I have a SSO url -
http://<server>/<junction>/<application_context>/ssoLogin.do
e.g. http://pingu.intranet.com/tms/mint/ssoLogin.do
Once user hits this url. SSO junction appends headers and redirects to Apache webserver. My goal is to remove the SSO junction name once the request reaches Apache(where I am using ProxyPass and AJP to connect to Tomcat App).
Issue is mod_rewrite is picking the URI - /mint/ssoLogin.do. so I can not remove the junction name /tms. e.g. rewrite.log says
init rewrite engine with requested uri /mint/js/jquery/jquery.min.js
My conf file looks like
ProxyPreserveHost On
# define the balancer, with http and/ or ajp connections
<Proxy balancer://application_cl>
BalancerMember ajp://pingu01.intranet.com:8009 route=node1 disablereuse=on retry=0
BalancerMember ajp://pingu02.intranet.com:8009 route=node2 disablereuse=on retry=0
</Proxy>
# Vendor Product ProxyPass Settings
ProxyPass /mint balancer://application_cl/mint stickysession=JSESSIONID|jsessionid nofailover=On
ProxyPassReverse /mint balancer://application_cl/mint
# Custom settings to remove junction name for proper javascript loading
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/tms/
RewriteRule ^/tms/(.*) /$1
</IfModule>
# RequestHeader settings(as per Product documentation)
SetEnvIf X-Forwarded-Proto .+ HAVE_X_FORWARDED_PROTO
RequestHeader set X-Forwarded-Proto "http" env=!HAVE_X_FORWARDED_PROTO
Related
I am setting up a reverse proxy with apache for a program that uses kestrel.
I attempted in httpd.conf:
<Location /asf>
ProxyPass http://localhost:1242/
ProxyPassReverse http://localhost:1242/
RewriteEngine On
RewriteRule ^asf/$ http://localhost:1242/$1 [R=301,L]
</Location>
and in .htaccess, placed in htdocs (root of site):
RewriteEngine On
RewriteRule ^asf/$ http://localhost:1242/$1 [R=301,L]
however neither of them has worked.
<Location /asf>
ProxyPass http://localhost:1242/
ProxyPassReverse http://localhost:1242/
</Location>
by itself in httpd.conf works without problems, but however api requests do not make it to the desired location.
I expect requests sent to example.com/asf/api/X to go to localhost:1242/api/X.
In addition to this, /api/NLog is a websocket, if that matters.
I am using Crafter CMS with multi-tenancy. I am trying to setup Apache2.4 on RHEL7 to be a reverse proxy. http://site.example.com -> ajp://localhost:9009/?crafterSite=site
Here is my Apache2 virtual host configuration. I have ensured that mod_proxy and mod_rewrite are loaded. I can reach Crafter Delivery through the proxy but the rewrite isnt working as Crafter doesnt know what site I am trying to load. Does anyone have any suggestions on how to get this working.
<VirtualHost *:80>
ServerName site.example.com
LogLevel alert rewrite:trace3
RewriteEngine On
RewriteRule ^$ /?crafterSite=site [QSA,L]
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / ajp://localhost:9009/
ProxyPassReverse / ajp://localhost:9009/
</VirtualHost>
Try changing the rewrite rule to be:
RewriteRule (.*) $1?crafterSite=site [QSA,PT]
Where site is your site ID.
The differences are:
It rewrites anything coming in regardless of URL and preserves it (see the (.*) and $1)
It's a passthrough PT (not a redirect). This means it augments the request with the param and lets it straight through to Crafter Engine.
