You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chris Arnold <ca...@electrichendrix.com> on 2013/04/24 02:38:56 UTC
[users@httpd] Rewrite Rule
Apache 2.12.x on SLES11 SP2. We have a RDS server behind an apache server using proxypass. We need users to get to the RDS server using https://apps.domain.tld. The apache server should catch this request and send/rewrite to https://apps.domain.tld/rds/something/something/login.whatever. We have a ssl virtual host and in this virtual host i have a rewrite statement:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^apps\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://192.168.123.7/$1 [P]
#RedirectMatch ^/$ /rds/something/something/login.whatever
This takes me to the root of the rds server, hence the redirectmatch which produces a 404. I have also written another ssl virtual host but apache does not start and complains about 443 overlap. How do i accomplish users landing at the rds server when typing https://apps.domain.tld?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Rewrite Rule
Posted by Frank Gingras <fr...@gmail.com>.
On 4/25/2013 1:59 PM, Chris Arnold wrote:
> Ooopppsss!! Anyway I can get a mod to delete my last email to the list?
>
> Sent from my iPhone
>
> On Apr 25, 2013, at 1:44 PM, "Chris Arnold" <ca...@electrichendrix.com> wrote:
>
>> Sorry to email you directly but i am doing this to give you the complete unedited config files. I don't want them on an indexed mailing list for security reasons. Either you or i can post back to the list so others are aware of the findings.
>>
>> So i have made the namevirtualhost edit in my listen.conf file:
>>
>> Listen 80
>>
>>
>> <IfDefine SSL>
>> <IfDefine !NOSSL>
>> <IfModule mod_ssl.c>
>>
>> # Listen 443
>>
>> </IfModule>
>> </IfDefine>
>> </IfDefine>
>>
>>
>> # Use name-based virtual hosting
>> #
>> # - on a specified address / port:
>> #
>> #NameVirtualHost 12.34.56.78:80
>> #
>> # - name-based virtual hosting:
>> #
>> NameVirtualHost *:443
>>
>> Here is the "main" ssl virtual host:
>>
>> <IfDefine SSL>
>> <IfDefine !NOSSL>
>>
>> <VirtualHost *:443>
>> #This will be the default vhost because the name starts with 000
>>
>> # General setup for the virtual host
>> #DocumentRoot "/srv/www/htdocs"
>> ServerName teknerds.net:443
>> ServerAlias mail.* ifolder.*
>>
>> #This rewrites https://mail.anydomain.tld to our mail server
>> RewriteEngine On
>> RewriteCond %{HTTP_HOST} ^mail\.
>> RewriteCond %{HTTPS} on
>> RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>> #RedirectMatch ^/$ /zimbra/
>>
>> #This rewrites https://mail.anydomain.tld to our mail server
>> #RewriteEngine On
>> #RewriteLog /var/log/apache2/rewrite.log
>> #RewriteLogLevel 3
>> #RewriteCond %{HTTP_HOST} ^apps\.
>> #RewriteCond %{HTTPS} on
>> #RewriteRule ^/(.*) https://192.168.123.7/rdweb/ [P]
>> #RedirectMatch ^/$ /rdweb/
>>
>> RewriteCond %{HTTP_HOST} ^webmail\.
>> RewriteCond %{HTTPS} on
>> RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>>
>> #This rewrites https://ifolder.anydomain.tld to our ifolder server
>> #RewriteCond %{HTTP_HOST} ^ifolder\.
>> #RewriteCond %{HTTPS} on
>> #RewriteRule ^/(.*) https://192.168.123.4/ifolder/$1 [P]
>> #RedirectMatch ^/$ /ifolder/
>>
>> #This rewrites https://share.anydomain.tld to our alfresco server
>> #RewriteCond %{HTTP_HOST} ^share\.
>> #RewriteCond %{HTTPS} on
>> #RewriteRule ^/(.*) http://192.168.123.3:8080/share/$1 [P]
>>
>> #ServerAdmin webmaster@example.com
>> ErrorLog /var/log/apache2/error_log
>> TransferLog /var/log/apache2/access_log
>>
>> SSLProxyEngine On
>> ProxyPreserveHost On
>> ProxyPass /ifolder https://192.168.123.4/ifolder
>> ProxyPassReverse /ifolder https://192.168.123.4/ifolder
>> ProxyPass /simias10 https://192.168.123.4/simias10
>> ProxyPassReverse /simias10 https://192.168.123.4/simias10
>> ProxyPass /admin https://192.168.123.4/admin
>> ProxyPassReverse /admin https://192.168.123.4/admin
>> ProxyPass /nps https://192.168.123.4/nps
>> ProxyPassReverse /nps https://192.168.123.4/nps
>>
>> #ProxyPass / https://192.168.124.3/
>> #ProxyPassReverse / https://192.168.124.3/
>> #<Proxy *>
>> # Order allow,deny
>> # Allow from all
>> #</Proxy>
>>
>> # SSL Engine Switch:
>> # Enable/Disable SSL for this virtual host.
>> SSLEngine on
>>
>> # SSL Cipher Suite:
>> # List the ciphers that the client is permitted to negotiate.
>> # See the mod_ssl documentation for a complete list.
>> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>
>> # Server Certificate:
>> # Point SSLCertificateFile at a PEM encoded certificate. If
>> # the certificate is encrypted, then you will be prompted for a
>> # pass phrase. Note that a kill -HUP will prompt again. Keep
>> # in mind that if you have both an RSA and a DSA certificate you
>> # can configure both in parallel (to also allow the use of DSA
>> # ciphers, etc.)
