I have purchased a godaddy domain and AWS EC2 instance with elastic ip. In godaddy I created following entries
A-name entry ( mydomain.com ) pointing to elastic ip
And a C-name entry (app2.mydomain.com) pointing to same elastic ip
Inside amazon EC2 instance , I am running two applications
app1 - running on localhost:3000
app2 - running on localhost:4000
Now, I am trying to achieve below
mydomain.com should point to app1 running on localhost:3000
app2.mydomain.com should point to app2 running on localhost:4000
I have installed apache2 on EC2 and followed below links to configure reverse proxy
link1
I created myproxy.conf under apache2/sites-available as below
<VirtualHost mydomain.com:80>
ServerName mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost app2.mydomain.com:80>
ServerName app2.mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
</VirtualHost>
But I can't get it working. But when I change the conf as below
<VirtualHost *:80>
ServerName app2.mydomain.com
ServerAdmin admin#mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
</VirtualHost>
Both mydoamin.com and app2.mydomain.com launch same app2 application.
I could not figure out what I am missing.
Edit
Soon after I post this, I tried something which seems to work. I added *.80 instead of app2.mydomain.com
<VirtualHost *:80>
ServerName app2.mydomain.com
ServerAdmin admin#mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
</VirtualHost>
<VirtualHost *:80>
ServerName mydomain.com
ServerAdmin admin#mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
Currently you are trying to run code on apache2 default port 80.
You need to run both application on diff port.Try running code on different port
<VirtualHost *:8081>
Listen 8081
ServerName mydomain.com
ServerAdmin admin#mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
</VirtualHost>
Don't forget to open port in listen mode by LISTEN port_no
Related
I am following this guide to try show this url www.mycompany.com/testblog instead of www.mycompany.com:8000/testblog
These are my current config files setup inside my website.comssl.conf file
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName website.com
ServerAlias www.website.com
DocumentRoot /var/www/website.com
Redirect permanent / https://website.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
`
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName website.com
ServerAlias www.website.com
DocumentRoot /var/www/website.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/website.com.cer
SSLCertificateKeyFile /etc/ssl/private/website.com.key
SSLCertificateChainFile /var/www/website.com/SSLCert/SSLIntermediateCertificate.cer
ProxyPreserveHost On
ProxyPass /testblog https://website.com:8000/testblog
ProxyPassReverse /testblog https://website.com:8000/testblog
</VirtualHost>
However, when I run my server and try to access the URL www.mycompany.com/testblog I get a 404 Not Found error
Have you load proxy module
On Centos/RedHat
$> grep -R "mod_proxy" /etc/httpd/conf.modules.d/
.....
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
.....
On Ubuntu
$> a2enmod proxy
$> a2enmod proxy_http
ProxyPass /testblog https://website.com:8000/testblog
ProxyPassReverse /testblog https://website.com:8000/testblog
This is very uncommon to do for two reasons:
Normally you reverse proxy stuff that's not available via public domain name. Often it runs on the same machine or on another machine in the same network. In this case, use the IP instead (127.0.0.1 for the local machine or the IP shown in ip addr command on the other machine)
You're using https: but backend services are normally not SSL protected. Also port 8000 is very uncommon for SSL.
In other words, are you sure you want this and not ProxyPass /testblog http://127.0.0.1:8000/testblog
I am currently trying to set up Apache2 as reverse proxy rewriting based on a subdomain's hostname.
Any request sent to *.accepted-terms.mydomain.tld should be forwarded to a local port using the Host *.mydomain.tld. Simply, the .accepted-terms in the middle should be cut away.
Eg
foo.accepted-terms.mydomain.tld → foo.mydomain.tld:6443
bar.accepted-terms.mydomain.tld → bar.mydomain.tld:6443
<VirtualHost *:443>
SSLEngine on
[...] # SSL Certificates
SSLProxyEngine On
ProxyPreserveHost On
ServerName accepted-terms.mydomain.tld
ServerAlias *.accepted-terms.mydomain.tld
ProxyPass / https://0.0.0.0:6443/
ProxyPassReverse / https://0.0.0.0:6443/
#-------- Here, the fun starts:
SetEnvIf Host ^(.*)accepted-terms\.mydomain\.tld$ new_host=$1
RequestHeader set Host %{new_host}emydomain.tld
#------- Here, the fun should be done.
RequestHeader set Cookie "disclaimer_accepted=true"
</VirtualHost>
Unfortunately, my tries based on SetEncIf and the Host were unsuccessful. Is there any way to realize this?
I found a solution.
<VirtualHost *:443>
# [...] SSL
SSLProxyEngine On
SSLProxyCheckPeerName Off
ServerName accepted-terms.mydomain.tld
ServerAlias *.accepted-terms.mydomain.tld
SetEnvIf Host ^(.*).accepted.onionroot.network$ new_host=$1
RequestHeader set Host %{new_host}e.onionroot.network
RequestHeader set Cookie "disclaimer_accepted=true"
ProxyPreserveHost On
ProxyPass / https://0.0.0.0:6443/ retry=1 acquire=3000 timeout=600 Keepalive=On
ProxyPassReverse / https://0.0.0.0:6443/
</VirtualHost>
It seems like reordering the configuration solved the issues.
