I am running a web server with the following configuration:
PHP Website running on Apache (port 80) (www.MyWebsite.com)
GWT Web Application running on Tomcat (port 8080) with a different URL (www.MyWebapp.com)
Web service also running on Tomcat (port 8080) with subdomain (service.MyWebapp.com)
I am struggling with some configuration issues. I am able to access the website as well as the web service with my current configuration, but for some reason my web application is throwing an RPC error when I access it remotely through the URL.
My vhosts.conf file is as follows:
<VirtualHost *:80>
ServerName MyWebapp.com
ServerAlias www.MyWebapp.com
ProxyRequests off
DefaultType text/html
ProxyPreserveHost On
ProxyPass / ajp://localhost:8009/webapp/
ProxyPassReverse / ajp://localhost:8009/webapp/
</VirtualHost>
<VirtualHost *:80>
ServerName service.mywebapp.com
DefaultType text/html
ProxyRequests off
ProxyPreserveHost On
ProxyPass / ajp://localhost:8009/webservice/
ProxyPassReverse / ajp://localhost:8009/webservice/
</VirtualHost>
<VirtualHost *:80>
ServerName www.mywebsite.com
ServerAlias *.mywebsite.com
DocumentRoot "c:/wamp64/www/website"
<Directory "c:/wamp64/www/website/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
Require all granted
</Directory>
</VirtualHost>
If I try to access it remotely via www.mywebapp.com, I get the HTML landing page, but when I make any RPC calls I receive an RPC error:
Type 'com.mycom.client.utility.model.DataContainer' was not assignable to 'com.google.gwt.user.client.rpc.IsSerializable' and did not have a custom field serializer. For security purposes, this type will not be deserialized.
I can access and run my web application locally (localhost:8080/webapp), as well as remotely if I specify the port (www.MyWebapp.com:8080/webapp), and do not receive any RPC errors.
My 'DataContainer' class implements java.io.Serializable, not com.google.gwt.user.client.rpc.IsSerializable (I've never encountered an issue with this before). I am under the impression that this has more to do with proxy settings than serialization, but have tried everything I can think of without success.
Any help would be much appreciated!!! Thanks in advance...
Related
I have a web app created using spring boot/Vaadin and apache(2.4 version).
Both apache and the spring boot app are present on the server with hostname - server1.domain.com and the CNAME - server.com.
Spring boot is present at port 4411 and apache port is 4410.
When I hit server1.domain.com:4410, the images in my web app load fine.
Also I can access the image directly by hitting the image URL.
However if I hit server.com:4410, the images do not load and I get a 403(Forbidden) error.
This is the virtual host section of my http.conf file:
NameVirtualHost *:4410
<VirtualHost *:4410>
ServerName server1.domain.com
ServerAlias server.com
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1/"
ProxyPassReverse "/" "http://127.0.0.1/"
SSLEngine on
SSLCertificateFile /home/cert.crt
SSLCertificateKeyFile /home/cert.key
</VirtualHost>
Please help.
I did not generate key pair while creating EC2 instance,hence could not access my ec2 instance.I am able to access https://example.com .
Now I want my website to be redirected to https://example.com when someone hits http://example.com .I am using classic load balancer on aws.
How to achieve this though files in Java project only.
According to AWS docs link-https://github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-provided/security-configuration/https-redirect
I tried it,but this is not working.
I created file elasticbeanstalk.config inside .ebextensionfolder which is placed just under my Project folder-
<VirtualHost *:80>
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://example.com%{REQUEST_URI}
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
The site is not redirecting to https.Do I need to change anything in above file.Or the folder .ebextensionfolder needed to be placed in some different path.Has anyone used the above approach and made it working?
I'm trying to configure SSL access using a frontend Apache (version 2.4.6) server as a ReverseProxy to serve multiple Java applications deployed on a backend server with glassfish (version 3.1.2.2).
Using virtualHost and ServerName, everything works fine with HTTP protocol:
<VirtualHost *:80>
ServerName ppd-cas.capeb.fr
# redirect "/" "https://ppd-cas.capeb.fr/cas"
ProxyPreserveHost On
RedirectMatch "/$" "/cas"
ProxyPass "/cas" "http://10.1.93.10:34674/cas" retry=0 timeout=300 Keepalive=On
ProxyPassReverse "/cas" "http://10.1.93.10:34674/cas"
</VirtualHost>
I configured the HTTPS (in ssl.conf) as follow:
<VirtualHost *:443>
ServerName ppd-cas.capeb.fr
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
# SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/ssl/private/server.cert
SSLCertificateKeyFile /etc/ssl/private/server.key
ProxyRequests Off
ProxyPreserveHost on
RedirectMatch "/$" "/cas"
ProxyPass "/cas" "https://10.1.93.10:56912/cas" retry=0 timeout=300 Keepalive=On
ProxyPassReverse "/cas" "https://10.1.93.10:56912/cas"
</VirtualHost>
The certificate is self-signed, generated and deployed on the frontend server. I thought I could go with HTTPS between browser and frontend then ignore certificate between frontend and backend thus the above options with "none" or "off" parameters.