>> SSLCertificateFile /etc/apache2/ssl.crt/server.crt
>>
>> Here is the apps virtualhost file:
>>
>> <VirtualHost *:443>
>> ServerName apps.teknerds.net
>> SSLEngine On
>> SSLCertificateFile /etc/apache2/ssl.crt/server.crt
>> SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
>>
>> ProxyPass / https://192.168.123.7/rdweb
>> ProxyPassReverse / https://192.168.123.7/rdweb
>>
>> ErrorLog /var/log/apache2/apps.error_log
>> TransferLog /var/log/apache2/apps.access_log
>> </VirtualHost>
>>
>> With this present config, when going to https://apps.teknerds.net in IE 8, internet explorer can not display the web page. The apps.error log does not show anything in it except the certificate name not matching.
>> Also in this present config, webmail stops working and ifolder stops working. These are in the "main" ssl virtualhost and you access them by https://mail.teknerds.net and https://teknerds.net/ifolder. I am going to undo the listen.conf edit and rename the apps ssl host file as we have customers that use these resources.
>> Should you want access to the server, i can supply that, just let me know. Thanks for the help
>>
>> ----- Original Message -----
>> From: "Tom Evans" <te...@googlemail.com>
>> To: users@httpd.apache.org
>> Sent: Thursday, April 25, 2013 12:39:47 PM
>> Subject: Re: [users@httpd] Rewrite Rule
>>
>> On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold
>> <ca...@electrichendrix.com> wrote:
>>> On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote:
>>>
>>>> It looks like you are rewriting it to it's current location. This
>>>> leads to a loop.
>>>>
>>>> Why are you using rewrite rules anyway?
>>> Because reverse proxy does not work
>> ...
>>
>> The *only* way to get content from a backend is via reverse proxy.
>>
>>>
>>>> It seems like you want to
>>>> reverse proxy from an apache server with a public IP to a backend
>>>> webserver in your private LAN. Where do rewrite rules come in to this?
>>>> Why are you checking the host name in your rewrite rules, instead of
>>>> using vhosts? Why is this not your configuration:
>>> As I stated in an earlier post, apache does not start when more than 1 ssl
>>> virtual host (complains about overlap)
>> Not using vhosts is frankly more trouble than it is worth. Use vhosts.
>> Post about the problem that using vhosts gives you. You must be using
>> the same certificate for both hostnames anyway (presumably a wildcard
>> cert or using subjectAltName, or you just ignore the errors?), so the
>> configuration should be pretty straightforward.
>>
>>>
>>>> ServerName apps.tld
>>>> ProxyPass / https://192.168.123.7/
>>>> ProxyPassReverse / https://192.168.123.7/
>>> We have many different things that run on this server and apache handles
>>> them. When using "/" in your proxy config, everything stops working, email,
>>> other websites etc.
>> So don't proxy from /, or add specific excludes for the paths you do
>> not want to be proxied:
>>
>> ProxyPass /email !
>> ProxyPass / https://192.168.123.7/
>>
>> Again, this problem goes away if you correctly separate out your
>> separate hosts into their own vhost configuration.
>>
>>>> I'm very confused by what you're trying to achieve.
>>> I covered this in my first email but will try to describe it again: server
>>> behind an apache server that we need users to get to using
>>> https://apps.domain.tld. The app resides at http:///sub. We need apache to
>>> catch the https://apps.domain.tld request and send to https://another
>>> server/sub
>>
>> NameVirtualHost *:443
>>
>> <VirtualHost *:443>
>> ServerName www.domain.tld
>> SSLEngine On
>> SSLCertificateFile ..
>> SSLCertificateKeyFile ..
>>
>> # All your current directives that apply to www
>> </VirtualHost>
>>
>> <VirtualHost *:443>
>> ServerName apps.domain.tld
>> SSLEngine On
>> SSLCertificateFile ..
>> SSLCertificateKeyFile ..
>>
>> ProxyPass / https://192.168.123.7/
>> ProxyPassReverse / https://192.168.123.7/
>> </VirtualHost>
>>
>> Cheers
>>
>> Tom
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
Previewing your email would probably have been a good idea :)
Frank
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
Ooopppsss!! Anyway I can get a mod to delete my last email to the list?
Sent from my iPhone
On Apr 25, 2013, at 1:44 PM, "Chris Arnold" <ca...@electrichendrix.com> wrote:
> Sorry to email you directly but i am doing this to give you the complete unedited config files. I don't want them on an indexed mailing list for security reasons. Either you or i can post back to the list so others are aware of the findings.
>
> So i have made the namevirtualhost edit in my listen.conf file:
>
> Listen 80
>
>
> <IfDefine SSL>
> <IfDefine !NOSSL>
> <IfModule mod_ssl.c>
>
> # Listen 443
>
> </IfModule>
> </IfDefine>
> </IfDefine>
>
>
> # Use name-based virtual hosting
> #
> # - on a specified address / port:
> #
> #NameVirtualHost 12.34.56.78:80
> #
> # - name-based virtual hosting:
> #
> NameVirtualHost *:443
>
> Here is the "main" ssl virtual host:
>
> <IfDefine SSL>
> <IfDefine !NOSSL>
>
> <VirtualHost *:443>
> #This will be the default vhost because the name starts with 000
>
> # General setup for the virtual host
> #DocumentRoot "/srv/www/htdocs"
> ServerName teknerds.net:443
> ServerAlias mail.* ifolder.*
>
> #This rewrites https://mail.anydomain.tld to our mail server
> RewriteEngine On
> RewriteCond %{HTTP_HOST} ^mail\.