I am trying to route an application to a sub route on an internal server, using Gunicorn with my Django app. My virtual host file looks like this:
LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so
LoadModule proxy_http_module /usr/lib64/apache2/mod_proxy_http.so
<VirtualHost *:80>
ServerName 172.16.1.81
<Location "/mycustomapp">
ProxyPreserveHost On
ProxyPass http://127.0.0.1:9090
ProxyPassReverse http://127.0.0.1:9090
</Location>
</VirtualHost>
When I navigate to 172.16.1.81/mycustomapp , I keep getting a 404 not found error when trying to navigate to the application on that route. Is there something else I am doing wrong here?
Okay, I figured it out. For anyone running into this type of problem in the future, the solution lies in using the ServerPath directive inside your VirtualHost configuration. So for example, if you wanted to have an application be served at 172.15.1.20/app1 and another application served at 172.15.1.20/app2 (via port forwarding to a process listening on a port) the virtual host configuration would like the following:
LoadModule proxy_module /usr/lib64/apache2/mod_proxy.so
LoadModule proxy_http_module /usr/lib64/apache2/mod_proxy_http.so
<VirtualHost *:80>
ServerName 172.15.1.20
ProxyPreserveHost On
ProxyPass /app1 http://127.0.0.1:9090
ProxyPassReverse /app1 http://127.0.0.1:9090
ProxyPass /app2 http://127.0.0.1:9080
ProxyPassReverse /app2 http://127.0.0.1:9080
</VirtualHost>
I have a two Django instances with two separate virtualenvs that I am trying to have on two suburls: serveraddress/app1 and serveraddress/app2. I have my Apache virtual hosts setup as below and am using mod_wsgi.
The Django instance I am putting at port 8000 in the Apache settings shows up at this url:
http://serveraddress:8000/app1 rather than http://serveraddress/app1. App2 on port 80 shows up at the right url - http:/serveraddress/app2.
How do I get http:/serveraddress:8000/app1 to show up at http://serveraddress/app1?
<VirtualHost serveraddress:8000>
ServerName serveraddress
WSGIDaemonProcess app1 python- path=/var/www/app1:/var/www/app1/files:/usr/local/lib/python2.6/dist-packages
WSGIProcessGroup app1
WSGIScriptAlias /app1 /var/www/app1/files/files/wsgi.py
AliasMatch ^/([^/]*\.css) /var/www/app1/files/app1/static/css/$1
Alias /media/ /var/www/app1/files/media/
Alias /static/ /var/www/app1/files/app1/static/
</VirtualHost>
<VirtualHost serveraddress:80>
ServerName serveraddress
WSGIDaemonProcess app2 python-path=/var/www/app2-files:/var/www/app2-files/app2- files:/var/www/app2-files/env2/lib/python2.6/site-packages
WSGIProcessGroup app2
WSGIScriptAlias /app2 /var/www/app2-files/app2-files/wsgi.py
</VirtualHost>
And in my ports.conf I have:
NameVirtualHost serveraddress:80
Listen 80
NameVirtualHost serveraddress:8000
Listen 8000
I have the following apache2 VirtualHost config:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
ServerAlias www.securesite.com
DocumentRoot /data/web/securesite.com/
Options -Indexes
SSLEngine On
SSLCertificateFile /etc/ssl/securesite.com/securesite.com.crt
SSLCertificateKeyFile /etc/ssl/securesite.com/server.key
SSLCertificateChainFile /etc/ssl/securesite.com/gd_bundle.crt
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /data/web/unsecuresite.com/
ServerName unsecuresite.com
ServerAlias www.unsecuresite.com
</VirtualHost>
The problem is that I can access https://unsecuresite.com/ and the server returns the data for securesite.com and the browser complains.
Why does this happen? Why does ServerName for 443 matches other server names?
Can I somehow handle this? Maybe catch the request, handle it with regex and redirect it to its proper place?
EDIT
ports.conf says:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
NameVirtualHost {my_server_ip}:443
Listen 443
</IfModule>
When you connect to https://securesite.com/, then you are actually connecting to port 443. Since there is only one site listening on port 443, the first match is returned (even though the ServerName does not match.
Your configuration basically boils down to:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
# ...
</VirtualHost>
<VirtualHost *:80>
ServerName unsecuresite.com
# ...
</VirtualHost>
This means that any request to port 80 (http) will be served by unsecuresite.com and requests to port 443 (https) are served by securesite.com.
Even if you add a <VirtualHost *:443> ServerName unsecuresite.com, you can still not simply trick the user to redirect without having a valid certificate for unsecuresite.com. (That would result in a ugly certificate warning.)
If your unsecuresite.com vhost is not supposed to handle HTTPS, then just ignore it. With nginx you could reset a connection if the hostname does not match, I don't know if something similar exists for Apache.
I solved it with the following method:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
ServerAlias www.securesite.com
DocumentRoot /data/web/securesite.com/
Options -Indexes
SSLEngine On
SSLCertificateFile /etc/ssl/securesite.com/securesite.com.crt
SSLCertificateKeyFile /etc/ssl/securesite.com/server.key
SSLCertificateChainFile /etc/ssl/securesite.com/gd_bundle.crt
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(www\.)?(securesite\.com){1}$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301]
</VirtualHost>