Apache HTTPS Reverse Proxy URL Redirection - redirect

I've a node application running on 3001 port. For HTTP to HTTPS, I've configured apache virtual host with reverse proxy and it is working fine. Now I need to redirect
http://nodeapp.mydomain.com to https://nodeapp.mydomain.com and http://nodeapp.mydomain.com:3001 to https://nodeapp.mydomain.com and http://100.100.100.100:3001 to https://nodeapp.mydomain.com
Can anyone please help me how to achieve it using virtual host configuration instead of writing a .htaccess file?
<VirtualHost *:443>
ServerAdmin admin#mydomain.com
ServerName nodeapp.mydomain.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://100.100.100.100:3001/
ProxyPassReverse / http://100.100.100.100:3001/
ErrorLog "/var/log/httpd/mydomain.com-error_log"
CustomLog "/var/log/httpd/mydomain.com-access_log" common
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nodeapp_mydomain_com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/nodeapp_mydomain_com.key
</VirtualHost>

To redirect http://nodeapp.mydomain.com to https://nodeapp.mydomain.com, add these lines to the virtual host configuration:
<VirtualHost *:80>
ServerName nodeapp.mydomain.com
Redirect Permanent / https://nodeapp.mydomain.com/
RewriteEngine on
RewriteCond %{SERVER_NAME} =nodeapp.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
You can copy paste the same code to the conf file, and modify the corresponding domains/subdomains there.

Related

Getting Error 400 Bad Request Error when trying to load non-www website

I'm using Apache2. My server's website (Linode) loads normally only if I include the www.[name].com link. If I use [name].com without the www, I actually receive a page, but it reads the 400 Bad Request Error. Here is my etc/apache2/sites-available files:
website.conf
<VirtualHost *:80>
ServerName website.com
ServerAlias www.website.com
Redirect 301 / https://www.website.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =website.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Here is my website-le-ssl.conf file (for HTTPS/SSL):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.website.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/name/website/static
<Directory /home/name/website/static>
Require all granted
</Directory>
Alias /media /home/name/website/media
<Directory /home/name/website/media>
Require all granted
</Directory>
<Directory /home/name/website/website>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/name/website/website/wsgi.py
WSGIDaemonProcess django_app python-path=/home/name/website/ python-home=/home/name/website/venv
WSGIProcessGroup django_app
SSLCertificateFile /etc/letsencrypt/live/name.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/name.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
In addition, I do not use .htaccess file, I do not use any other redirect file, and I have already enabled the a2enmod rewrite module. This site sometimes works without the non-www, but there are brief periods of time where it doesn't work and I'm confused as to why it acts this way. Is there a way to get Apache2 to redirect from non-www addresses to www addresses, and how do I make the redirect work ALL the time. Thank you!
Things tried:
I've tried using the RewriteEngine and mod_rewrite on the .htaccess file and I've tried completely restoring everything to default and reconfiguring it all from scratch and tutorials.

Reset project directory of apache web server virtual host having let's encrypt ssl certificate installed

I have a website www.example.com that is hosted on apache2 web server in /var/www/example.com directory and the virtual host config file is
<VirtualHost *:80>
ServerAdmin admin#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public
<Directory /var/www/example.com/public/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml >
</IfModule>
</VirtualHost>
I have installed let's encrypt certificate for this domain.
Now I have to change configuration settings and the config file should be like this:
<VirtualHost *:80>
ServerAdmin admin#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/dist //here is the change
<Directory /var/www/example.com/dist/> //here is the change
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_dir.c>
DirectoryIndex index.php index.pl index.cgi index.html index.xhtml >
</IfModule>
</VirtualHost>
I have edited the config file and ran command certbot --apache -d example.com -d www.example.com.
Chose reinstall and renew both options and the installation was successful in both cases. But when I go to example.com then it shows 404 error.
How can I solve my problem?
HTTPS uses port 443, not port 80. Port 443 is closed. You need to add a new virtual host to handle HTTPS request
<VirtualHost *:443>
ServerName example.com
#ServerAlias www.example.com
ServerAdmin admin#gmail.com
DocumentRoot /var/www/example.com/dist
LogLevel debug ssl:info
SSLEngine on
SSLCertificateFile /path/to/yout/cert
SSLCertificateKeyFile //path/to/yout/key
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
If you check ports.conf under /etc/apache2, you will see this:
<IfModule ssl_module>
Listen 443
</IfModule>
Apache2 will open port 443 when the SSL module is enabled. So remember to run:
sudo a2dismod ssl
sudo systemctl restart apache2

