I have a apache/RoR server running on 8080 port and redbird forwarding from port 80 (because I have a nodejs website running on the same machine). The problem is that when I try to connect my RoR website from http, it gives me 500 error or the GET fails. Below is my apache setup.
<VirtualHost *:8080>
DocumentRoot /home/ffit/gsatech/production/current/public
ServerName cobranca.gsatech.com.br
ServerAlias www.cobranca.gsatech.com.br
RailsEnv production
<Directory "/home/ffit/gsatech/production/current/public">
#Options -MultiViews
#Allow from all
Options Indexes FollowSymLinks
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error-gsatech-production.log
CustomLog ${APACHE_LOG_DIR}/access-gsatech-production.log combined
PassengerRuby /usr/share/rvm/gems/ruby-2.1.5/wrappers/ruby
LoadModule passenger_module /usr/share/rvm/gems/ruby-2.1.5/gems/passenger-5.1.8/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/share/rvm/gems/ruby-2.1.5/gems/passenger-5.1.8
PassengerDefaultRuby /usr/share/rvm/gems/ruby-2.1.5/wrappers/ruby
</IfModule>
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =cobranca.gsatech.com.br
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteEngine on
RewriteCond %{SERVER_NAME} =cobranca.gsatech.com.br [OR]
RewriteCond %{SERVER_NAME} =www.cobranca.gsatech.com.br
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And here is my app.js for my redbird forwarding to apache.
var proxy = require('redbird')({port: 80, xfwd: false});
proxy.register("dicoop.ffit.com.br", "http://dicoop.ffit.com.br:3030");
proxy.register("http://cobranca.gsatech.com.br", "https://cobranca.gsatech.com.br:8080");
proxy.register("www.cobranca.gsatech.com.br", "https://cobranca.gsatech.com.br:8080");
Apache is running port 81 while my Redbird module is running on port 80 to do the routing through my websites and I have certbot doing my https certificate for my RoR website.
Related
I try to deploy a dockerized shiny app. For deploying and securising with Apache2, there is no problem. My app is available at the port 4001 for http and the port 5001 for https.
My problem is when I try to suppress the port 4001 or redirect permanently the port 4001 to the port 5001.
Here is my apache configuration :
<IfModule mod_ssl.c>
<VirtualHost *:4001>
ServerName mywebsite.com
ServerAdmin webmaster#localhost
Redirect permanent / https://mywebsite.com/deletepoint
# RedirectMatch permanent ^/(.*)$ https://mywebsite.com/$1
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/certificatefile.cer
SSLCertificateKeyFile /etc/ssl/certs/certificatekeyfile.key
</VirtualHost>
<VirtualHost *:5001>
ServerName mywebsite.com
ServerAdmin webmaster#localhost
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket
RewriteRule /deletepoint ws://localhost:4001/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket
RewriteRule /deletepoint http://localhost:4001/$1 [P,L]
SSLEngine on
SSLCertificateFile /etc/ssl/certs/certificatefile.cer
SSLCertificateKeyFile /etc/ssl/certs/certificatekeyfile.key
ProxyPreserveHost On
ProxyPass / http://localhost:4001/
ProxyPassReverse / http://localhost:4001/
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Directory "/var/www/html/obs-foncier">
Options +FollowSymLinks
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
</IfModule>
If someone has already had this configuration problem, or know how to do a good configuration, please help me. Thanks in advance.
I am trying to configure my docker GitLab CE (latest) instance that works with an integrated letsnecrypt that is part of the docker, in order to authenticate it as HTTPS under a sub-domain that is proxied by an Apache 2.4.
The reason i want it to go through Apache is that In this environment there is a web page running which claims port 80, 443 etc. So, in order for me to have both, i have mapped docker's ports to 443:444 and 80:3000.
And via apache's virtual host naming i have the following configuration:
<VirtualHost domain.com:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost gitlab.domain.com:80>
ServerAdmin webmaster#localhost.com
ProxyPreserveHost On
ProxyPass "/" "http://public-ip:3000/"
ProxyPassReverse "/" "http://public-ip:3000/"
ServerName gitlab.domain.com
</VirtualHost>
<VirtualHost gitlab.domain.com:443>
ServerAdmin webmaster#localhost.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
ProxyPreserveHost On
ProxyPass "/" "http://public-ip:3000/"
ProxyPassReverse "/" "http://public-ip:3000/"
ServerName gitlab.domain.com
</VirtualHost>
What do you think is the best approach?
I want http://www.example.com, http://example.com to redirect to https://example.com.
The application hosted at https://example.com is a Rails Passenger app.
I have a WordPress installation in /var/www/html/blog and I've aliased /blog to /var/www/html/blog such that https://example.com/blog will run the WordPress blog.
However, not everything is working as I want:
Right now:
http://www.example.com is going to https://example.com, this is good.
http://example.com is not going to https://example.com.
https://www.example.com is not going to https://example.com
https://example.com/blog is throwing exceptions in the console like this: Mixed Content: The page at 'https://example.com/blog/' was loaded over HTTPS, but requested an insecure script 'http://xx.xx.xxx.xxx/blog/wp-includes/js/wp-emoji-release.min.js?ver=4.6.1'. This request has been blocked; the content must be served over HTTPS.
e # (index):23
http://example.com/blog runs fine, but I need it to redirect to https://example.com/blog **
http://www.example.com/blog redirects to http://example.com/blog **
** Points 5 and 6, this is probably because I have set the WordPress urls to http://example.com. If I set it to https://example.com, I get into an endless loop.
