I am stuck in this problem for past few days, I am using reverse proxy of Apache server and I managed to run the reverse proxy by making the following changes in config file:
ProxyPass: /server-01/ server-01.{My server}
ProxyPassReverse: /server-01/ server-01.{My server}
ProxyPass: /server-02/ server-02.{My server}
ProxyPassReverse: /server-02/ server-02.{My server}
ProxyPass: /server-03/ server-03.{My server}
ProxyPassReverse: /server-03/ server-03.{My server}
ProxyPass: /server-04/ server-04.{My server}
ProxyPassReverse: /server-04/ server-04.{My server}
All this is working but I want to make this dynamic so that I dont have to add new code and restart Apache when a new proxy server is added!
In order to use a regex you must use ProxyPassMatch:
ProxyPassMatch ^/server-(\d+)/$ server-$1.{My server}
The purpose of ProxyPassReverse is to fix any Location headers that the proxy server issues for itself. For example if I proxy mywebsite.com to bluewebsite.com and bluewebsite.com issues a redirect to bluewebsite.com/1, ProxyPassReverse will intercept it and redirect me to mywebsite.com/1 instead.
If your proxy server issues redirects to the proper front-end URLs (or does not use redirects) then ProxyPassReverse is not needed. If you do need it, you are out of luck in this example because it does not accept regexes.
Here is another question that might help you:
ProxyPassMatch with ProxyPassReverse
Related
I have an angular 4 web application which is hosted on apache 2.4. The application makes use of an API written in nodejs javascript running over express. Both the website and the API service are running on the same machine but on different ports. The website is on port 80 and the API service is listening on port 9000.
I would like to set up apache to do reverse proxy for all the API calls.
For example, any url that contains /api/ I want it rewritten by apache to point to the API url:port. If I use ProxyPass like the following lines, the redirect works fine:
ProxyPass "/api/V1/systeminfo" "http://localhost:9000/api/V1/systeminfo"
ProxyPassReverse "/api/V1/systeminfo" "http://localhost:9000/api/V1/systeminfo"
What I do not know how to do, is to use the ProxyPassMatch directive and create a regular expression so that any url that contains /api/ is redirected to http://localhost:9000/api/.....
I tried the following but it does not work:
ProxyPassMatch "^/api.*$" "http://localhost:9000/$1"
ProxyPassReverse "^/api.*$" "http://localhost:9000/$1"
Neither does the following:
ProxyPassMatch "^/.*?/api.*?/v[0-9]+/(.*)$" "http://localhost:9000/$1"
ProxyPassReverse "^/.*?/api.*?/v[0-9]+/(.*)$" "http://localhost:9000/$1"
Any help would be appreciated. My regex skills are lacking!
Note: obviously 'localhost' can be an IP address or a domain, I am using it in the example for simplicity.
Many thanks!
Edit: I corrected the first example to use .* instead of just * as per Alex's comment.
I solved the problem. The correct way to do reverse proxy with apache on the above example is the following:
ProxyPassMatch "/api(.*)" "http://localhost:9000/api$1"
ProxyPassReverse "/api(.*)" "http://localhost:9000/api$1"
I knew the multiple regex examples I was trying were correct, as I was testing them with https://regex101.com/, but I was hard coding the second part of to a particular route in order to eliminate the issue of the second part being incorrect, but for some reason it does not like that. Once I understood that the (.*) part of the regex is the first capture group and used it as $1 in the second part, it all worked.
I hope I clarified the answer enough and it is useful to someone else.
I have deployed an app using Shiny Server on AWS instance. When I run Shiny app, it launched itself at URL XXX.XXX.XXX.XXX/8787/p/1234. I need to share this URL with my colleagues, but I want to hide IP+port number where shiny server is running i.e. I want to hide XXX.XXX.XXX.XXX/8787, or at least one of IP/ Port should not be visible to them. Is there any way out of hiding this?
I want my colleagues to see something like XXX.XXX.XXX.XXX/shiny/p/1234 (port number hided) or shiny/p/1234 (IP+port hided). Any help would be highly appreciated.
you probably already find your answer.
But a way of doing what you want is to use
<VirtualHost *:80>
...
