How do we expose Zuul with SSL certificates(say same cert...exposed via multiple DNS names).
Basically equivalent of below in Zuul.
Currently we have all our applications exposed via apache httpd proxy with the below setup for exposing services via SSL
ServerName XXX.com
SSLEngine on
#SSLProtocol all -SSLv2
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!EXPORT:!SSLv2:!LOW:!3DES:!PSK:!MD5:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile <cerfile>
SSLCertificateKeyFile <pemfile>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Thanks
Bharath
Related
I have found a lot of information and help in this forum, but I could not find any solution for my proxy-problem.
I've been searching various forums and trying different options for the past few weeks, but my reverse proxy just isn't working.
I have apache2 running on Ubuntu 20.04 with several websites and also a few Docker containers in use.
Now I want to make a redirect via reverse proxy to 2 Docker websites to save me the SSL certificates.
Locally the Docker containers work
http://server1:1234 => Openhab Docker
http://server1:89 => Tasmota WebAdmin
The Apache-Conf currently looks like this
server-ssl.conf
# NameVirtualHost *:443
SSLStrictSNIVHostCheck Off
<VirtualHost *:443>
ServerName server1.com
ServerAlias *.server1.com
ServerAdmin admin#server1.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
RewriteEngine On
SSLCertificateFile /etc/ssl/private/server1.crt
SSLCertificateKeyFile /etc/ssl/private/server1.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Directory /var/www/html/>
DirectoryIndex index.htm index.html index.php
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
############################
# Beginn Reverse Proxy Settings
###########################
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /openhab/ http://127.0.0.1:1234/
Header set Set-Cookie "X-OPENHAB-AUTH-HEADER=1"
ProxyPassReverse /openhab/ http://127.0.0.1:1234/
ProxyPass /tasmota/ http://127.0.0.1:89/
ProxyPassReverse /tasmota/ http://127.0.0.1:89/
####################
# Ende Reverse Proxy Settings
###################
The result of this config is
https://my.server1.com/openhab
I see the Title "Openhab" at the tab but no website, no openhab-Icons,... like at my Home-Net
Perhaps because Openhab is using Java?
https://my.server1.com/tasmota
shows "URL not found"
If I change it to
https://my.server1.com/tasmota/login
I see the login-page without formatting.
After Login the URL changes to
https://my.server1.com/devices
but should be
https://my.server1.com/tasmota/devices
If I change it manually, I see my devices but without formatting.
I have no idea what is wrong, I thought it ist adding ProxyPass and ReverseProxyPass and the whole thing runs.
Maybe someone has a tip for me?
Of course the modules proxy, proxy_http are running.
Thanks a lot and best regards
So far I used the ubuntu/apache2:2.4-22.04_beta to run a apache2 reverse proxy.
I added ssl certs to /etc/apache2/ssl, and site configuration to /etc/apache2/sites-available/000-default.conf.
With configuration like:
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ...
ProxyRequests Off
ProxyPreserveHost On
<Location /my-api>
ProxyPass ...
ProxyPassReverse ...
RequestHeader set X-Forwarded-Prefix ...
</Location>
</VirtualHost>
Question: I now would like to switch to https://hub.docker.com/_/httpd/
But how would I have to migrate those settings? Is the image exchangeable while keeping all configurations?
The key concept was to migrate all a2enmod to LoadModule statements, into httpd.conf. The VirtualHost config could be migrated 1:1. That's it.
When I run my browser from my rails application on my debian server, the tree of my application appears in the browser.
I install and configure passenger and apache but it does not work.
Why?
Thanks
You most likely have your web server pointed at <some_path>/app instead of <some_path>/app/public.
Example Apache VirtualHost:
<VirtualHost *:443>
ServerName www.app.com
DocumentRoot "/var/app/current/public/"
CustomLog /var/log/apache2/app_log combined
ErrorLog /var/log/apache2/app_log
<Directory /var/app/current/public>
AllowOverride all
Options -MultiViews
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/app.crt
SSLCertificateKeyFile /etc/ssl/private/app.key
SSLCertificateChainFile /etc/ssl/certs/bundle.crt
</VirtualHost>
I have an apache virtual host for port 80 that hosts a rails 3 phusion passenger application. I would like some actions of the application to switch to https (port 443). What is the best way to share one instance of a phusion passenger rails application between two vhosts?
Right now, I have:
<VirtualHost *:80>
ServerName mycompany.com
ServerAlias www.mycompany.com
RackBaseURI /
DocumentRoot /home/ubuntu/mycompany/public
<Directory /home/ubuntu/mycompany/public >
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
and
<VirtualHost _default_:443>
ServerName shop.mycompany.com
SSLEngine On
ProxyPass / http://localhost/
ProxyPassReverse / http://localhost/
ProxyPreserveHost On
SSLCertificateFile /etc/ssl/...
SSLCertificateKeyFile /etc/ssl/...
SSLCertificateChainFile /etc/ssl/...
</VirtualHost>
I know this is not ideal at all. There must be a better way. I do not want all requests to go through https due to the overhead.
Mike
I am trying to configure SSL on my localhost using apache and phusion passenger. I am using virtualhosts.
I have the below configuration in sites-available/myapp
VirtualHost *:80
ServerName myapp
DocumentRoot /home/madhu/ror/myapp/public
RailsEnv development
Directory /home/madhu/ror/myapp/public
AllowOverride all
Options -MultiViews
Order allow,deny
allow from all
Directory
VirtualHost
VirtualHost *:443
ServerName myapp
DocumentRoot /home/madhu/ror/myapp/public
ProxyPass / http://myapp/
ProxyPassReverse / http://myapp/
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO 'https'
Directory /home/madhu/ror/myapp/public
AllowOverride all
Options -MultiViews
Order allow,deny
allow from all
Directory
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/Thawte_Server_CA.pem
SSLProxyMachineCertificateFile /etc/ssl/certs/Thawte_Server_CA.pem
VirtualHost
The SSL is enabled and everything works fine. But when I go to the url https://myapp/login , it says "The requested URL /login was not found on this server". When I look at the apache logs I found out that the request is going to /var/www/login istead of /home/madhu/ror/myapp/public. This was the error log
[client 127.0.0.1] File does not exist: /var/www/login
Is there anything I am missing? Please help
Thanks.
I had to put
ServerName myapp
DocumentRoot /home/madhu/ror/myapp/public
RequestHeader set X_FORWARDED_PROTO 'https'
Directory /home/madhu/ror/myapp/public
AllowOverride all
Options -MultiViews
Order allow,deny
allow from all
Directory
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/Thawte_Server_CA.pem
SSLProxyMachineCertificateFile /etc/ssl/certs/Thawte_Server_CA.pem
in default-ssl :P silly mistake