I am wp begginner, on my wordpress site there are some embedded videos(youtube , vimeo etc). But in some countries youtube is blocked by ISP(or administrator) so visitors cannot see videos.
In this case should i implement forward or reverse proxy on server to allow visitors to watch embedded videos?
Apart from proxy solutiton is there an easier way to achieve this?
I have resolved it by implementing forward proxy. Installed apache server(xampp) on vps. It is working as forward proxy. All requests by the client is consuming by the proxy server and back to the client. You need to enable proxy modules in httpd.conf file before running proxy.
nginx is doing the same thing with simplier configuration but doesn't support https.
C:\xampp\apache\conf\extra\httpd-vhosts.conf:
<VirtualHost *:8080>
ServerName dropbox.local
DocumentRoot "C:/xampp/php/www"
<Directory "C:/xampp/php/www">
Require all granted
</Directory>
<IfModule mod_proxy.c>
#RequestHeader set Front-End-Https "On"
ProxyPreserveHost On
SSLProxyEngine On
# Enable forward proxy requests. It is dangerous. You need to secure the server.
ProxyRequests On
# Allows reverse proxying to https locations.
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# Allow requests from selected hosts or domains
<Proxy *>
ProxyAddHeaders off
ProxyPreserveHost off
Order Allow,Deny
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
ProxyVia On
AllowCONNECT 8080
# This is the main proxy configuration
ProxyPass / https://www.google.com.tr/
ProxyPassReverse / https://www.google.com.tr/
</IfModule>
</VirtualHost>
Related
I have this set up on a"gateway" Apache server. it then forwards to a second server (I do not want exposed.)
the main "www" server simply hosts a website and forwards subdomains
<VirtualHost *:80>
ServerName www.firewall.co.uk
DocumentRoot /var/www/html/www
</VirtualHost>
<VirtualHost *:80>
ServerName behind.firewall.co.uk
ServerAdmin root#localhost
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.0.53/
ProxyPassReverse / http://192.168.0.53/
SetEnv proxy-sendchunked 1
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ErrorLog /var/log/httpd/behind.firewall.co.uk.log
CustomLog /var/log/httpd/behind.firewall.err.log combined
</VirtualHost>
the problem is that if the _POST is very large (and by "very large" I mean about 20 drop downs in a form that is _POSTed) the gateway Apache server simply locks. It refuses to forward it properly (at all) and it will (in the end) time out for 60s before even doing anything. It doesn't refuse to forward it, it does nothing for 60s.
but if I swap the gateway servers around it works fine, i.e. a large post to behind.firewall.co.uk direct.
does anyone know what I am doing wrong, what setting I am missing to ensure _POSTs work? (note: smaller posts DO work, so I am assuming it's a setting somewhere, but these are only forms of 20 drop downs hardly cumbersome)
I have implemented/tried to implement a websocket for communcation between users on an ec2 instance running linux with an apache webserver. I had it working when i first configured it where my ratchet websocket pointed to port 8081 without any TLS. With this configuration i was able to upgrade to a websocket and send/recieve data - through a non secure websocket. This was only possible through the ip address though and not through the actual url.
I am running the websocket at a subdomain.
<VirtualHost *:443>
DocumentRoot "/var/www/html/video"
ServerName video.domain.com
SSLEngine on
SSLCertificateFile ./certs/server.crt
SSLCertificateKeyFile ./certs/server.key
# ProxyPass /ratchet/ ws://video.domain.com:8081/
<Directory "/var/www/html/video">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
The above solution works when i use the ip based websocket connection to connect to the websocket through the JS websocket API.
I have tried both WSS, WS, with and without ports etc for the websocket API but still the beneath written code is the only i can get to work.
let socket = new WebSocket("ws://server_ip:8081");
I have read a lot of stackoverflow questions regarding adding a proxypass to the VH but it doesn't upgrade the request. Furthermore, i have tried to create it's own virtualhost and that doesn't work either.
I think it's worth to mention i have a cloudflare CDN the requests are proxied through.
Hope to get some fresh eyes. Been stuck for a while.
I do not have enough rep for a comment, so answer it is.
It has been a while since I have dabbled into this stuff, and my first thought was that you indeed need a ProxyPass, but when I looked at my config this is not the case.
I'm going out on a limb and guess that your VH is the issue here, you are explicitly listening on port 443(https) but I believe wss has another port it listens on, so maybe you could try another port. Other than that you could also try to do new WebSocket('https://video.domain.com') and enable the proxy in the VH, this way the secure connection is handled by the http layer. But since the browser will then try to upgrade the request to a socket I doubt this will work.
I should mention that in my case I used websockets to open an mqtt connection, since browser don't implement mqtt this is done via wss.
If non of this works I could try to dive deeper into the inner workings of the mqtt lib I use in order to dissect how the connection is set up.