> RewriteCond %{HTTPS} on
> RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
> #RedirectMatch ^/$ /zimbra/
>
> #This rewrites https://mail.anydomain.tld to our mail server
> #RewriteEngine On
> #RewriteLog /var/log/apache2/rewrite.log
> #RewriteLogLevel 3
> #RewriteCond %{HTTP_HOST} ^apps\.
> #RewriteCond %{HTTPS} on
> #RewriteRule ^/(.*) https://192.168.123.7/rdweb/ [P]
> #RedirectMatch ^/$ /rdweb/
>
> RewriteCond %{HTTP_HOST} ^webmail\.
> RewriteCond %{HTTPS} on
> RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>
> #This rewrites https://ifolder.anydomain.tld to our ifolder server
> #RewriteCond %{HTTP_HOST} ^ifolder\.
> #RewriteCond %{HTTPS} on
> #RewriteRule ^/(.*) https://192.168.123.4/ifolder/$1 [P]
> #RedirectMatch ^/$ /ifolder/
>
> #This rewrites https://share.anydomain.tld to our alfresco server
> #RewriteCond %{HTTP_HOST} ^share\.
> #RewriteCond %{HTTPS} on
> #RewriteRule ^/(.*) http://192.168.123.3:8080/share/$1 [P]
>
> #ServerAdmin webmaster@example.com
> ErrorLog /var/log/apache2/error_log
> TransferLog /var/log/apache2/access_log
>
> SSLProxyEngine On
> ProxyPreserveHost On
> ProxyPass /ifolder https://192.168.123.4/ifolder
> ProxyPassReverse /ifolder https://192.168.123.4/ifolder
> ProxyPass /simias10 https://192.168.123.4/simias10
> ProxyPassReverse /simias10 https://192.168.123.4/simias10
> ProxyPass /admin https://192.168.123.4/admin
> ProxyPassReverse /admin https://192.168.123.4/admin
> ProxyPass /nps https://192.168.123.4/nps
> ProxyPassReverse /nps https://192.168.123.4/nps
>
> #ProxyPass / https://192.168.124.3/
> #ProxyPassReverse / https://192.168.124.3/
> #<Proxy *>
> # Order allow,deny
> # Allow from all
> #</Proxy>
>
> # SSL Engine Switch:
> # Enable/Disable SSL for this virtual host.
> SSLEngine on
>
> # SSL Cipher Suite:
> # List the ciphers that the client is permitted to negotiate.
> # See the mod_ssl documentation for a complete list.
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> # Server Certificate:
> # Point SSLCertificateFile at a PEM encoded certificate. If
> # the certificate is encrypted, then you will be prompted for a
> # pass phrase. Note that a kill -HUP will prompt again. Keep
> # in mind that if you have both an RSA and a DSA certificate you
> # can configure both in parallel (to also allow the use of DSA
> # ciphers, etc.)
> SSLCertificateFile /etc/apache2/ssl.crt/server.crt
>
> Here is the apps virtualhost file:
>
> <VirtualHost *:443>
> ServerName apps.teknerds.net
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
>
> ProxyPass / https://192.168.123.7/rdweb
> ProxyPassReverse / https://192.168.123.7/rdweb
>
> ErrorLog /var/log/apache2/apps.error_log
> TransferLog /var/log/apache2/apps.access_log
> </VirtualHost>
>
> With this present config, when going to https://apps.teknerds.net in IE 8, internet explorer can not display the web page. The apps.error log does not show anything in it except the certificate name not matching.
> Also in this present config, webmail stops working and ifolder stops working. These are in the "main" ssl virtualhost and you access them by https://mail.teknerds.net and https://teknerds.net/ifolder. I am going to undo the listen.conf edit and rename the apps ssl host file as we have customers that use these resources.
> Should you want access to the server, i can supply that, just let me know. Thanks for the help
>
> ----- Original Message -----
> From: "Tom Evans" <te...@googlemail.com>
> To: users@httpd.apache.org
> Sent: Thursday, April 25, 2013 12:39:47 PM
> Subject: Re: [users@httpd] Rewrite Rule
>
> On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold
> <ca...@electrichendrix.com> wrote:
>> On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote:
>>
>>> It looks like you are rewriting it to it's current location. This
>>> leads to a loop.
>>>
>>> Why are you using rewrite rules anyway?
>>
>> Because reverse proxy does not work
>
> ...
>
> The *only* way to get content from a backend is via reverse proxy.
>
>>
>>
>>> It seems like you want to
>>> reverse proxy from an apache server with a public IP to a backend
>>> webserver in your private LAN. Where do rewrite rules come in to this?
>>> Why are you checking the host name in your rewrite rules, instead of
>>> using vhosts? Why is this not your configuration:
>>
>> As I stated in an earlier post, apache does not start when more than 1 ssl
>> virtual host (complains about overlap)
>
> Not using vhosts is frankly more trouble than it is worth. Use vhosts.
> Post about the problem that using vhosts gives you. You must be using
> the same certificate for both hostnames anyway (presumably a wildcard
> cert or using subjectAltName, or you just ignore the errors?), so the
> configuration should be pretty straightforward.
>
>>
>>
>>> ServerName apps.tld
>>> ProxyPass / https://192.168.123.7/
>>> ProxyPassReverse / https://192.168.123.7/
>>
>> We have many different things that run on this server and apache handles
>> them. When using "/" in your proxy config, everything stops working, email,
>> other websites etc.
