Apache proxypass redirect to multiple unix sockets - server

I have a server that runs multiple flask instances using gunicorn.socket, and an apache2 server is configured to proxy the request:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / unix:///run/gunicorn_site0.sock|http://127.0.1.1/
ProxyPassReverse / unix:///run/gunicorn_site0.sock|http://127.0.1.1/
# RewriteEngine On
# RewriteRule ^/0/(.*)$ unix:///run/gunicorn_site0.sock|http://127.0.1.1/$1 [P,L]
# ProxyPass /1 unix:///run/gunicorn_site1.sock|http://127.0.1.1/
# ProxyPassReverse /1 unix:///run/gunicorn_site1.sock|http://127.0.1.1/
# ProxyPass /2 unix:///run/gunicorn_site2.sock|http://127.0.1.1/
# ProxyPassReverse /2 unix:///run/gunicorn_site2.sock|http://127.0.1.1/
</VirtualHost>
As shown above, if I only enable site0, everything works fine, i.e., when I type 127.0.1.1/ in the browser, it proxies to gunicorn_site0.sock with url 127.0.1.1/
However, what I really want to do is to allow the follows:
# Typed in address bar Actual request
http://127.0.1.1/0/some/path -> gunicorn_site0.sock 127.0.1.1/some/path
http://127.0.1.1/1/some/path -> gunicorn_site1.sock 127.0.1.1/some/path
http://127.0.1.1/2/some/path -> gunicorn_site2.sock 127.0.1.1/some/path
I tried multiple ways with RewriteRule but with no success.
Any ideas?

Did you try with a "first site" in /0 instead of / ? there is no reason it fail, but i think you first proxypass "eat" all sub urls:
ProxyPass /0 unix:///run/gunicorn_site0.sock|http://127.0.1.1/0
ProxyPass /1 unix:///run/gunicorn_site1.sock|http://127.0.1.1/1
ProxyPass /2 unix:///run/gunicorn_site2.sock|http://127.0.1.1/2
However you will probably need to make sure all python app are ok running in a "sub-directory". (eg by setting SCRIPT_NAME in gunicorn env)

Related

Apache HTTPS Reverse Proxy URL Redirection

I've a node application running on 3001 port. For HTTP to HTTPS, I've configured apache virtual host with reverse proxy and it is working fine. Now I need to redirect
http://nodeapp.mydomain.com to https://nodeapp.mydomain.com and http://nodeapp.mydomain.com:3001 to https://nodeapp.mydomain.com and http://100.100.100.100:3001 to https://nodeapp.mydomain.com
Can anyone please help me how to achieve it using virtual host configuration instead of writing a .htaccess file?
<VirtualHost *:443>
ServerAdmin admin#mydomain.com
ServerName nodeapp.mydomain.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://100.100.100.100:3001/
ProxyPassReverse / http://100.100.100.100:3001/
ErrorLog "/var/log/httpd/mydomain.com-error_log"
CustomLog "/var/log/httpd/mydomain.com-access_log" common
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nodeapp_mydomain_com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/nodeapp_mydomain_com.key
</VirtualHost>
To redirect http://nodeapp.mydomain.com to https://nodeapp.mydomain.com, add these lines to the virtual host configuration:
<VirtualHost *:80>
ServerName nodeapp.mydomain.com
Redirect Permanent / https://nodeapp.mydomain.com/
RewriteEngine on
RewriteCond %{SERVER_NAME} =nodeapp.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
You can copy paste the same code to the conf file, and modify the corresponding domains/subdomains there.

Apache Reverse Proxy produces too many redirects

I have configured apache to redirect HTTPS reqests to the local running application server PUMA. PUMA is part of the Ruby on Rails framework.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
Puma Server is listening on http://localhost:3000/
When I access this apache web site from a browser I get: Too many redirections.
And idea?
I had the same issue. Try to add after your Proxy:
RequestHeader set X-Forwarded-Proto https to your ...ssl.conf which is in sites-available folder.
I had same issue, I was trying to setup a SSL termination reverse proxy with apache. I followed this article.
Using 0.0.0.0 instead of localhost worked for me.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName exemple.com
SSLCertificateFile /path/fullchain.pem
SSLCertificateKeyFile /path/privkey.pem
ProxyPass / http://0.0.0.0:80/
ProxyPassReverse / http://0.0.0.0:80/
</VirtualHost>
</IfModule>