I am using AWS Elasticbeanstalk for my Spring MVC web application. I want to redirect all the request to https. I tried following this How to force https on elastic beanstalk? but this didn't work for me. This code redirects to https but my app didn't work. It shows "This page isn’t working". Code for your reference
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<Proxy *>
Order Allow,Deny
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
Assuming you've already tested HTTPS working fine when your website is visited with HTTPS already. If not you can add this file .ebextensions/loadbalancer-terminatehttps.config with content as below:
option_settings:
aws:elb:listener:443:
ListenerProtocol: HTTPS
SSLCertificateId: arn:aws:acm:us-west-2:<your-account-id>:certificate/<certificate-arn-on-aws-acm>
InstancePort: 80
InstanceProtocol: HTTP
All what's left is to configure the instances Apache config to redirect the clients visiting your website with HTTP to HTTPS, add the code below to a new file .ebextensions/001_ssl_rewrite.config
Apache 2.4+
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
RewriteEngine On
<If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</If>
Apache 2.2.X
files:
"/etc/httpd/conf.d/ssl_rewrite.conf":
mode: "000644"
owner: root
group: root
content: |
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
You can check which Apache is installed on your Elastic Beanstalk from here
For more, please read both of those answers: https://stackoverflow.com/a/38751749/1772245 and https://stackoverflow.com/a/40670047/1772245
I am trying to reverse proxy just the homepage on a website - trying to use the rules below. Basically I have an alternate page that I want the content to be server from but I still want the original URL for the site to display with the content from the reverse proxy. Both pages are in the same domain - the only difference is one is www.domain.com while the other page is www2.domain.com
RewriteCond %{HTTP_HOST} ^www\.domain\.com$ [NC]
ProxyPass http://www.domain.com http://www2.domain.com/
ProxyPassReverse http://www.domain.com http://www2.domain.com/
When I put in rules above it does not work - can somebody show where Im going wrong please ?
The first argument for ProxyPass and ProxyPassReverse is a path, the correct syntax for your directives would be
ProxyPass / http://www2.domain.com/
ProxyPassReverse / http://www2.domain.com/
But that would proxy all your requests. Try
#disable forward requests
ProxyRequests Off
#allow proxy requests
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#reverse proxy
RewriteEngine On
RewriteRule ^/?$ http://www2.domain.com/ [P,QSA,L]
If the proxying fails, you server error.log may tell you what happens. Or add a log for the mod_rewrite, it will tell you why it doesn't capture the request
RewriteLogLevel 5
RewriteLog /path/to/a/file
What I am trying to achieve is the following:
I want to have numerous subdomains such as abc.domain.com redirect to a url such as www.domain.com/something?subdomain=abc
Since I am redirecting to a fully qualified domain, I needed to use a reverse proxy to avoid the change of the URL in the browser. (using the [P] Flag and turning on the mod_proxy module and some other modules)
This is my DNS setup
*.domain.com. 14400 A 111.111.11.1
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:80>
ServerName www.domain.com
ServerAlias *.lionite.com
DocumentRoot /var/www/html
ErrorLog /var/www/logs
UseCanonicalName off
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTP_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTP_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) http://www.domain.com/something?subdomain=$1 [P,L]
This setup is working fine (Let me know if you think you can improve it of course).
My main problem is when I am trying to setup https://
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:443>
ServerName www.domain.com:443
ServerAlias *.domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf.d/cert/server.crt
SSLCertificateKeyFile /etc/httpd/conf.d/cert/server.key
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTPS_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTPS_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) https://www.domain.com/something?subdomain=$1 [P,L]
</VirtualHost>
Whenever I call https://abc.domain.com - the response I am getting is the homepage but no matter what I am appending to the end of the subdomain, I will get the same response. It's like the rewrite isn't responding well.
Any help would be appreciated, or if you could share how you'd setup reverse proxy, rewrite, wildcard subdomain and SSL all together
Thanks,
I have had this same problem as well. The only way I solved it was to put different domains that need secure connection on different Listen ports because I was limited with IP addresses.
From my understanding, the problem is that in the https protocol the HOST is not included in the request. So when the request reaches the server, apache just uses the first match on the IP and port the connection was received on because it does not know the domain it was requested from.
The only work around for this is to have a different IP for each domain, or a different port.
Unfortunately you are out of luck using https with a wildcard domain setup, I don't believe there is anyway to get it to work.