>
> So don't proxy from /, or add specific excludes for the paths you do
> not want to be proxied:
>
> ProxyPass /email !
> ProxyPass / https://192.168.123.7/
>
> Again, this problem goes away if you correctly separate out your
> separate hosts into their own vhost configuration.
>
>>
>>>
>>> I'm very confused by what you're trying to achieve.
>>
>> I covered this in my first email but will try to describe it again: server
>> behind an apache server that we need users to get to using
>> https://apps.domain.tld. The app resides at http:///sub. We need apache to
>> catch the https://apps.domain.tld request and send to https://another
>> server/sub
>
>
> NameVirtualHost *:443
>
> <VirtualHost *:443>
> ServerName www.domain.tld
> SSLEngine On
> SSLCertificateFile ..
> SSLCertificateKeyFile ..
>
> # All your current directives that apply to www
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerName apps.domain.tld
> SSLEngine On
> SSLCertificateFile ..
> SSLCertificateKeyFile ..
>
> ProxyPass / https://192.168.123.7/
> ProxyPassReverse / https://192.168.123.7/
> </VirtualHost>
>
> Cheers
>
> Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
Sorry to email you directly but i am doing this to give you the complete unedited config files. I don't want them on an indexed mailing list for security reasons. Either you or i can post back to the list so others are aware of the findings.
So i have made the namevirtualhost edit in my listen.conf file:
Listen 80
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
# Listen 443
</IfModule>
</IfDefine>
</IfDefine>
# Use name-based virtual hosting
#
# - on a specified address / port:
#
#NameVirtualHost 12.34.56.78:80
#
# - name-based virtual hosting:
#
NameVirtualHost *:443
Here is the "main" ssl virtual host:
<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost *:443>
#This will be the default vhost because the name starts with 000
# General setup for the virtual host
#DocumentRoot "/srv/www/htdocs"
ServerName teknerds.net:443
ServerAlias mail.* ifolder.*
#This rewrites https://mail.anydomain.tld to our mail server
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mail\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
#RedirectMatch ^/$ /zimbra/
#This rewrites https://mail.anydomain.tld to our mail server
#RewriteEngine On
#RewriteLog /var/log/apache2/rewrite.log
#RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^apps\.
#RewriteCond %{HTTPS} on
#RewriteRule ^/(.*) https://192.168.123.7/rdweb/ [P]
#RedirectMatch ^/$ /rdweb/
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
#This rewrites https://ifolder.anydomain.tld to our ifolder server
#RewriteCond %{HTTP_HOST} ^ifolder\.
#RewriteCond %{HTTPS} on
#RewriteRule ^/(.*) https://192.168.123.4/ifolder/$1 [P]
#RedirectMatch ^/$ /ifolder/
#This rewrites https://share.anydomain.tld to our alfresco server
#RewriteCond %{HTTP_HOST} ^share\.
#RewriteCond %{HTTPS} on
#RewriteRule ^/(.*) http://192.168.123.3:8080/share/$1 [P]
#ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /ifolder https://192.168.123.4/ifolder
ProxyPassReverse /ifolder https://192.168.123.4/ifolder
ProxyPass /simias10 https://192.168.123.4/simias10
ProxyPassReverse /simias10 https://192.168.123.4/simias10
ProxyPass /admin https://192.168.123.4/admin
ProxyPassReverse /admin https://192.168.123.4/admin
ProxyPass /nps https://192.168.123.4/nps
ProxyPassReverse /nps https://192.168.123.4/nps
#ProxyPass / https://192.168.124.3/
#ProxyPassReverse / https://192.168.124.3/
#<Proxy *>
# Order allow,deny
# Allow from all
#</Proxy>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
Here is the apps virtualhost file:
<VirtualHost *:443>
ServerName apps.teknerds.net
SSLEngine On
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
ProxyPass / https://192.168.123.7/rdweb
ProxyPassReverse / https://192.168.123.7/rdweb
ErrorLog /var/log/apache2/apps.error_log
TransferLog /var/log/apache2/apps.access_log
</VirtualHost>
With this present config, when going to https://apps.teknerds.net in IE 8, internet explorer can not display the web page. The apps.error log does not show anything in it except the certificate name not matching.
Also in this present config, webmail stops working and ifolder stops working. These are in the "main" ssl virtualhost and you access them by https://mail.teknerds.net and https://teknerds.net/ifolder. I am going to undo the listen.conf edit and rename the apps ssl host file as we have customers that use these resources.
Should you want access to the server, i can supply that, just let me know. Thanks for the help
----- Original Message -----
From: "Tom Evans" <te...@googlemail.com>
To: users@httpd.apache.org
Sent: Thursday, April 25, 2013 12:39:47 PM
Subject: Re: [users@httpd] Rewrite Rule
On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold
<ca...@electrichendrix.com> wrote:
> On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote:
>
>> It looks like you are rewriting it to it's current location. This
>> leads to a loop.
>>
>> Why are you using rewrite rules anyway?
>
> Because reverse proxy does not work
...
The *only* way to get content from a backend is via reverse proxy.
>
>
>> It seems like you want to
>> reverse proxy from an apache server with a public IP to a backend
>> webserver in your private LAN. Where do rewrite rules come in to this?
>> Why are you checking the host name in your rewrite rules, instead of
>> using vhosts? Why is this not your configuration:
>>
>>
>
> As I stated in an earlier post, apache does not start when more than 1 ssl
> virtual host (complains about overlap)
Not using vhosts is frankly more trouble than it is worth. Use vhosts.
