)
Here is the Apache conf file
<VirtualHost *:443>
ServerAdmin xxx#domain.com
ServerName y.domain.com
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/
ProxyPass /ws/ ws://localhost:8888/
ProxyPass /wss/ wss://localhost:8888/
ProxyRequests Off
ProxyVia On
Timeout 1500
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/localhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
SSLCertificateChainFile /etc/apache2/ssl/ca.crt
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
On the client I'm using cometd.js.
However I'm getting this error on the client during handshake
Error during WebSocket handshake: Unexpected response code: 400
The address is wss://y.domain.com
After that the client is trying again and site is up - but I'm afraid the handshake is with long polling...
What am I missing?
Ordering of ProxyPass directive matters
The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins.
http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
Related
I am trying to set a domain (example.com) that will redirect the HTTPS requests to HTTP localhost:8545
I have tried the following configuration on apache (first attempt to listen on port 8082)
<VirtualHost *:8082>
ServerName example.com
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The second attempt is the following on the proxy_conf-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
But none of these seems to be working properly. What I need to achieve is to be able to access the local ganache client which runs on 0.0.0.0:8545, from mobile Metamask which requires HTTPS to connect
After a few more tries, I fixed it by disabling the redirects from 8082 and the SSLProxyEngine on 443. So the configuration is as follows:
With SSL
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
# SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Without SSL
<VirtualHost *:8082>
ServerName example.com
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8545
ProxyPassReverse / http://127.0.0.1:8545
ErrorLog "/var/log/apache2/proxy-error.log"
CustomLog "/var/log/apache2/proxy-access.log" common
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =example.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I have done redirection in apache before but in a simple way what I do is that enable rewrite module in apache server and then add the two .conf file in /etc/apache2/sites-available mentioned below
The below file is for redirecting HTTP request received throw domain to a specific port.
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_NAME} =chat-dev.motivone.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The below file is for redirecting HTTPS request received throw domain to a specific port.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
SSLCertificateFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
this process just works fine when I run my server throws HTTP and change proxy to HTTP but when I run my server on https and then try to redirect it. its throw the error like
i am not sure what is wrong ay kind of help is appriciable thanks in advance
I am trying to deploy a web application which is deployed in port 80 and I am able to access the website from www.ajaykalkoti.space and http://ajaykalkoti.space .
If I try to access the https://ajaykalkoti.space It returns 403 Error.The Request could not be satisfied.What should be my entry in Route 53.I have attached a screenshot of the below entries.
I am not using Load Balancer as I guess it gets charged.
Please guide me.
Route 53 Table
A Record
Use this AWS guide:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html
And you should configure 443 port in /etc/httpd/conf.d/ssl.conf:
Listen 443
<VirtualHost *:443>
ServerName ajaykalkoti.space
ErrorLog /var/log/httpd/ssl.error.log
CustomLog /var/log/httpd/ssl.log combined
SSLEngine on
SSLCertificateFile PATH_TO_CERT.crt
SSLCertificateKeyFile PATH_TO_KEY.key
SSLCertificateChainFile PATH_TO_CHAIN.ca-bundle
SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLProxyProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLProxyCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
as example
And enable 443 port in instance security group
what to do to fix this?
Thank you!
sudo -u git bin/check
Check GitLab API access: FAILED. code: 404
A simple search - https://github.com/gitlabhq/gitlab-shell/issues/37 reveals that URL set in config.yml for gitlab-shell is incorrect and causes 404 error.
If you still get 404, review the vhost config. Next you can find an example from a Mac OS X apache machine:
<VirtualHost *:443>
ServerName domain.com
DocumentRoot "/Users/git/gitlab/public"
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
<IfModule mod_ssl.c>
SSLEngine On
SSLProxyEngine On
SSLCertificateFile "/etc/certificates/domain.com.cert.pem"
SSLCertificateKeyFile "/etc/certificates/domain.com.key.pem"
SSLCertificateChainFile "/etc/certificates/domain.com.chain.pem"
</IfModule>
ProxyPass /uploads !
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
<Location />
ProxyPassReverse /
Order deny,allow
Allow from all
</Location>
</VirtualHost>
Cheers,
Make sure in /home/git/gitlab-shell/config.yml gitlab_url: "hostname.example.com" is set to the correct FQDN of the gitlab server. Sometimes it helps if you add the hostname information in /etc/hosts too.
Most of the time when I see this error it's due to a DNS problem.
I was having the same issue and it in the end it ended up being an issue with my virtualhosts setup in apache.
<VirtualHost 172.16.0.21:80>
ServerName test.com
DocumentRoot /usr/local/liferay/tomcat7/webapps
ErrorLog logs/error_log
CustomLog logs/default-access_log common
ProxyRequests Off
ProxyPass /owa !
ProxyPass / ajp://127.0.0.1:8009/
SSLCertificateFile /etc/pki/tls/certs/star_weconnor.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/weconnor.com.key
SSLCACertificateFile /etc/pki/CA/certs/EntrustSecureServerCA.crt
Now I want to add a open webanalytics in /var/www/html/owa. So it will be : http://test.com/owa but when I access this site it looks like its being forwarded to Tomcat http 404 not found) .how to make this working