How do I tell my local server to interpret all relative paths, that start with a /uploads/, from a remote server (the production server)?
The uploads folder is out of version control and I don't have it in my local server (the testing server).
You can use the mod_proxy module of apache.
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /uploads http://live.domain.com/uploads
ProxyPassReverse /uploads http://live.domain.com/uploads
The ProxyRequests Off disables forward proxy so your machine can't be used as a proxy server.
The <Proxy *>...</Proxy> sets the access rights to your (Reverse-)Proxy; 'all' in this case.
And finaly the ProxyPass and ProxyPassReverse define that every request to '/uploads' should be passed on to 'http://live.domain.com/uploads' (->ProxyPass) and every response from 'http://live.domain.com/uploads' should be treated as it would be from '/uploads' (->ProxyPassReverse).
Related
I have implemented/tried to implement a websocket for communcation between users on an ec2 instance running linux with an apache webserver. I had it working when i first configured it where my ratchet websocket pointed to port 8081 without any TLS. With this configuration i was able to upgrade to a websocket and send/recieve data - through a non secure websocket. This was only possible through the ip address though and not through the actual url.
I am running the websocket at a subdomain.
<VirtualHost *:443>
DocumentRoot "/var/www/html/video"
ServerName video.domain.com
SSLEngine on
SSLCertificateFile ./certs/server.crt
SSLCertificateKeyFile ./certs/server.key
# ProxyPass /ratchet/ ws://video.domain.com:8081/
<Directory "/var/www/html/video">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
The above solution works when i use the ip based websocket connection to connect to the websocket through the JS websocket API.
I have tried both WSS, WS, with and without ports etc for the websocket API but still the beneath written code is the only i can get to work.
let socket = new WebSocket("ws://server_ip:8081");
I have read a lot of stackoverflow questions regarding adding a proxypass to the VH but it doesn't upgrade the request. Furthermore, i have tried to create it's own virtualhost and that doesn't work either.
I think it's worth to mention i have a cloudflare CDN the requests are proxied through.
Hope to get some fresh eyes. Been stuck for a while.
I do not have enough rep for a comment, so answer it is.
It has been a while since I have dabbled into this stuff, and my first thought was that you indeed need a ProxyPass, but when I looked at my config this is not the case.
I'm going out on a limb and guess that your VH is the issue here, you are explicitly listening on port 443(https) but I believe wss has another port it listens on, so maybe you could try another port. Other than that you could also try to do new WebSocket('https://video.domain.com') and enable the proxy in the VH, this way the secure connection is handled by the http layer. But since the browser will then try to upgrade the request to a socket I doubt this will work.
I should mention that in my case I used websockets to open an mqtt connection, since browser don't implement mqtt this is done via wss.
If non of this works I could try to dive deeper into the inner workings of the mqtt lib I use in order to dissect how the connection is set up.
I hope any of this helps :D
edit
since there was not enough space in the comments I'll place it here:
not related to sockets but to apache and proxies: the ProxyPass directive has a counterpart ProxyPassReverse for that very goal.
<virtualhost IPv4:443 [IPv6]:443>
Servername knowledge.domain.com:443
ServerAlias knowledge.domain.com
ServerAdmin webmaster#domain.com
DocumentRoot /path/to/documentRoot
<Directory /path/to/documentRoot>
Options -Indexes -FollowSymLinks -SymLinksIfOwnerMatch
</Directory>
SSLEngine On
SSLCertificateFile /path/to/ssl.crt
SSLCertificateKeyFile /path/to/ssll.key
SSLCACertificateFile /path/to/ssll.cer
Header always set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure"
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
<Proxy *>
Require all granted
</Proxy>
<Location />
ProxyPass http://127.0.0.1:3000/
ProxyPassReverse http://127.0.0.1:3000/
</Location>
<Directory />
Options -FollowSymLinks -Indexes -SymLinksIfOwnerMatch
</Directory>
CustomLog "/path/to/logs/access.log" combined
ErrorLog "/path/to/logs/error.log"
LogLevel warn
</virtualhost>
this is an example of my proxy conf for a nodejs app
I connected Apache with Tomcat, so the server can run both jsp and php files.
It worked, but I don't want to show the port number, just like any other web sites.
So I changed Tomcat's to 80, and Apache's to 8080.
I checked both servers are on, and accessable, but php files didn't work.
So I tried to make it run, and figured out that only when Apache uses the port number 80, mod_jk works.
Is there good way to running Tomcat at 80, and making Apache to run only php files?
Or, can I make it to access Tomcat's ROOT project when I accessed to Apache and only php files be run from Apache?
Thank you.
You don't have to change Apache's and Tomcat's ports. You can configure Apache as a reverse proxy for the specific domain, so it can handle and pass the requests to Tomcat.
For example:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://domain.tld:8080/
ProxyPassReverse / http://domain.tld:8080/
I am wp begginner, on my wordpress site there are some embedded videos(youtube , vimeo etc). But in some countries youtube is blocked by ISP(or administrator) so visitors cannot see videos.
In this case should i implement forward or reverse proxy on server to allow visitors to watch embedded videos?
Apart from proxy solutiton is there an easier way to achieve this?
I have resolved it by implementing forward proxy. Installed apache server(xampp) on vps. It is working as forward proxy. All requests by the client is consuming by the proxy server and back to the client. You need to enable proxy modules in httpd.conf file before running proxy.
nginx is doing the same thing with simplier configuration but doesn't support https.