Post about the problem that using vhosts gives you. You must be using
the same certificate for both hostnames anyway (presumably a wildcard
cert or using subjectAltName, or you just ignore the errors?), so the
configuration should be pretty straightforward.
>
>
>> ServerName apps.tld
>> ProxyPass / https://192.168.123.7/
>> ProxyPassReverse / https://192.168.123.7/
>>
>
> We have many different things that run on this server and apache handles
> them. When using "/" in your proxy config, everything stops working, email,
> other websites etc.
So don't proxy from /, or add specific excludes for the paths you do
not want to be proxied:
ProxyPass /email !
ProxyPass / https://192.168.123.7/
Again, this problem goes away if you correctly separate out your
separate hosts into their own vhost configuration.
>
>>
>> I'm very confused by what you're trying to achieve.
>
> I covered this in my first email but will try to describe it again: server
> behind an apache server that we need users to get to using
> https://apps.domain.tld. The app resides at http:///sub. We need apache to
> catch the https://apps.domain.tld request and send to https://another
> server/sub
>
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.domain.tld
SSLEngine On
SSLCertificateFile ..
SSLCertificateKeyFile ..
# All your current directives that apply to www
</VirtualHost>
<VirtualHost *:443>
ServerName apps.domain.tld
SSLEngine On
SSLCertificateFile ..
SSLCertificateKeyFile ..
ProxyPass / https://192.168.123.7/
ProxyPassReverse / https://192.168.123.7/
</VirtualHost>
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
On Apr 25, 2013, at 9:53 PM, "Chris Arnold" wrote:
>
>
> From: "Chris Arnold"
> To: users@httpd.apache.org
> Sent: Thursday, April 25, 2013 4:29:15 PM
> Subject: Re: [users@httpd] Rewrite Rule
>
> On Apr 25, 2013, at 3:29 PM, "Chris Arnold" wrote:
>
> > Ok, I got namevirtualhost working on 443. I also made a new VirtualHost as you instructed above. In fact, https://apps.domain.tld does make it to the other server, 192.168.123.7. Now the problem is the proxied url does not complete, it stops at https://apps.domain.tld/sub/sub. it should be https://apps.domain.tld/sub/sub/sub/login page. How do I get the full uri to return?
>
> >So I tried proxypassmatch ^/(.*) https://192.168.123.7 and the result is https://apps.domain.tld/sub/sub and a 404. I need it to result in /sub/sub/sub
>
> I think this has to do with the complete URI. When on the same network segment = http://192.168.123.7/sub and then propmted for cert and then the result in the address bar is https://192.168.123.7/sub/sub/en-US/login.aspx?ReturnUrl=/sub/sub/en-US/Default.aspx
>
> I dont want to run it on a different port and have users type that in! Any ideas?
>
This is apache reverse proxy to a iis 8 server, if that matters (as it is Microsoft I am sure it does matter)
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
----- Original Message -----
From: "Chris Arnold" <ca...@electrichendrix.com>
To: users@httpd.apache.org
Sent: Thursday, April 25, 2013 4:29:15 PM
Subject: Re: [users@httpd] Rewrite Rule
On Apr 25, 2013, at 3:29 PM, "Chris Arnold" wrote:
> Ok, I got namevirtualhost working on 443. I also made a new VirtualHost as you instructed above. In fact, https://apps.domain.tld does make it to the other server, 192.168.123.7. Now the problem is the proxied url does not complete, it stops at https://apps.domain.tld/sub/sub. it should be https://apps.domain.tld/sub/sub/sub/login page. How do I get the full uri to return?
>So I tried proxypassmatch ^/(.*) https://192.168.123.7 and the result is https://apps.domain.tld/sub/sub and a 404. I need it to result in /sub/sub/sub
I think this has to do with the complete URI. When on the same network segment = http://192.168.123.7/sub and then propmted for cert and then the result in the address bar is https://192.168.123.7/sub/sub/en-US/login.aspx?ReturnUrl=/sub/sub/en-US/Default.aspx
I dont want to run it on a different port and have users type that in! Any ideas?
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
On Apr 25, 2013, at 3:29 PM, "Chris Arnold" wrote:
> Ok, I got namevirtualhost working on 443. I also made a new VirtualHost as you instructed above. In fact, https://apps.domain.tld does make it to the other server, 192.168.123.7. Now the problem is the proxied url does not complete, it stops at https://apps.domain.tld/sub/sub. it should be https://apps.domain.tld/sub/sub/sub/login page. How do I get the full uri to return?
So I tried proxypassmatch ^/(.*) https://192.168.123.7 and the result is https://apps.domain.tld/sub/sub and a 404. I need it to result in /sub/sub/sub
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
On Apr 25, 2013, at 12:36 PM, "Tom Evans" <te...@googlemail.com> wrote:
> On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold
> <ca...@electrichendrix.com> wrote:
>> On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote:
>>
>> Because reverse proxy does not work
>
> ...
>
> The *only* way to get content from a backend is via reverse proxy.
>
>>
>> As I stated in an earlier post, apache does not start when more than 1 ssl
>> virtual host (complains about overlap)
>
> Not using vhosts is frankly more trouble than it is worth. Use vhosts.
> Post about the problem that using vhosts gives you. You must be using
> the same certificate for both hostnames anyway (presumably a wildcard
> cert or using subjectAltName, or you just ignore the errors?), so the
> configuration should be pretty straightforward.
>>
>> We have many different things that run on this server and apache handles
>> them. When using "/" in your proxy config, everything stops working, email,
>> other websites etc.