The example provided (ppd-cas.capeb.fr) works fine using https, BUT, another application described below, with identical parameters, does not:
<VirtualHost *:443>
ServerName ppd-isabat.capeb.fr
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
# SSLProxyCheckPeerExpire off
SSLCertificateFile /etc/ssl/private/server.cert
SSLCertificateKeyFile /etc/ssl/private/server.key
ProxyRequests Off
ProxyPreserveHost on
RedirectMatch "/$" "/CAPEBWeb"
ProxyPass "/CAPEBWeb" "https://10.1.93.10:8181/CAPEBWeb" retry=0 timeout=300 Keepalive=On
ProxyPassReverse "/CAPEBWeb" "https://10.1.93.10:8181/CAPEBWeb"
</VirtualHost>
The error I get in Glassfish logs is:
[#|2016-10-04T15:54:46.078+0200|WARNING|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=19;_ThreadName=Thread-2;|StandardWrapperValve[action]: PWC1406: Servlet.service() for servlet action threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The tricky part is that the application ppd-isabat.capeb.fr (the one that doesn't work) is deployed on the domain1 of Glassfish and uses CAS authentication, and CAS (the one that works) is deployed on domain2 of the same Glassfish. Trying to access ppd-isabat.capeb.fr (https://ppd-isabat.capeb.fr), I'm redirected correctly to the authentication pages of CAS, the error occurs after validating credentials. For me the different installation domain is part of the problem but it's just a hunch.
Does my approach (disabling SSL constraints between frontend and backend) is wrong ? am I missing something obvious ? Glassfish has embeded self-signed certificate so he should be able to identify himself ?
I search thoroughly StackOverflow, but none of the questions really matches this peculiar configuration.
Any help appreciated :)
PS: It's my 1st post, so please, don't be too harsh. I'm french, so please, don't be too harsh !
You said in your post that you want to terminate SSL at Apache itself and the communication between Apache and Glassfish is meant to be HTTP(non-ssl) but yet you are passing requests to the backend with https URLs:
ProxyPass "/CAPEBWeb" "**https**://10.1.93.10:8181/CAPEBWeb" retry=0 timeout=300 Keepalive=On
ProxyPassReverse "/CAPEBWeb" "**https**://10.1.93.10:8181/CAPEBWeb"
Shouldn't you be using http:// instead of https://?
You may also need to change the port from 8181 to something else depending on your glassfish's configuration.
I was looking over this guide to setup tomcat + apache with SSL: http://www.mulesoft.com/tcat/tomcat-ssl
Under section, "When To Use SSL With Tomcat" it says:
"...In other words, if you're fronting Tomcat with a web server and using it only as
an application server or Tomcat servlet container, in most cases you should let the web server function as a proxy for all SSL requests"
Since I already have a webserver set up with SSL, I decided to be lazy. I installed tomcat with default settings, and started it up. In my httpd.conf, I redirected all 80 traffic to 443, and then proxypass and proxypassreverse to ajp://hostname.com:8009. I restarted httpd and it "appears" to redirect to tomcat server over ssl. Is this completely broken or did I actually manage to do what I intended on first go? Any test suggestions are much appreciated.
<VirtualHost *:80>
ServerName hostname_DNS_alias.com
Redirect / https://hostname_DNS_alias.com
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/thecrt.crt
SSLCertificateKeyFile /etc/pki/tls/private/thekey.key
SSLCertificateChainFile /etc/pki/tls/certs/CA.crt
ServerName hostname_DNS_alias.com
DocumentRoot /var/www/html
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://hostname.com:8009/
ProxyPassReverse / ajp://hostname.com:8009/
</VirtualHost>
I think you've got it, but you can look at the access logs on HTTPD & Tomcat to confirm the request is being proxied. You should see an access log entry on both systems.
A couple quick notes...
As mentioned in the comment, you can remove the HTTP connector from Tomcat. It's not a must though. Sometimes it nice to keep open for testing purposes (i.e. you can hit the server directly) or if you want to run the Manager app on it. If you do keep it around, especially if you use it to run the Manager app, you should probably restrict access to it. Two easy ways to do that are by setting the address attribute on the HTTP connector to localhost or by configuring a RemoteAddressFilter.
Keep in mind that the AJP connection from your HTTPD server to Tomcat is not encrypted (SSL is terminated at HTTPD), so you want to make sure that traffic never goes over an insecure network (like the Internet).
Since you already have HTTPD in the mix, you can also use it to serve up your static files. If you deploy them to your document root, you can then add a "ProxyPass !" directive to exclude that path from being proxied to Tomcat. This will offer slightly less latency on the request as HTTPD does need to get the static file from Tomcat.
I have a problem. I have two web apps deployed as wars. Let's call them app1.war and app2.war.
I would like app1.war to be accessed at the URL www.website.com and I would like app2.war to be accessible as www.anotherweb.com. I have my domain name ready.
I am able to run the application as www.website.com/app1, www.website.com/app2.
So Now i need to run using www.website.com and www.anotherweb.com
I am running JBoss7.1.1.
Thanks for any insights.
You need to put Apache Http server between user and JBoss server and not access your server directly from web. Configure Apache HTTP server to use mod_proxy with virtual host configuration. If your JBoss server runs on http://localhost:8080, it will look something like this in httpd.conf.
NameVirtualHost *:80
<VirtualHost *:80>
RewriteEngine On
ServerName www.website.com
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
</VirtualHost>
<VirtualHost *:80>
RewriteEngine On
ServerName www.anotherweb.com
ProxyPass / http://localhost:8080/app2/
ProxyPassReverse / http://localhost:8080/app2/
</VirtualHost>