C:\xampp\apache\conf\extra\httpd-vhosts.conf:
<VirtualHost *:8080>
ServerName dropbox.local
DocumentRoot "C:/xampp/php/www"
<Directory "C:/xampp/php/www">
Require all granted
</Directory>
<IfModule mod_proxy.c>
#RequestHeader set Front-End-Https "On"
ProxyPreserveHost On
SSLProxyEngine On
# Enable forward proxy requests. It is dangerous. You need to secure the server.
ProxyRequests On
# Allows reverse proxying to https locations.
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# Allow requests from selected hosts or domains
<Proxy *>
ProxyAddHeaders off
ProxyPreserveHost off
Order Allow,Deny
Allow from all
</Proxy>
<Location />
Order allow,deny
Allow from all
</Location>
ProxyVia On
AllowCONNECT 8080
# This is the main proxy configuration
ProxyPass / https://www.google.com.tr/
ProxyPassReverse / https://www.google.com.tr/
</IfModule>
</VirtualHost>
I have a Django site running on ec2 instance (ubuntu) on apache2 using mod_wsgi. I have placed it in /var/www/django_project. It is Up and running without any issues. Now i want to host another site (php, mysql) on this ec2 instance only. I tried to configure my httpd.conf and added php directory with proper permissions, but I believe due to Alias setting in mod_wsgi, any request above '/' is taken up by django.
I DO NOT have any domain name. I access my Django site with IP of machine (i.e w.x.y.z/django_app).
Correct me if I am wrong : Since i do not have server name, I cannot have both site running on port 80 using virtual Hosts.
And I do not mind running them on different ports either. Please suggest me a way to host php site on this server. which file to configure and how to configure it.
My httpd.conf file:
Alias /static /var/www/resumerepo/static
<Directory /var/www/resumerepo/static>
order deny,allow
Allow From All
</Directory>
WSGIScriptAlias / /var/www/resumerepo/resumerepo/wsgi.py
WSGIPythonPath /var/www/resumerepo
<Directory /var/www/resumerepo>
<Files wsgi.py>
Order deny,allow
Allow From All
</Files>
</Directory>
It works fine and my app is accessible. However if i put it in one virtual host and make another virtual host, apache restart throws an error saying PythonPath can not be in virtual host.
You can't do this easily if your django project is accessible via the root of your domain (or your IP), for example: http://1.2.3.4 -> leads to your django project`.
I think, one solution could be to move your django project to a subdirectory, like http://1.2.3.4/django, and make your php project also accessible in subdirectory, like http://1.2.3.4/php.
Or you can create a new virtual host, listening on port 8080, for example, for your php project. This way :
http://1.2.3.4 leads to your django project
http://1.2.3.4:8080 leads to your php project
The second option may be easier to set up, as you won't have to change config for your django project.
Your vhost file could look like :
<VirtualHost *:8080>
ServerAdmin contact#yourdomain
DocumentRoot /var/www/php
<Directory /var/www/php>
AllowOverride All
Order allow,deny
Allow From All
</Directory>
</VirtualHost>
Maybe this won't work : according to Apache documentation, you should not use virtual hosts without ServerName.
I have 2 "hypothetical" domains. myname.me, and myproduct.co.nz. I have four servers forded to the ports 44, 45, 80 and 90 of my public ip address.
The domains both have their A record set to my ip, so myname.me:44 and myproduct.co.nz:44 bring up the same page.
What I want, is for visitors to myname.me to see the page on the server operating on port 90, but not for them to see ":90" in the address bar.
I also want visitors to a.myproduct.co.nz to see the page on the server operating on port 44, and visitors to b.myproduct.co.nz to see the page on the server operating on port 45, both without seeing the :44 or :45 (e.g. I want the pages all serverd on 80).
The servers are all apache2 with php.
I guess that it would be something related to http://httpd.apache.org/docs/2.2/vhosts/name-based.html, but I am not sure how it would work with 2 servers.
I'd really appreciate any help.
~JJ56
Setup name-virtual-hosts on your "port-80 machine". Then use ProxyPass (from mod_proxy) within each virtual host definition, to pass requests from your "port-80 machine" to the other machines behind your firewall.
It might look something like the following:
(NOTE: The main server (your "port 80 server") has to be able to reach the other servers on your internal network -- I've used numeric addresses (192.168.1.5, and 192.168.1.6)).
<VirtualHost *:80>
DocumentRoot /var/www/myname.me/public_html
ServerName myname.me
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.6/
ProxyPassReverse / http://192.168.1.6/
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/myproduct.co.nz/public_html
ServerName myproduct.co.nz
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.5/
ProxyPassReverse / http://192.168.1.5/
</VirtualHost>
Setup the virtual hosts without the proxy-related stuff first. Make sure you can successfully resolve a test page in each of the two vhosts. then (and only then) add in the proxy stuff, and start working the kinks out of that.
While I want to answer your question, I have to ask why you would want to configure the server in this way. What it seems you're really trying to do is configure multiple domain (or Name Based Virtual Hosts) on this shared IP address.
If that's the case, then in Apache it's very easy to set up. Each domain will need to be defined in the httpd.conf or vhosts.conf (or inside of the catch-all include directory depending on your installation; see your documentation). A very basic set up would look like the following:
<VirtualHost *:80>
DocumentRoot /var/www/mywordpressblog.co.uk/public_html
ServerName www.mywordpressblog.co.uk
</VirtualHost>
Best of luck.
You run one server on port 80 and use name-based vhosts, and you don't play any games with any other public ports. If you need different domains to hit different physical servers, you set up mod_proxy to proxy the requests to those servers, or you set up squid or varnish on port 80 to do the same thing. PHP doesn't come into it at all.