I have my application developed in Java and located in my host as http://myhost.com:8080/myapp. I am using bluehost for my hosing service.
I want to access this app when I am hitting http://myhost.com..
I went to lot of articles in this but confused a lot. Also there is no clear documentations for this.
How to do this? can anyone assist me?
use apache server as a proxy server which will use your server name ( http://myhost.com) and redirect that request to your running app url ( http://myhost.com:8080/myapp). ie port forwarding concept.
like,
use following in your apache configuration file.
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName www.myhost.com
ServerAlias myhost.com
ProxyPass / http://myhost.com:8080/myapp/
ProxyPassReverse / http://myhost.com:8080/myapp/
</VirtualHost>
To acheive this you need to configure so many things.so read any appropriate documentation.
I did it using htaccess file.
Found htaccess file in my hosting server and create redirection for my domain, now everything looks good.
Hope it will help others in future.
Related
I did not generate key pair while creating EC2 instance,hence could not access my ec2 instance.I am able to access https://example.com .
Now I want my website to be redirected to https://example.com when someone hits http://example.com .I am using classic load balancer on aws.
How to achieve this though files in Java project only.
According to AWS docs link-https://github.com/awsdocs/elastic-beanstalk-samples/tree/master/configuration-files/aws-provided/security-configuration/https-redirect
I tried it,but this is not working.
I created file elasticbeanstalk.config inside .ebextensionfolder which is placed just under my Project folder-
<VirtualHost *:80>
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://example.com%{REQUEST_URI}
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
</VirtualHost>
The site is not redirecting to https.Do I need to change anything in above file.Or the folder .ebextensionfolder needed to be placed in some different path.Has anyone used the above approach and made it working?
Environment:
Apache2
nanohttpd (web server (java))
The site itself is and has been working fine, I have added alot of entries to a database which the nanohttpd web server returns on some endpoints
I have figured out that is has todo with the length of the site being returned since when I move entries from one status to another, the one with alot of entries will always give me this error.
I already looked around a bit and think it may be a timeout issue but I have added timeouts to my virtual host and this problem still persists
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /foo
Reason: Error reading from remote server
Apache/2.4.10 (Debian) Server at foo.foo.foo Port 443
My current VirtualHost file for this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/directory
ServerName foo.foo.foo
ServerAlias foo.foo.foo
ProxyPass "/" "http://foo.com:8080/"
ProxyPassReverse "/" "http://foo.com:8080/"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/path/options-ssl-apache.conf
SSLCertificateFile /etc/path/foo.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/path/foo.com-0001/privkey.pem
</VirtualHost>
</IfModule>
What I had tried earlier was adding timeout=x and connectiontimeout=x behind ProxyPass but this didnt seem to help
Edit:
Since there is still no answer here is some more info, I will add a bounty once eligible.
As you can see in my VirtualHost file I am using Apache Reverse Proxy to enable SSL for my application
So my little nanohttpd server basically returns a very simplistic html page with a table and a row for each database entry. If the specific category has more than around 100 entries I will get the Proxy Error message.
At this point I am very certain that it has todo with something timeing out but I have went through so many posts and tried to add configs to mine and (yes I restarted Apache2 after every change) nothing worked so far.
Could it be something on my nanohttpd server that I am missing?
A simple Header or Cookie, I am sending none of those as of now.
If any required information is missing please let me know.
Some of your input may have been malformed.
Well funnily enough I figured it out and I feel horrible now..
The table data I was inserting included a dollar sign and apparently I did not think of escaping the replacement String
Is it possible at all to do what I'm trying to do?
I have a domain - example.com - installed on a webserver Ubuntu 16.04/Apache.
Behind Apache I'm running a standard Glassfish (Payara actually) on standard port 8080.
On Payara I have a webapp - myWebapp - deployed on root context /
when i point my broser directly to port 8080 it shows my web app as i expect:
http://example.com:8080/ => webapp shown.
1) first i want to hide my Payara behind apache and make sure when people write
http://example.com/ the are redirected to
https://example.com => myWebapp is shown.
This part works using AJP and my certificates are all in place.
In my default.conf in the
<VirtualHost *:80>
have inserted the following line:
Redirect permanent / https://example.com
it takes care of the redirection to HTTPS. But i'm in doubt if this is the right way to do it.
Everything else in the conf file is standard.
in my ssl.conf file in the
<virtualHost *.443>
I have inserted
ServerName example.com
and paths to SSL certificates. It's working as expected.
further more i have added
ProxyPass / ajp://127.0.0.1:8009
ProxyPassReverse / ajp://127.0.0.1:8009
Again, this works well. If i write
http://example.com
I'm redirected to
https://example.com/ => myWebapp is shown.