Apache OpenMeetings 4.0.4 CSRF attack when using apache2 as proxypass

I've got Apache OpenMeetings 4.0.4 witch Apache/2.2.22 as proxy.
In OM's conf/red5.properties I've got
http.port=8080
I want to do two things:
Redirect HTTP (80) -> HTTPS (443)
Redirect HTTP (8080) to HTTPS (443)
My /etc/apache2/sites-avilable/default conf is:
<VirtualHost *:80>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:8080>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
My /etc/apache2/sites-avilable/default-ssl conf is:
<VirtualHost *:443>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine On
SSLCerificateFile /etc/apache2/certs/collaboration.crt
SSLCerificateKeyFile /etc/apache2/certs/collaboration.key
SSLCerificateChainFile /etc/apache2/certs/chain.pem
</VirtualHost>
When I type http://domain.test-test.eu/ it redirects me to https://domain.test-test.eu.
When I type http://192.168.XXX.YYY it redirects me to https://192.168.XXX.YYY
But when I type http://192.168.XXX.YYY:8080 or http://domain.test-test.eu:8080 it doesn't redirect me to https://192.168.XXX.YYY or https://domain.test-test.eu/. The page opens up (without HTTPS).
The second problem is, that in OM's log I can see CSRF info and I can't log in through HTTPS.
Info from OM's log:
[http-nio-0.0.0.0-8080-exec-10] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL: http://192.168.XXX.YYY/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage, Origin: https://192.168.XXX.YYY, action: aborted with error 400 Origin does not correspond to request
How should I change Apache settings to make it work?
I'm afraid it would impossible to set up "Redirect HTTP (8080) to HTTPS (443)"
In case you are running OpenMeetings on port 8080, you can't use it for Apache and vise versa. Internet port should be exclusively used by OM or Apache, not both.
I would close port 8080 on FW level to deny direct access to OM. (and please remove rule for <VirtualHost *:8080> otherwise OM will fail to start with Port already in use message)
Now according to CSRF:
You need to modify conf/jee-container.xml and add following property
<property name="secure" value="true" />
To <!-- Tomcat without SSL enabled --> block right before <property name="connectionProperties">
This should fix your issue
BUT OpenMeetings will not work with this config ....
Cause you also need to proxy WebSockets ....
So you additionally need mod_rewrite and mod_proxy_wstunnel
then you need to add following section:
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
RedirectMatch ^/$ https://domain.test-test.eu/openmeetings
Additionally you might want to perform tunneling for your RTMP traffic, this will require special rules for open, send, idle and close
below is final configuration for Apache 2.4:
<VirtualHost *:443>
ServerName domain.test-test.eu
## Vhost docroot
DocumentRoot "/var/www/"
## Directories, there should at least be a declaration for /var/www/
<Directory "/var/www/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
## Logging
ErrorLog "/var/log/apache2/domain.test-test.eu-ssl-error.log"
ServerSignature Off
CustomLog "/var/log/apache2/domain.test-test.eu.http_access.log" combined
## SSL directives
SSLEngine on
SSLCertificateFile "/_certs_path_/domain.test-test.eu/fullchain.pem"
SSLCertificateKeyFile "/_certs_path_/domain.test-test.eu/privkey.pem"
SSLCACertificatePath "/_CA_certs_path_"
### OpenMeetings ###
## Custom fragment
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:5080/$1 [P,L]
RedirectMatch ^/$ https://domain.test-test.eu/openmeetings
ProxyPreserveHost On
<Location /openmeetings>
Require all granted
ProxyPass http://localhost:5080/openmeetings
ProxyPassReverse http://localhost:5080/openmeetings
RewriteEngine On
RewriteRule ^/(.*) http://localhost:5080/$1 [P]
</Location>
<Location /open>
Require all granted
ProxyPass http://localhost:5080/open
ProxyPassReverse http://localhost:5080/open
</Location>
<Location /send>
Require all granted
ProxyPass http://localhost:5080/send
ProxyPassReverse http://localhost:5080/send
</Location>
<Location /idle>
Require all granted
ProxyPass http://localhost:5080/idle
ProxyPassReverse http://localhost:5080/idle
</Location>
<Location /close>
Require all granted
ProxyPass http://localhost:5080/close
ProxyPassReverse http://localhost:5080/close
</Location>
</VirtualHost>
Work for me as expected :)
In 'default' file I have:
<VirtualHost *:80>
ServerName domain.test-test.eu
ServerAlias domain.test-test.eu
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
So when smb type http://domain.test-test.eu it'll redirect it to https://domain.test-test.eu
My 'default-ssl' file is almost exact as Yours (I'm using 8080/tcp for OM). And I'm using selfsigned certificated for OM (for now they're not signed for CN=domain.test-test.eu but for CN=testname.eu - I'll change it after OM will works).
Unfortunatly this config doesn't work. I can see two black dots speening around. May it be because of outdated browsers (FF has version 52.4.1 and Chromium 51.0.2704.79) or wrong site certificate?
The apache's config given by Maxim is working. Thank you Maxim!

Ubuntu 14.04 Redirect Domain to Port

I am trying to direct mydomain.com to a specific port. I have run netstat and I know that my code is listening at 0.0.0.0:3000. I have the following in /etc/apache2/sites-available
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName mydomain.com
ServerAlias www.mydomain.com
ProxyPass / http://0.0.0.0:3000/
ProxyPassReverse / http://0.0.0.0:3000/
</VirtualHost>
I was able to get other domains redirected to a subdirectory. When I test using mydomain.com from a browser, I see the default page.

How to redirect different URLs to different ports on the same domain?

I have odoo running on port 8069 and I want to run wordpress on port 80 on the same domain. I would like to redirect example.com* to port 8069 except example.com/wordpress* which I want to go to port 80.
I know this is similar to Redirecting from port 80 to different ports based on URL. I want to implement a reverse proxy solution as advised by abhi-devireddy. I tried the following reverse proxy. All requests are forwarded to port 8069 including http://example.com/wordpress/. Odoo reports error 404 page not found when browser points to http://example.com/wordpress
<VirtualHost *:80>
ServerName odoo
ErrorLog /var/log/odoo/odoo-error.log
CustomLog /var/log/odoo/odoo-access.log combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://example.com:8069/
ProxyPassReverse / http://example.com:8069/
ProxyPass http://example.com/wordpress/ http://example.com:80/wordpress
ProxyPassReverse http://example.com/wordpress/ http://example.com:80/wordpress
ProxyVia On
LogLevel warn
</VirtualHost>
ProxyPass ! excludes the URL http://example.com:80/wordpress from the reverse proxy. This allows everything except http://example.com:80/wordpress to be mapped to port 8069 while leaving http://example.com:80/wordpress to go through to port 80:
<VirtualHost *:80>
ServerName odoo
ErrorLog /var/log/odoo/odoo-error.log
CustomLog /var/log/odoo/odoo-access.log combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPass /wordpress !
ProxyPass / http://example.com:8069/
ProxyPassReverse / http://example.com:8069/
Alias /wordpress /var/lib/wordpress/
# ProxyVia On
LogLevel warn
</VirtualHost>