>
> So don't proxy from /, or add specific excludes for the paths you do
> not want to be proxied:
>
> ProxyPass /email !
> ProxyPass / https://192.168.123.7/
>
> Again, this problem goes away if you correctly separate out your
> separate hosts into their own vhost configuration.
>
>>
>> I covered this in my first email but will try to describe it again: server
>> behind an apache server that we need users to get to using
>> https://apps.domain.tld. The app resides at http:///sub. We need apache to
>> catch the https://apps.domain.tld request and send to https://another
>> server/sub
>
>
> NameVirtualHost *:443
>
> <VirtualHost *:443>
> ServerName www.domain.tld
> SSLEngine On
> SSLCertificateFile ..
> SSLCertificateKeyFile ..
>
> # All your current directives that apply to www
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerName apps.domain.tld
> SSLEngine On
> SSLCertificateFile ..
> SSLCertificateKeyFile ..
>
> ProxyPass / https://192.168.123.7/
> ProxyPassReverse / https://192.168.123.7/
> </VirtualHost>
Ok, I got namevirtualhost working on 443. I also made a new VirtualHost as you instructed above. In fact, https://apps.domain.tld does make it to the other server, 192.168.123.7. Now the problem is the proxied url does not complete, it stops at https://apps.domain.tld/sub/sub. it should be https://apps.domain.tld/sub/sub/sub/login page. How do I get the full uri to return?
Re: [users@httpd] Rewrite Rule
Posted by Tom Evans <te...@googlemail.com>.
On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold
<ca...@electrichendrix.com> wrote:
> On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote:
>
>> It looks like you are rewriting it to it's current location. This
>> leads to a loop.
>>
>> Why are you using rewrite rules anyway?
>
> Because reverse proxy does not work
...
The *only* way to get content from a backend is via reverse proxy.
>
>
>> It seems like you want to
>> reverse proxy from an apache server with a public IP to a backend
>> webserver in your private LAN. Where do rewrite rules come in to this?
>> Why are you checking the host name in your rewrite rules, instead of
>> using vhosts? Why is this not your configuration:
>>
>>
>
> As I stated in an earlier post, apache does not start when more than 1 ssl
> virtual host (complains about overlap)
Not using vhosts is frankly more trouble than it is worth. Use vhosts.
Post about the problem that using vhosts gives you. You must be using
the same certificate for both hostnames anyway (presumably a wildcard
cert or using subjectAltName, or you just ignore the errors?), so the
configuration should be pretty straightforward.
>
>
>> ServerName apps.tld
>> ProxyPass / https://192.168.123.7/
>> ProxyPassReverse / https://192.168.123.7/
>>
>
> We have many different things that run on this server and apache handles
> them. When using "/" in your proxy config, everything stops working, email,
> other websites etc.
So don't proxy from /, or add specific excludes for the paths you do
not want to be proxied:
ProxyPass /email !
ProxyPass / https://192.168.123.7/
Again, this problem goes away if you correctly separate out your
separate hosts into their own vhost configuration.
>
>>
>> I'm very confused by what you're trying to achieve.
>
> I covered this in my first email but will try to describe it again: server
> behind an apache server that we need users to get to using
> https://apps.domain.tld. The app resides at http:///sub. We need apache to
> catch the https://apps.domain.tld request and send to https://another
> server/sub
>
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.domain.tld
SSLEngine On
SSLCertificateFile ..
SSLCertificateKeyFile ..
# All your current directives that apply to www
</VirtualHost>
<VirtualHost *:443>
ServerName apps.domain.tld
SSLEngine On
SSLCertificateFile ..
SSLCertificateKeyFile ..
ProxyPass / https://192.168.123.7/
ProxyPassReverse / https://192.168.123.7/
</VirtualHost>
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
On Apr 25, 2013, at 11:32 AM, "Tom Evans" <te...@googlemail.com> wrote:
> It looks like you are rewriting it to it's current location. This
> leads to a loop.
>
> Why are you using rewrite rules anyway?
Because reverse proxy does not work
> It seems like you want to
> reverse proxy from an apache server with a public IP to a backend
> webserver in your private LAN. Where do rewrite rules come in to this?
> Why are you checking the host name in your rewrite rules, instead of
> using vhosts? Why is this not your configuration:
>
> <VirtualHost *:443>
As I stated in an earlier post, apache does not start when more than 1 ssl virtual host (complains about overlap)
> ServerName apps.tld
> ProxyPass / https://192.168.123.7/
> ProxyPassReverse / https://192.168.123.7/
> </VirtualHost>
We have many different things that run on this server and apache handles them. When using "/" in your proxy config, everything stops working, email, other websites etc.
>
> I'm very confused by what you're trying to achieve.
I covered this in my first email but will try to describe it again: server behind an apache server that we need users to get to using https://apps.domain.tld. The app resides at http://<server inside ip>/sub. We need apache to catch the https://apps.domain.tld request and send to https://another server/sub
Thanks
Re: [users@httpd] Rewrite Rule
Posted by Tom Evans <te...@googlemail.com>.