Can I get advice on how to modify my apache config?
/etc/httpd/conf/httpd.conf
LoadModule passenger_module /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0
PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
</IfModule>
<VirtualHost *:80>
ProxyPreserveHost On
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/example/public
# Redirect / https://example.com
PassengerRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
PassengerFriendlyErrorpages on
# JkMount /tc* node1
# JkMount /intro* node1
# Relax Apache security settings
<Directory /var/www/example/public>
RailsEnv production
Allow from all
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
# Require all granted
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] OR
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
</Directory>
<Directory /var/www/html/blog>
PassengerEnabled off
# Makes Wordpress's .htaccess file work
AllowOverride all
</Directory>
</VirtualHost>
Alias /blog /var/www/html/blog
Alias /.well-known/acme-challenge/ /var/www/example/.well-known/acme-challenge/
`
/etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLProxyProtocol all -SSLv3
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# to run in dev mode
RailsEnv production
# Be sure to point to 'public'!
DocumentRoot /var/www/example/public
# define server details
ServerName example.com
#ServerAlias www.example.com
# rails needs the header for its own processing
RequestHeader set X_FORWARDED_PROTO 'https'
# this is just passing a proxy to a localhost server
# ProxyRequests Off
# ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
# ProxyPass / http://localhost/
# ProxyPassReverse / http://localhost/
#<Directory /var/www/html/blog>
# Options Indexes FollowSymLinks MultiViews
# AllowOverride All
# allow from all
# Require all granted
#</Directory>
</VirtualHost>
I got the following to work for redirecting everything to https://example.com, but I could not get https to work for /blog:
httpd.conf
LoadModule passenger_module /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /usr/local/rvm/gems/ruby-2.3.3/gems/passenger-5.1.0
PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
</IfModule>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ProxyPreserveHost On
# Tell Apache and Passenger where your app's 'public' directory is
DocumentRoot /var/www/example/public
PassengerRuby /usr/local/rvm/gems/ruby-2.3.3/wrappers/ruby
PassengerFriendlyErrorpages on
# Relax Apache security settings
<Directory /var/www/example/public>
RailsEnv production
Allow from all
Options -MultiViews
# Uncomment this if you're on Apache >= 2.4:
# Require all granted
RewriteEngine On
RewriteCond %{SERVER_NAME} =www.adintern.com
RewriteRule ^(.*)$ https://adintern.com/$1 [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://adintern.com/$1
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
</Directory>
<Directory /var/www/html/blog>
PassengerEnabled off
# Makes Wordpress's .htaccess file work
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Alias /blog /var/www/html/blog
Alias /.well-known/acme-challenge/ /var/www/example/.well-known/acme-challenge/
ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLProxyProtocol all -SSLv3
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# to run in dev mode
RailsEnv production
# Be sure to point to 'public'!
DocumentRoot /var/www/example/public
# define server details
ServerName example.com
# rails needs the header for its own processing
RequestHeader set X_FORWARDED_PROTO 'https'
# this is just passing a proxy to a localhost server
# ProxyRequests Off
# ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
# ProxyPass / http://localhost/
# ProxyPassReverse / http://localhost/
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem
</VirtualHost>
For WordPress, set the HOME and SITEURL to this:
define('WP_HOME','https://example.com/blog');
define('WP_SITEURL','https://example.com/blog');
I have an existing apache server with https handling traffic for https://www.example.com.
How can I config rails (and apache) to handle https requests from another port, e.g. https://www.example.com:6000/api/v1/datafeed/?
You can make use of the Apache proxy with balancer module. Here is how I configured rails behind Apache 2.4 with NamedVirtualHost:
Enable the following modules in httpd.conf:
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
And something like following for your VirtualHost configuration
Listen 127.0.0.1:6000 https
<VirtualHost *:6000>
ServerAdmin webmaster#example.com
ServerName www.example.com
DocumentRoot "rails_root/public"
<Directory "rails_root/public"
Require all granted
Options -MultiViews
</Directory>
ProxyPass / balancer://myapp_cluster/
ProxyPassReverse / balancer://myapp_cluster/
ProxyPreserveHost On
ProxyVia On
<Proxy balancer://myapp_cluster>
# Note the port here, this should be the port where your rails app is running.
BalancerMember http://localhost:3000
</Proxy>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile "/etc/httpd/conf/ssl/certificate_file.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/certificate_key.key"
ErrorLog "/var/log/httpd/error.log"
CustomLog "/var/log/httpd/access.log" combined
</VirtualHost>
I am using phusion passenger to host a rails app at www.example.com. I want to tell apache to redirect example.com to www.example.com. The standard way seems to be using two virtual host configs. I am doing this, but I am getting a "too many redirects" error. Following is my config:
<VirtualHost *:80>
ServerName example.com
Redirect permanent / http://www.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
...
</VirtualHost>
Thanks. I am using Passenger 3.0.11, Apache2.
We use a single virtual host config with a .htaccess file.
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.mydomain.com
ServerAlias mydomain.com
DocumentRoot /var/www/public
<Directory /var/www/public>
AllowOverride all
Options Indexes FollowSymLinks MultiViews
</Directory>
</VirtualHost>
Then in your /var/www/public/.htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]