Is it possible at all to do what I'm trying to do?
I have a domain - example.com - installed on a webserver Ubuntu 16.04/Apache.
Behind Apache I'm running a standard Glassfish (Payara actually) on standard port 8080.
On Payara I have a webapp - myWebapp - deployed on root context /
when i point my broser directly to port 8080 it shows my web app as i expect:
http://example.com:8080/ => webapp shown.
1) first i want to hide my Payara behind apache and make sure when people write
http://example.com/ the are redirected to
https://example.com => myWebapp is shown.
This part works using AJP and my certificates are all in place.
In my default.conf in the
<VirtualHost *:80>
have inserted the following line:
Redirect permanent / https://example.com
it takes care of the redirection to HTTPS. But i'm in doubt if this is the right way to do it.
Everything else in the conf file is standard.
in my ssl.conf file in the
<virtualHost *.443>
I have inserted
ServerName example.com
and paths to SSL certificates. It's working as expected.
further more i have added
ProxyPass / ajp://127.0.0.1:8009
ProxyPassReverse / ajp://127.0.0.1:8009
Again, this works well. If i write
http://example.com
I'm redirected to
https://example.com/ => myWebapp is shown.
This is perfect.
but if i write
http://example.com/phpmyadmin
for instance I'm not shown the phpmyadmin page.
How can i accomplish this and is it possible at all?
thanks for any help.
Kim
You have a conflict in the following configuration:
ProxyPass / ajp://127.0.0.1:8009
ProxyPassReverse / ajp://127.0.0.1:8009
This sends all http requests, also http://example.com/phpmyadmin to your Payara server
What you need instead is something like
ProxyPass /myWebapp ajp://127.0.0.1:8009
ProxyPassReverse /myWebapp ajp://127.0.0.1:8009
so that only relative URLs that start with /myWebapp are redirected to your Payara server and /phpmyadmin is still hosted by Apache.
The Apache documentation mentions:
Only specific URIs can be proxied, as shown in this example:
ProxyPass "/images" "http://www.example.com/"
ProxyPassReverse "/images" "http://www.example.com/"
In the above, any requests which start with the /images path with be proxied to the specified backend, otherwise it will be handled locally.
Related
I am running a web server with the following configuration:
PHP Website running on Apache (port 80) (www.MyWebsite.com)
GWT Web Application running on Tomcat (port 8080) with a different URL (www.MyWebapp.com)
Web service also running on Tomcat (port 8080) with subdomain (service.MyWebapp.com)
I am struggling with some configuration issues. I am able to access the website as well as the web service with my current configuration, but for some reason my web application is throwing an RPC error when I access it remotely through the URL.
My vhosts.conf file is as follows:
<VirtualHost *:80>
ServerName MyWebapp.com
ServerAlias www.MyWebapp.com
ProxyRequests off
DefaultType text/html
ProxyPreserveHost On
ProxyPass / ajp://localhost:8009/webapp/
ProxyPassReverse / ajp://localhost:8009/webapp/
</VirtualHost>
<VirtualHost *:80>
ServerName service.mywebapp.com
DefaultType text/html
ProxyRequests off
ProxyPreserveHost On
ProxyPass / ajp://localhost:8009/webservice/
ProxyPassReverse / ajp://localhost:8009/webservice/
</VirtualHost>
<VirtualHost *:80>
ServerName www.mywebsite.com
ServerAlias *.mywebsite.com
DocumentRoot "c:/wamp64/www/website"
<Directory "c:/wamp64/www/website/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
Require all granted
</Directory>
</VirtualHost>
If I try to access it remotely via www.mywebapp.com, I get the HTML landing page, but when I make any RPC calls I receive an RPC error:
Type 'com.mycom.client.utility.model.DataContainer' was not assignable to 'com.google.gwt.user.client.rpc.IsSerializable' and did not have a custom field serializer. For security purposes, this type will not be deserialized.
I can access and run my web application locally (localhost:8080/webapp), as well as remotely if I specify the port (www.MyWebapp.com:8080/webapp), and do not receive any RPC errors.
My 'DataContainer' class implements java.io.Serializable, not com.google.gwt.user.client.rpc.IsSerializable (I've never encountered an issue with this before). I am under the impression that this has more to do with proxy settings than serialization, but have tried everything I can think of without success.
Any help would be much appreciated!!! Thanks in advance...
I did not generate key pair while creating EC2 instance,hence could not access my ec2 instance.I am able to access https://example.com .
Now I want my website to be redirected to https://example.com when someone hits http://example.com .I am using classic load balancer on aws.
How to achieve this though files in Java project only.
According to AWS docs link-https://github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-provided/security-configuration/https-redirect
I tried it,but this is not working.
I created file elasticbeanstalk.config inside .ebextensionfolder which is placed just under my Project folder-
<VirtualHost *:80>
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://example.com%{REQUEST_URI}
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
The site is not redirecting to https.Do I need to change anything in above file.Or the folder .ebextensionfolder needed to be placed in some different path.Has anyone used the above approach and made it working?