I hope any of this helps :D
edit
since there was not enough space in the comments I'll place it here:
not related to sockets but to apache and proxies: the ProxyPass directive has a counterpart ProxyPassReverse for that very goal.
<virtualhost IPv4:443 [IPv6]:443>
Servername knowledge.domain.com:443
ServerAlias knowledge.domain.com
ServerAdmin webmaster#domain.com
DocumentRoot /path/to/documentRoot
<Directory /path/to/documentRoot>
Options -Indexes -FollowSymLinks -SymLinksIfOwnerMatch
</Directory>
SSLEngine On
SSLCertificateFile /path/to/ssl.crt
SSLCertificateKeyFile /path/to/ssll.key
SSLCACertificateFile /path/to/ssll.cer
Header always set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure"
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
<Proxy *>
Require all granted
</Proxy>
<Location />
ProxyPass http://127.0.0.1:3000/
ProxyPassReverse http://127.0.0.1:3000/
</Location>
<Directory />
Options -FollowSymLinks -Indexes -SymLinksIfOwnerMatch
</Directory>
CustomLog "/path/to/logs/access.log" combined
ErrorLog "/path/to/logs/error.log"
LogLevel warn
</virtualhost>
this is an example of my proxy conf for a nodejs app
I want to access my website via virtual host from the internet. For now, I am using the public IP address of my server to access my website. Here is what I am using (please see below).
http://122.4.195.12:7777/site/index.php
Is there a way to access my virtual host from the internet? When I am accessing my virtual host from my internet (https://mysite/site/index.php) I am getting
DNS_PROBE_FINISHED_NXDOMAIN error
mysite’s server IP address could not be found.
Is there a way to add a SSL when accessing my website via public IP address? When I change http into https I am getting
ERR_SSL_PROTOCOL_ERROR
122.4.195.12 sent an invalid response.
http://122.4.195.12:7777/site/index.php -> https://122.4.195.12:7777/site/index.php
Here is my Virtual Host Config:
<VirtualHost *:7777>
DocumentRoot "C:\xampp\htdocs"
ServerName mysite
<Directory "C:\xampp\htdocs">
Require all granted
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs"
ServerName mysite
SSLEngine on
SSLCertificateFile "crt/scratchitsite/server.crt"
SSLCertificateKeyFile "crt/mysite/server.key"
<Directory "C:\xampp\htdocs">
Require all granted
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Here is the host file of my server:
127.0.0.1 mysite
For question 1
The easier way will still be registering a domain name, point it to your IP address, and setup your VirtualHost ServerName for it
The VirtualHost actually detecting the Host HTTP Header from server site, so the key thing here is:
How to make the client browser send the Host header the same with you defined on server
For example, by using CURL you can force it to use the user definied Host header like this: curl -H 'Host: mysite' 122.4.195.12:7777/site/index.php
If you're using Chrome, you can try to use a browser extension, like this
For question 2
You've enabled HTTPS on port 443 instead of 7777 in your Apache configuration
Which means you should access your HTTPS service like this https://122.4.195.12:443/site/index.php instead of this https://122.4.195.12:7777/site/index.php
I've read everywhere that Laravel can detect when the user is browsing via HTTPS and uses that to generate routes accordingly, but this appears to be untrue.
I've used a configuration in the AppServiceProvider to force all generated URLs to be prefixed for HTTPS but this only masks an underlying problem.
I have Laravel sitting on an EC2 instance. There is no load balancer and I haven't configured a proxy. This is purely a development instance.
How can I get URLs generated by the route helper to use HTTPS?
If a user is on HTTPS page, Laravel's route() helper will generate HTTPS URL. Since Google Chrome is already marks HTTP websites as insecure, it is a good idea is to rewrite all HTTP requests to HTTPS. There are many ways to do that, but as far as I know the best is to setup your web server to do the job.
Sample VH for Apache:
<VirtualHost my.app:80>
ServerName my.app
Redirect permanent / https://my.app
</VirtualHost>
<VirtualHost my.app:443>
DocumentRoot /home/my/public
ServerName my.app
ServerAlias my.app
ServerAlias *.my.app
SSLEngine on
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
<Directory /home/my/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
How do I tell my local server to interpret all relative paths, that start with a /uploads/, from a remote server (the production server)?
The uploads folder is out of version control and I don't have it in my local server (the testing server).
You can use the mod_proxy module of apache.
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /uploads http://live.domain.com/uploads
ProxyPassReverse /uploads http://live.domain.com/uploads
The ProxyRequests Off disables forward proxy so your machine can't be used as a proxy server.
The <Proxy *>...</Proxy> sets the access rights to your (Reverse-)Proxy; 'all' in this case.
And finaly the ProxyPass and ProxyPassReverse define that every request to '/uploads' should be passed on to 'http://live.domain.com/uploads' (->ProxyPass) and every response from 'http://live.domain.com/uploads' should be treated as it would be from '/uploads' (->ProxyPassReverse).