On Thu, Apr 25, 2013 at 4:13 PM, Chris Arnold
<ca...@electrichendrix.com> wrote:
>
>
> From: "Chris Arnold" <ca...@electrichendrix.com>
> To: users@httpd.apache.org
> Sent: Wednesday, April 24, 2013 3:21:25 PM
> Subject: Re: [users@httpd] Rewrite Rule
>
>
> On Apr 24, 2013, at 2:00 PM, "Chris Arnold" wrote:
>
>> On Apr 23, 2013, at 8:39 PM, "Chris Arnold" wrote:
>>
>> > Apache 2.12.x on SLES11 SP2. We have a RDS server behind an apache
>> > server using proxypass. We need users to get to the RDS server using
>> > https://apps.domain.tld. The apache server should catch this request and
>> > send/rewrite to
>> > https://apps.domain.tld/rds/something/something/login.whatever. We have a
>> > ssl virtual host and in this virtual host i have a rewrite statement:
>> >
>> > RewriteEngine On
>> > RewriteCond %{HTTP_HOST} ^apps\.
>> > RewriteCond %{HTTPS} on
>> > RewriteRule ^/(.*) https://192.168.123.7/$1 [P]
>> > #RedirectMatch ^/$ /rds/something/something/login.whatever
>
> RewriteEngine On
> RewriteLog /var/log/apache2/rewrite.log
> RewriteLogLevel 3
>
> RewriteCond %{HTTP_HOST} ^apps\.
> RewriteCond %{HTTPS} on
> RewriteRule ^/(.*) https://192.168.123.7/sub/ [R]
>
> OK, i have turned on rewrite log and this is what i get in the log:
>
> initial] (2) init rewrite engine with requested uri /
> /initial] (3) applying pattern '^/(.*)' to uri '/'
> /initial] (3) applying pattern '^/(.*)' to uri '/'
> /initial] (2) rewrite '/' -> 'https://192.168.123.7/rdweb/'
> /initial] (2) explicitly forcing redirect with https://192.168.123.7/rdweb/
> /initial] (3) applying pattern '^/(.*)' to uri
> 'https://192.168.123.7/rdweb/'
> /initial] (1) escaping https://192.168.123.7/rdweb/ for redirect
> /initial] (1) redirect to https://192.168.123.7/rdweb/ [REDIRECT/302]
>
> As you can see this works fine. However, i am on the same network segment as
> 192.168.123.7 and the URL in the browser is
> https://192.168.123.7/sub/sub/sub/login.whatever and this does not/will not
> work when not on the same network segment. So i changed the rewriterule to:
> ^/(.*) https://apps.domain.tld:
>
> RewriteEngine On RewriteLog /var/log/apache2/rewrite.log
> RewriteLogLevel 3
>
> RewriteCond %{HTTP_HOST} ^apps\.
> RewriteCond %{HTTPS} on
> RewriteRule ^/(.*) https://apps.domain.tld/sub/ [R]
>
> and this is in the rewrite log from the above:
>
> /initial] (2) init rewrite engine with requested uri /sub/
> /initial] (3) applying pattern '^/(.*)' to uri '/syb/'
> /initial] (3) applying pattern '^/(.*)' to uri '/sub/'
> /initial] (2) rewrite '/sub/' -> 'https://apps.domain.tld/sub/'
> /initial] (2) explicitly forcing redirect with https://apps.domain.tld/sub/
> /initial] (3) applying pattern '^/(.*)' to uri
> 'https://apps.domain.tld/sub/'
> /initial] (1) escaping https://apps.domain.tld/sub/ for redirect
> /initial] (1) redirect to https://apps.domain.tld/sub/ [REDIRECT/302]
This is the end of the first request. It got redirected to
https://apps.domain.tld/sub/
> /initial] (2) init rewrite engine with requested uri /sub/
> /initial] (3) applying pattern '^/(.*)' to uri '/sub/'
> /initial] (3) applying pattern '^/(.*)' to uri '/sub/'
> /initial] (2) rewrite '/sub/' -> 'https://apps.domain.tld/sub/'
> /initial] (2) explicitly forcing redirect with https://apps.domain.tld/sub/
> /initial] (3) applying pattern '^/(.*)' to uri
> 'https://apps.domain.tld/sub/'
> /initial] (1) escaping https://apps.domain.tld/sub/ for redirect
> /initial] (1) redirect to https://apps.domain.tld/sub/ [REDIRECT/302]
This is the next request. It's got the same URL.
>
> And this keeps repeating until i stop it. This looks like the rewrite loop
> but i am under the impression that by default max redirects=10 and should
> stop after 10.
> Any ideas as to what is going on with the rewrite statements?
It looks like you are rewriting it to it's current location. This
leads to a loop.
Why are you using rewrite rules anyway? It seems like you want to
reverse proxy from an apache server with a public IP to a backend
webserver in your private LAN. Where do rewrite rules come in to this?
Why are you checking the host name in your rewrite rules, instead of
using vhosts? Why is this not your configuration:
<VirtualHost *:443>
ServerName apps.tld
ProxyPass / https://192.168.123.7/
ProxyPassReverse / https://192.168.123.7/
</VirtualHost>
I'm very confused by what you're trying to achieve.
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
From: "Chris Arnold" <ca...@electrichendrix.com>
To: users@httpd.apache.org
Sent: Wednesday, April 24, 2013 3:21:25 PM
Subject: Re: [users@httpd] Rewrite Rule
On Apr 24, 2013, at 2:00 PM, "Chris Arnold" wrote:
> On Apr 23, 2013, at 8:39 PM, "Chris Arnold" wrote:
>
> > Apache 2.12.x on SLES11 SP2. We have a RDS server behind an apache server using proxypass. We need users to get to the RDS server using https://apps.domain.tld. The apache server should catch this request and send/rewrite to https://apps.domain.tld/rds/something/something/login.whatever. We have a ssl virtual host and in this virtual host i have a rewrite statement:
> >
> > RewriteEngine On
> > RewriteCond %{HTTP_HOST} ^apps\.
