I have a Rails server (Passenger/Apache) that is running for all intents and purposes, LDAP authentication.
<Directory "/railsapp/public">
AllowOverride All
Allow from all
Require valid-user
Options -MultiViews
</Directory>
I use the REMOTE_USER variable in conjunction with a local database for user authentication. However, I have a set of special hosts that need to be able to wget a route from this rails application. The application already has the logic to not check REMOTE_USER for these routes.
Possible solutions are configuring a .htaccess for a special user and password to use for authentication, but this would grant access to the application. Instead, I was thinking of whitelisting the mostly static list of hosts such that Require valid-user would not apply to these hosts.
How would I setup /railsapp/public/.htaccess and/or the vhost.conf for this?
I tried (in .htaccess)
allow from myhost.mydomain.com
and restarted apache, but I still get 401 Authorization Required when trying from myhost.
How would I go about avoiding the authentication I put on my webapp? Solutions need not be restricted to how I'm trying to go about this, but I absolutely need the LDAP REMOTE_USER for my primary application.
Add the Satisfy directive
Satisfy Any
as well as
allow from myhost.mydomain.com
to your .htaccess.
Related
I have a server where I am hosting several apps. They are all accessible on their own subdirectories through the same server name, so my app foo is found at www.servername.com/foo and bar is found at www.servername.com/bar and so on. Most of these apps are Flask apps with the route and the static files configured through apache VirtualHost *:443 to run SSL.
I have been given another Flask app, baz, to run on the server which has been configured to spin up into two Docker containers, one for the app and one for the database. I have managed to adjust my apache .conf file as follows:
<VirtualHost *:443>
ServerName www.servername.com
# some additional config for my other apps, in Directories and static aliases
ProxyPreserveHost On
SSLProxyEngine On
<Proxy *>
Allow from *
</Proxy>
ProxyPass "/baz" "http://<IP address>:5000"
ProxyPassReverse "/baz" "http://<IP address>:5000"
</VirtualHost>
I think the configuration is reaching the running container, because when I go to www.servername.com/baz it redirects to www.servername.com/login. It should redirect to www.servername.com/baz/login, but clearly something hasn't gone right. How can I get the proxy to correctly direct all baz traffic through the /baz subdirectory?
Additionally, I can manually navigate to www.servername.com/baz/login to see the login page for the baz app, but it appears not to have loaded the CSS, so I assume the static files are not being loaded. Do I need to set up an alias for these static files too, like I do with my other non-Docker Flask apps? If so, the standard format that I usually use:
Alias baz/static /path/to/baz/static
is not working. On a whim, I also tried something weirder just to see if it would work:
Alias "baz/static" "http://<IP address>:5000/static"
but this didn't work either. Perhaps it will be fixed by addressing the proxy routing issue above, but how can I make the static files accessible to the baz app?
It sounds like the website that is running under /baz doesn't know that's where it's running and so is rendering URLs under / instead. You have a couple of options:
Use subdomains: baz.servername.com. Then the Flask apps can just use / freely without conflicts.
Make the Flask apps aware of where they're serving, so your Flask app is configured to use /baz to prefix every URL it serves.
I have been running a website I have been developing on WAMPserver.
When ever I try to access it through my IPv4 address on the computer that it is running on and any other device on the network I ge a error 403 Forbidden You don't have permission to access / on this server.
Please help I kind of need it by a due date.
WAMPServer is designed as a development tool and not an environment for a LIVE site, so by default all the Apache security is based around allowing access from the PC running WAMPServer and nothing else.
If you want to open up your site to the world, you can use the menu item Put Online
left click wampmanager -> Put Online
If this does not work, usually becasue you have chnaged something in the httpd.conf file you can make the required changes manually.
Edit \wamp\bin\apache\apachex.y.z\conf\httpd.conf\httpd.conf
Find this section
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 localhost ::1
And change it to
# onlineoffline tag - don't remove
Order Allow,Deny
Allow from all
If you are using Apache 2.4.x the syntax has chnaged and you shoudl change it to
# onlineoffline tag - don't remove
Require all granted
BE VERY CAREFULL not to change any other section to Allow from all or Require all granted as this can compromise you PC security very easily.