Apache Reverse Proxy produces too many redirects

I have configured apache to redirect HTTPS reqests to the local running application server PUMA. PUMA is part of the Ruby on Rails framework.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
Puma Server is listening on http://localhost:3000/
When I access this apache web site from a browser I get: Too many redirections.
And idea?
I had the same issue. Try to add after your Proxy:
RequestHeader set X-Forwarded-Proto https to your ...ssl.conf which is in sites-available folder.
I had same issue, I was trying to setup a SSL termination reverse proxy with apache. I followed this article.
Using 0.0.0.0 instead of localhost worked for me.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName exemple.com
SSLCertificateFile /path/fullchain.pem
SSLCertificateKeyFile /path/privkey.pem
ProxyPass / http://0.0.0.0:80/
ProxyPassReverse / http://0.0.0.0:80/
</VirtualHost>
</IfModule>

Apache OpenMeetings 4.0.4 CSRF attack when using apache2 as proxypass

I've got Apache OpenMeetings 4.0.4 witch Apache/2.2.22 as proxy.
In OM's conf/red5.properties I've got
http.port=8080
I want to do two things:
Redirect HTTP (80) -> HTTPS (443)
Redirect HTTP (8080) to HTTPS (443)
My /etc/apache2/sites-avilable/default conf is:
<VirtualHost *:80>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:8080>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
My /etc/apache2/sites-avilable/default-ssl conf is:
<VirtualHost *:443>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine On
SSLCerificateFile /etc/apache2/certs/collaboration.crt
SSLCerificateKeyFile /etc/apache2/certs/collaboration.key
SSLCerificateChainFile /etc/apache2/certs/chain.pem
</VirtualHost>
When I type http://domain.test-test.eu/ it redirects me to https://domain.test-test.eu.
When I type http://192.168.XXX.YYY it redirects me to https://192.168.XXX.YYY
But when I type http://192.168.XXX.YYY:8080 or http://domain.test-test.eu:8080 it doesn't redirect me to https://192.168.XXX.YYY or https://domain.test-test.eu/. The page opens up (without HTTPS).
The second problem is, that in OM's log I can see CSRF info and I can't log in through HTTPS.
Info from OM's log:
[http-nio-0.0.0.0-8080-exec-10] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://192.168.XXX.YYY/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://192.168.XXX.YYY, action: aborted with error 400 Origin does not correspond to request
How should I change Apache settings to make it work?
I'm afraid it would impossible to set up "Redirect HTTP (8080) to HTTPS (443)"
In case you are running OpenMeetings on port 8080, you can't use it for Apache and vise versa. Internet port should be exclusively used by OM or Apache, not both.
I would close port 8080 on FW level to deny direct access to OM. (and please remove rule for <VirtualHost *:8080> otherwise OM will fail to start with Port already in use message)
Now according to CSRF:
You need to modify conf/jee-container.xml and add following property
<property name="secure" value="true" />
To <!-- Tomcat without SSL enabled --> block right before <property name="connectionProperties">
This should fix your issue
BUT OpenMeetings will not work with this config ....
Cause you also need to proxy WebSockets ....
So you additionally need mod_rewrite and mod_proxy_wstunnel
then you need to add following section:
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
RedirectMatch ^/$ https://domain.test-test.eu/openmeetings
Additionally you might want to perform tunneling for your RTMP traffic, this will require special rules for open, send, idle and close
below is final configuration for Apache 2.4:
<VirtualHost *:443>
ServerName domain.test-test.eu
## Vhost docroot
DocumentRoot "/var/www/"
## Directories, there should at least be a declaration for /var/www/
<Directory "/var/www/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
## Logging
ErrorLog "/var/log/apache2/domain.test-test.eu-ssl-error.log"
ServerSignature Off
CustomLog "/var/log/apache2/domain.test-test.eu.http_access.log" combined
## SSL directives
SSLEngine on
SSLCertificateFile "/_certs_path_/domain.test-test.eu/fullchain.pem"
SSLCertificateKeyFile "/_certs_path_/domain.test-test.eu/privkey.pem"
SSLCACertificatePath "/_CA_certs_path_"
### OpenMeetings ###
## Custom fragment
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:5080/$1 [P,L]
RedirectMatch ^/$ https://domain.test-test.eu/openmeetings
ProxyPreserveHost On
<Location /openmeetings>
Require all granted
ProxyPass http://localhost:5080/openmeetings
ProxyPassReverse http://localhost:5080/openmeetings
RewriteEngine On
RewriteRule ^/(.*) http://localhost:5080/$1 [P]
</Location>
<Location /open>
Require all granted
ProxyPass http://localhost:5080/open
ProxyPassReverse http://localhost:5080/open
</Location>
<Location /send>
Require all granted
ProxyPass http://localhost:5080/send
ProxyPassReverse http://localhost:5080/send
</Location>
<Location /idle>
Require all granted
ProxyPass http://localhost:5080/idle
ProxyPassReverse http://localhost:5080/idle
</Location>
<Location /close>
Require all granted
ProxyPass http://localhost:5080/close
ProxyPassReverse http://localhost:5080/close
</Location>
</VirtualHost>
Work for me as expected :)
In 'default' file I have:
<VirtualHost *:80>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
So when smb type http://domain.test-test.eu it'll redirect it to https://domain.test-test.eu
My 'default-ssl' file is almost exact as Yours (I'm using 8080/tcp for OM). And I'm using selfsigned certificated for OM (for now they're not signed for CN=domain.test-test.eu but for CN=testname.eu - I'll change it after OM will works).
Unfortunatly this config doesn't work. I can see two black dots speening around. May it be because of outdated browsers (FF has version 52.4.1 and Chromium 51.0.2704.79) or wrong site certificate?
The apache's config given by Maxim is working. Thank you Maxim!