This is perfect.
but if i write
http://example.com/phpmyadmin
for instance I'm not shown the phpmyadmin page.
How can i accomplish this and is it possible at all?
thanks for any help.
Kim
You have a conflict in the following configuration:
ProxyPass / ajp://127.0.0.1:8009
ProxyPassReverse / ajp://127.0.0.1:8009
This sends all http requests, also http://example.com/phpmyadmin to your Payara server
What you need instead is something like
ProxyPass /myWebapp ajp://127.0.0.1:8009
ProxyPassReverse /myWebapp ajp://127.0.0.1:8009
so that only relative URLs that start with /myWebapp are redirected to your Payara server and /phpmyadmin is still hosted by Apache.
The Apache documentation mentions:
Only specific URIs can be proxied, as shown in this example:
ProxyPass "/images" "http://www.example.com/"
ProxyPassReverse "/images" "http://www.example.com/"
In the above, any requests which start with the /images path with be proxied to the specified backend, otherwise it will be handled locally.
This is my Situation:
Browser<---HTTPS/WSS--->Apache-httpd<---HTTP/WS--->Tomcat(v7)
Is it possible to get the javax.servlet.request.X509Certificate in a Servlet Filter using mod_proxy_wstunnel reverse proxy? Thats my config:
ProxyPass /ws ws://space4-20.<***>.ch:8080/ws nofailover=On
ProxyPassReverse /ws ws://space4-20.<***>.ch:8080/ws
ProxyPass / ajp://space4-20.<***>:8009/ nofailover=On
ProxyPassReverse / ajp://space4-20.<***>:8009/
If i connect directly to the tomcat(without apache) i can access it like this:
request.getAttribute("javax.servlet.request.X509Certificate");
But with the reverse proxy i don't have any attributes.
Is it maybe because between the apache and the tomcat there is no SSL? But as I understood this doesn't matter, because if I do a normal HTTPS request i get all the SSL Information in the tomcat. I think thats because I have this:
SSLOptions +StdEnvVars +ExportCertData
But I think mod_proxy_wstunnel doesn't use that config.
Can somebody help me?
Thank you in advance!
It IS because between the apache and the tomcat there is no SSL.
For "normal" HTTPS, you are using AJP instead of HTTP. AJP pass authentication information to Tomcat.
Your "situation" really is:
Browser<---HTTPS/WSS--->Apache-httpd<---AJP/WS--->Tomcat(v7)
I was looking over this guide to setup tomcat + apache with SSL: http://www.mulesoft.com/tcat/tomcat-ssl
Under section, "When To Use SSL With Tomcat" it says:
"...In other words, if you're fronting Tomcat with a web server and using it only as
an application server or Tomcat servlet container, in most cases you should let the web server function as a proxy for all SSL requests"
Since I already have a webserver set up with SSL, I decided to be lazy. I installed tomcat with default settings, and started it up. In my httpd.conf, I redirected all 80 traffic to 443, and then proxypass and proxypassreverse to ajp://hostname.com:8009. I restarted httpd and it "appears" to redirect to tomcat server over ssl. Is this completely broken or did I actually manage to do what I intended on first go? Any test suggestions are much appreciated.
<VirtualHost *:80>
ServerName hostname_DNS_alias.com
Redirect / https://hostname_DNS_alias.com
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/thecrt.crt
SSLCertificateKeyFile /etc/pki/tls/private/thekey.key
SSLCertificateChainFile /etc/pki/tls/certs/CA.crt
ServerName hostname_DNS_alias.com
DocumentRoot /var/www/html
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://hostname.com:8009/
ProxyPassReverse / ajp://hostname.com:8009/
</VirtualHost>
I think you've got it, but you can look at the access logs on HTTPD & Tomcat to confirm the request is being proxied. You should see an access log entry on both systems.
A couple quick notes...
As mentioned in the comment, you can remove the HTTP connector from Tomcat. It's not a must though. Sometimes it nice to keep open for testing purposes (i.e. you can hit the server directly) or if you want to run the Manager app on it. If you do keep it around, especially if you use it to run the Manager app, you should probably restrict access to it. Two easy ways to do that are by setting the address attribute on the HTTP connector to localhost or by configuring a RemoteAddressFilter.
Keep in mind that the AJP connection from your HTTPD server to Tomcat is not encrypted (SSL is terminated at HTTPD), so you want to make sure that traffic never goes over an insecure network (like the Internet).
Since you already have HTTPD in the mix, you can also use it to serve up your static files. If you deploy them to your document root, you can then add a "ProxyPass !" directive to exclude that path from being proxied to Tomcat. This will offer slightly less latency on the request as HTTPD does need to get the static file from Tomcat.