When I tried to connect to Spring Boot web socket from Android stomp client, it is not connecting and the Catalina log shows
Handshake failed due to invalid Upgrade header: null
Tomcat server is running behind Apache and the Apache server runs on https. I haven't added https in Tomcat .All the http requests are redirected to https this is how I tried to connect to the websocket
mStompClient = Stomp.over(Stomp.ConnectionProvider.JWS, "wss://chat.example.com/ws/chat/websocket", headers);
but it works when running in local machine
mStompClient = Stomp.over(Stomp.ConnectionProvider.JWS, "http://10.0.2.2:8080/chat/ws/chat/websocket", headers);
this is my stomp end point setup
registry.addEndpoint("/chat").setHandshakeHandler(new HandShakeHandler()).withSockJS();
I have enabled mod proxy wstunnel and in the virtual host config I have added
ProxyPass / http://localhost:8080/chat/
proxyPassReverse / http://localhost:8080/chat/
ProxyPass /wss/ ws://localhost:8080/chat/
How can I fix this?
I got the answer from this server fault lin. I have to add
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule /api/(.*) ws://newapp.example.com:8080/api/$1 [P]
and changed the last line to
RewriteRule /chat/(.*) ws://localhost:8080/chat/chat/$1 [P]
and now it is connected
The problem may be in the order of your proxy commands:
ProxyPass / http://localhost:8080/chat/
proxyPassReverse / http://localhost:8080/chat/
ProxyPass /wss/ ws://localhost:8080/chat/
See the documentation:
Ordering ProxyPass Directives
The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins. So usually you should sort conflicting ProxyPass rules starting with the longest URLs first.
Since the first rule matches the /wss/ URLs, the later rule is never triggered. The correct order is:
ProxyPass /wss/ ws://localhost:8080/chat/
ProxyPass / http://localhost:8080/chat/
proxyPassReverse / http://localhost:8080/chat/
(I'm not sure if you need a reverse rule or not.)
I've spent hours trying to make the redirect rules work on my system but apparently you don't need them at all.
I was looking over this guide to setup tomcat + apache with SSL: http://www.mulesoft.com/tcat/tomcat-ssl
Under section, "When To Use SSL With Tomcat" it says:
"...In other words, if you're fronting Tomcat with a web server and using it only as
an application server or Tomcat servlet container, in most cases you should let the web server function as a proxy for all SSL requests"
Since I already have a webserver set up with SSL, I decided to be lazy. I installed tomcat with default settings, and started it up. In my httpd.conf, I redirected all 80 traffic to 443, and then proxypass and proxypassreverse to ajp://hostname.com:8009. I restarted httpd and it "appears" to redirect to tomcat server over ssl. Is this completely broken or did I actually manage to do what I intended on first go? Any test suggestions are much appreciated.
<VirtualHost *:80>
ServerName hostname_DNS_alias.com
Redirect / https://hostname_DNS_alias.com
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/thecrt.crt
SSLCertificateKeyFile /etc/pki/tls/private/thekey.key
SSLCertificateChainFile /etc/pki/tls/certs/CA.crt
ServerName hostname_DNS_alias.com
DocumentRoot /var/www/html
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://hostname.com:8009/
ProxyPassReverse / ajp://hostname.com:8009/
</VirtualHost>
I think you've got it, but you can look at the access logs on HTTPD & Tomcat to confirm the request is being proxied. You should see an access log entry on both systems.
A couple quick notes...
As mentioned in the comment, you can remove the HTTP connector from Tomcat. It's not a must though. Sometimes it nice to keep open for testing purposes (i.e. you can hit the server directly) or if you want to run the Manager app on it. If you do keep it around, especially if you use it to run the Manager app, you should probably restrict access to it. Two easy ways to do that are by setting the address attribute on the HTTP connector to localhost or by configuring a RemoteAddressFilter.
Keep in mind that the AJP connection from your HTTPD server to Tomcat is not encrypted (SSL is terminated at HTTPD), so you want to make sure that traffic never goes over an insecure network (like the Internet).
Since you already have HTTPD in the mix, you can also use it to serve up your static files. If you deploy them to your document root, you can then add a "ProxyPass !" directive to exclude that path from being proxied to Tomcat. This will offer slightly less latency on the request as HTTPD does need to get the static file from Tomcat.
I have a problem. I have two web apps deployed as wars. Let's call them app1.war and app2.war.
I would like app1.war to be accessed at the URL www.website.com and I would like app2.war to be accessible as www.anotherweb.com. I have my domain name ready.
I am able to run the application as www.website.com/app1, www.website.com/app2.
So Now i need to run using www.website.com and www.anotherweb.com
I am running JBoss7.1.1.
Thanks for any insights.
You need to put Apache Http server between user and JBoss server and not access your server directly from web. Configure Apache HTTP server to use mod_proxy with virtual host configuration. If your JBoss server runs on http://localhost:8080, it will look something like this in httpd.conf.
NameVirtualHost *:80
<VirtualHost *:80>
RewriteEngine On
ServerName www.website.com
ProxyPass / http://localhost:8080/app1/
ProxyPassReverse / http://localhost:8080/app1/
</VirtualHost>
<VirtualHost *:80>
RewriteEngine On
ServerName www.anotherweb.com
ProxyPass / http://localhost:8080/app2/
ProxyPassReverse / http://localhost:8080/app2/
</VirtualHost>