How to rewrite a domain to a subfolder

I have one local server called server1 with a subdirectory sub (server1/sub/).
Now i have a dns entry which redirects server2 to server1.
I want to configure my apacher server in a way that when I open server2 in a browser I get the content from server1/sub/.
The url should not change to server1/sub/.
Is this possible with mod_rewrite?
EDIT:
I added
127.0.0.1 localhost
127.0.0.1 wiki2
127.0.0.1 wiki3
to the hosts file and
VirtualHost 127.0.0.1>
ServerName wiki2
ServerAlias 127.0.0.1
DocumentRoot c:/xampp/htdocs/wiki_angua
<Directory c:/xampp/htdocs/wiki_angua >
Allow From All
</Directory>
</VirtualHost>
<VirtualHost 127.0.0.1>
ServerName wiki3
ServerAlias 127.0.0.1
DocumentRoot c:/xampp/htdocs/weatherwax
<Directory c:/xampp/htdocs/weatherwax >
Allow From All
</Directory>
</VirtualHost>
to httpd.conf and restarted apache.
Whether I open wiki2 or wiki3 I land in ./wiki_angua.
Is there anything I forgot?
If you have a DNS entry for server2 then the Host HTTP request header will be correctly set, and all you need then is a virtual host, without the need to use mod_rewrite.
For example:
<VirtualHost *:80>
ServerName server2
DocumentRoot /path/to/server1/sub
<Directory /path/to/server1/sub>
Allow From All
</Directory>
# ... etc
</VirtualHost>
edit:
In the case you still want to use mod_rewrite you can do something like:
RewriteCond %{HTTP_HOST} ^server2$
RewriteRule ^(.+) /path/to/server1/sub/$1
This must be located in the global server configuration, and not in an existing virtual host.