> > RewriteCond %{HTTPS} on
> > RewriteRule ^/(.*) https://192.168.123.7/$1 [P]
> > #RedirectMatch ^/$ /rds/something/something/login.whatever
RewriteEngine On
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 3
RewriteCond %{HTTP_HOST} ^apps\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://192.168.123.7/sub/ [R]
OK, i have turned on rewrite log and this is what i get in the log:
initial] (2) init rewrite engine with requested uri /
/initial] (3) applying pattern '^/(.*)' to uri '/'
/initial] (3) applying pattern '^/(.*)' to uri '/'
/initial] (2) rewrite '/' -> 'https://192.168.123.7/rdweb/'
/initial] (2) explicitly forcing redirect with https://192.168.123.7/rdweb/
/initial] (3) applying pattern '^/(.*)' to uri 'https://192.168.123.7/rdweb/'
/initial] (1) escaping https://192.168.123.7/rdweb/ for redirect
/initial] (1) redirect to https://192.168.123.7/rdweb/ [REDIRECT/302]
As you can see this works fine. However, i am on the same network segment as 192.168.123.7 and the URL in the browser is https://192.168.123.7/sub/sub/sub/login.whatever and this does not/will not work when not on the same network segment. So i changed the rewriterule to:
^/(.*) https://apps.domain.tld:
RewriteEngine On RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 3
RewriteCond %{HTTP_HOST} ^apps\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://apps.domain.tld/sub/ [R]
and this is in the rewrite log from the above:
/initial] (2) init rewrite engine with requested uri /sub/
/initial] (3) applying pattern '^/(.*)' to uri '/syb/'
/initial] (3) applying pattern '^/(.*)' to uri '/sub/'
/initial] (2) rewrite '/sub/' -> 'https://apps.domain.tld/sub/'
/initial] (2) explicitly forcing redirect with https://apps.domain.tld/sub/
/initial] (3) applying pattern '^/(.*)' to uri 'https://apps.domain.tld/sub/'
/initial] (1) escaping https://apps.domain.tld/sub/ for redirect
/initial] (1) redirect to https://apps.domain.tld/sub/ [REDIRECT/302]
/initial] (2) init rewrite engine with requested uri /sub/
/initial] (3) applying pattern '^/(.*)' to uri '/sub/'
/initial] (3) applying pattern '^/(.*)' to uri '/sub/'
/initial] (2) rewrite '/sub/' -> 'https://apps.domain.tld/sub/'
/initial] (2) explicitly forcing redirect with https://apps.domain.tld/sub/
/initial] (3) applying pattern '^/(.*)' to uri 'https://apps.domain.tld/sub/'
/initial] (1) escaping https://apps.domain.tld/sub/ for redirect
/initial] (1) redirect to https://apps.domain.tld/sub/ [REDIRECT/302]
And this keeps repeating until i stop it. This looks like the rewrite loop but i am under the impression that by default max redirects=10 and should stop after 10.
Any ideas as to what is going on with the rewrite statements?
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
On Apr 24, 2013, at 2:00 PM, "Chris Arnold" <ca...@electrichendrix.com> wrote:
> On Apr 23, 2013, at 8:39 PM, "Chris Arnold" wrote:
>
> > Apache 2.12.x on SLES11 SP2. We have a RDS server behind an apache server using proxypass. We need users to get to the RDS server using https://apps.domain.tld. The apache server should catch this request and send/rewrite to https://apps.domain.tld/rds/something/something/login.whatever. We have a ssl virtual host and in this virtual host i have a rewrite statement:
> >
> > RewriteEngine On
> > RewriteCond %{HTTP_HOST} ^apps\.
> > RewriteCond %{HTTPS} on
> > RewriteRule ^/(.*) https://192.168.123.7/$1 [P]
> > #RedirectMatch ^/$ /rds/something/something/login.whatever
Rewriteengine on
Rewritecond %{https_host} ^apps\.
Rewritecond %{https} on
Rewriterule ^/(.*) https://192.168.123.7/folder$1 [P]
Results in http://apps.domain.tld/folder/folder
In order to get the login page the URL should be http://apps.domain.tld/folder/folder/folder/login.whatever
How do I rewriterule to /folder/folder/folder/login.whatever?
Re: [users@httpd] Rewrite Rule
Posted by Chris Arnold <ca...@electrichendrix.com>.
On Apr 23, 2013, at 8:39 PM, "Chris Arnold" <ca...@electrichendrix.com> wrote:
> Apache 2.12.x on SLES11 SP2. We have a RDS server behind an apache server using proxypass. We need users to get to the RDS server using https://apps.domain.tld. The apache server should catch this request and send/rewrite to https://apps.domain.tld/rds/something/something/login.whatever. We have a ssl virtual host and in this virtual host i have a rewrite statement:
>
> RewriteEngine On
> RewriteCond %{HTTP_HOST} ^apps\.
> RewriteCond %{HTTPS} on
> RewriteRule ^/(.*) https://192.168.123.7/$1 [P]
> #RedirectMatch ^/$ /rds/something/something/login.whatever
>
> This takes me to the root of the rds server, hence the redirectmatch which produces a 404. I have also written another ssl virtual host but apache does not start and complains about 443 overlap. How do i accomplish users landing at the rds server when typing https://apps.domain.tld?
Apache gurus, I really really need to guidance in how to have apache send http://apps.domain.tld to an iis8 rds server that you access from the LAN at http://apps.domain.tld/apps