I have a rails application with apache, passenger, with kerberos protection.
One of the controllers (UsersController) provides one action (responds with json) that must be available externally.
When i try to access it ($ curl ...), the server returns Kerberos authentication error.
What should i do in this kind of situations. Configure httpd.conf to 'allow any' for one specific file, isolating the externally available methods in one file or is it a better solution?
I solved it configuring the specific dir in apache httpd.conf
<Location "/users/user_action.json*">
Order allow,deny
Allow from all
satisfy any
</Location>
Thanks
I've searched the web, but I can only find information on sharing code between multiple sites and on separating the database to isolated models. This is not what I want.
I want to run a single rails server, with a single DNS address and a single port - http://myportal.com - that will handle several other sites - http://myportal.com/site1, http://myportal.com/site2 etc.
I want each site to have it's own folder(and SCM repository), it's own database, it's own routing - it's own everything. That is - I want to be able to develop each site as a standalone - that means I need to be able to run site1 site as http://localhost:3000 and not http://localhost:3000/site1.
On the server, the root site(the one that responds to the http://myportal.com address should be the one I run the server from, and it should know the absolute paths of the other sites(which will be in different directories on the server, not in child directories of the root site) and provide routing information for them - but it should also chain to the other sites routes.rb files. That means that if I go to address http://myportal.com/site1/books/ the root site should handle http://myportal.com/site1, and site1 should handle /books/. The root site should not need to know about the other sites' internal routing structures.
Is this possible? Right now I'm running the rails server that comes with the gem(rails server from the command line) on a Windows Server 2008 server, but I'm willing to install another server if that's what needed to accomplish the goal I described.
Thanks in advance!
You should be able to do this with Apache or nginx and possibly IIS if configured correctly. I'm most familiar with Apache and the flexible mod_rewrite and mod_proxy components that can facilitate this.
The idea is you rewrite http://example.com/ to be http://example.com:3000/ and http://example.com/site2 as http://example.com:3001/site2 and so forth.
It's also possible to do this with Passenger and some clever use of the VirtualHost directive, but you may have to fiddle to get a configuration that works for you. Remember that rewriting the headers to route internally has no effect on the resulting HTML your servers emit.
Create a symlink:
cd ~/Sites
ln -s /Users/hg/Developer/Rails/railsproj1/public ./railsproj1
modify apache config file
<VirtualHost *:80>
ServerName localhost
DocumentRoot /Users/hg/Sites
<Directory /Users/hg/Sites>
AllowOverride All
Options Indexes FollowSymLinks MultiViews
Order allow,deny
Allow from all
</Directory>
RailsBaseURI /railsproj1
RailsEnv development
</VirtualHost>
Answer source: http://collab.stat.ucla.edu/users/jose/weblog/9e335/
I am using Ruby on Rails 3.1 and I have an application running at the www.mywebsitename.com domain. For improvement reasons I would like to run my application at the www.uk.mywebsitename.com subdomain (BTW: at the www.mywebsitename.com domain I will run a RoR application to redirect users to the proper subdomain).
I do not need geocoding or similar. Simply, I would like to know how to run my application on the www.uk.mywebsitename.com Web address (I am planning to add as subdomain other/similar RoR applications like www.de.mywebsitename.com and www.it.mywebsitename.com, each working with a separate database): what I have to care/do? what do you advice about?
P.S.: My server is running Linux Ubuntu and Apache. I deploy with the Capistrano gem.
It seems like you're looking for how to make apache vhosts, since that's basically what they do.
I assume you're using phusion passenger, and in that case you should already have one vhost (or at least a default site in /etc/apache/sites-available (or something similar, it might be apache2, I'm not entirely sure).
What you basically need to do to get multiple rails applications working is to set up one vhost for each rails application and set the proper ServerName and DocumentRoot for each vhost.
It might look something like this for you uk site:
<VirtualHost *:80>
ServerName www.uk.mywebsitename.com
DocumentRoot /path/to/where/your/uk/site/is/deployed/current/public
<Directory /path/to/where/your/uk/site/is/deployed/current/public>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
How to setup vhosts for passenger is documented in the passenger documentation.