ProxyPreserveHost On
ProxyPass /shiny http://0.0.0.0:3838/shiny
ProxyPassReverse /shiny http://0.0.0.0:3838/shiny
ServerName localhost
</VirtualHost>
In your httpd.conf 'your server config file this exemple is for apache'
Then you Can Access to your app in
http://ip_address/shiny/your_app_name
I have Mod rewrite set to pick up people who come to the root of my domain and redirect them to the proper language folder in my Django
Im running a new Django with mod_wsgi under apache. I have an apache instance with a virtual server set to port 8005 and my load balancer pointed to that server and port.
I have only one rule in Mod Rewrite to redirect to US folder
RewriteRule ^(|/|/index.html)$ /us/ [QSA,NE,R=302,L]
When I try to go to my www.site.com I see in my trace logs its trying to redirect to www.site.com:8005/us/ instead it should go to www.site.com/us/
If I go to www.site.com/us/ works fine
In the apache configs i needed add servername hostname I had a different hostname that was preventing it from redirecting properly. I haven esperienced this problem on my non Django sites
I've setup Apache as a reverse proxy for a non public backend server, using mod_proxy. However one of my ProxyPassMatch directives always returns 404:
ProxyPassMatch ^/app/files/public/orders/06_production/jobs/([a-zA-Z0-9\-]+)/Preview%20PNG/(V[0-9]+)/([a-zA-Z0-9_\-]+.png)$ http://192.168.2.42/app/files/public/orders/06_production/jobs/$1/Preview%20PNG/$2/$3
This should match an incoming request like this:
/app/files/public/orders/06_production/jobs/P116087/Preview%20PNG/V1/bla.png
Any idea what's wrong with my Regex?
Figured it out:
ProxyPassMatch "\A/app/files/public/orders/06_production/jobs/([a-zA-Z0-9\-]+)/Preview PNG/(V[0-9]+)/([a-zA-Z0-9_\-]+.png)\z" "http://192.168.2.42/app/files/public/orders/06_production/jobs/$1/Preview PNG/$2/$3"
I have a django web application that's running on apache 2.2.14 and I want to run the admin application over https.
Having read considerable discussions on using a proxy, writing middleware, running alternative wsgi scripts, the chaps in #httpd came to my rescue. The solution is so simple, I was surprised I didn't find it online, so I'm curious to see if I've made some glaring assumptions or errors.
One complication was that I also wanted to run one of my django apps in the site over https, that is everything on /checkout.
Essentially, if a user requests a URI starting with /admin or /checkout on http, they are to be redirected to that URI but on https. Conversely, if a user requests a URI that does not start with /admin or /checkout on https, they are to be redirected to that URI but on http.
The key to solving this problem was to use Redirect and RedirectMatch directives in my VirtualHost configuration.
<VirtualHost *:80>
... host config stuff ...
Redirect /admin https://www.mywebsite.com/admin
Redirect /checkout https://www.mywebsite.com/checkout
</VirtualHost>
<VirtualHost *:443>
... ssl host config stuff ...
RedirectMatch ^(/(?!admin|checkout).*) http://www.mywebsite.com$1
</VirtualHost>
Another approach is to use #secure_required decorator. This will automatically rewrite the requested url and redirect to https://... version of the URL. Then you don't have to have Redirect in *:80 configuration. *:443 configuration may still be required for performance purpose if you want other traffic to go through normal http traffic.
I tried your solution, but ran into several problems. First, the formatting on the admin site disappeared, as if it could not find the admin static files. Second, if I tried to reach the non-admin site through https, the browser would not find it and redirect me to Yahoo search. Oddly, if I edited the yahoo search URL to eliminate all text except my correct URL (minus the http://), it would continue to search through yahoo for my site. However, typing the exact same URL afresh sent me to my site.
I solved all of these issues by simply removing the
RedirectMatch ^(/(?!admin|checkout).*) http://www.mywebsite.com$1
directive.
I should mention that I don't have a /checkout section on my site and am only trying to secure /admin. ... and yes, I did substitute my URL for "mywebsite.com"
What you described should work, but there may be a problem in the future if you need to make changes to which paths are/are not HTTPS. Because this method requires the ability to correctly modify the Apache config file it means you do not want novices in the loop. Screw up the config file and your site can go 500-error in the blink of an eye.
We chose to have a simple text file that had a list of the must-be-HTTPS paths. Anyone on the project can edit it and it is checked for correctness when it is loaded. We handle any needed redirects to/from HTTPS in middleware and it seems to work just fine. This method will also work if you are running anything other than Apache.