DevHeads.net

How to proxy web server?

Hello,

Apache 2.4 on Debian Testing, mpm_itk

I have the Discourse web forum running in a docker container. The container's webserver is bount to localhost:2080. The
forum should be reachable at either forum.csc-stuttgart.org or csc-stuttgart.org/forum.

Possibility A:

<VirtualHost *:80>
ServerName forum.csc-stuttgart.org
AssignUserID csc-stuttgart csc-stuttgart
ProxyPreserveHost On
ProxyPass "/" "http://localhost:2080/"
ProxyPassReverse "/" "http://localhost:2080/"
DocumentRoot /home/csc-stuttgart/csc-stuttgart.org/pub
[...]
</VirtualHost>

That works fine, beside on little problem. I want to use Let's Encrypt SSL certificates on that which require a path
forum.csc-stuttgart.org/.well-known to be writable from the file system.
How can I take just one path out of the Proxy?

Wrap the ProxyPass/Reverse in a <LocationMatch> with a PCRE that match everything except .well-known? Haven't tested it
yet. Any better solution?

Possibility B:

<VirtualHost *:80>
ServerName csc-stuttgart.org
ServerAlias *.csc-stuttgart.org
AssignUserID csc-stuttgart csc-stuttgart
DocumentRoot /home/csc-stuttgart/csc-stuttgart.org/pub
[...]
<Location forum>
LogLevel debug
ProxyPass <a href="http://localhost:2080/" title="http://localhost:2080/">http://localhost:2080/</a>
ProxyPassReverse <a href="http://localhost:2080/" title="http://localhost:2080/">http://localhost:2080/</a>
</Location>
</VirtualHost>

Seems to not trigger on csc-stuttgart.org/forum, tried

<Location forum> and <Location /forum> and <Location forum/>.

ProxyPass "/forum" <a href="http://localhost:2080/" title="http://localhost:2080/">http://localhost:2080/</a>
ProxyPassReverse "/forum" <a href="http://localhost:2080/" title="http://localhost:2080/">http://localhost:2080/</a>

Seems to do the trick, but the Reverse does not seem to work. Error Log says

[proxy:debug] mod_proxy.c(1228): [client 129.69.213.139:55350] AH01143: Running scheme http handler (attempt 0)
[proxy:debug] proxy_util.c(2156): AH00942: HTTP: has acquired connection for (localhost)
[proxy:debug] proxy_util.c(2209): [client 129.69.213.139:55350] AH00944: connecting <a href="http://localhost:2080/" title="http://localhost:2080/">http://localhost:2080/</a> to localhost:2080
[proxy:debug] proxy_util.c(2418): [client 129.69.213.139:55350] AH00947: connected / to localhost:2080
[proxy:debug] proxy_util.c(2884): AH02824: HTTP: connection established with [::1]:2080 (localhost)
[proxy:debug] proxy_util.c(3051): AH00962: HTTP: connection complete to [::1]:2080 (localhost)
[proxy:debug] proxy_util.c(2171): AH00943: http: has released connection for (localhost)
[core:info][ client 129.69.213.139:55350] AH00128: File does not exist: /home/csc-stuttgart/csc-stuttgart.org/pub/login

The webserver hat localhost:2080 redirected to /login/ which does not seem to rewritten by ProxyPassReverse to
forum/login accordingly.

Thanks for any ideas!

Florian

Comments

Re: How to proxy web server?

By Florian Lindner at 05/16/2017 - 09:19

Am 15.05.2017 um 17:05 schrieb Florian Lindner:
Ok, I was able to achieve it using:

<VirtualHost *:80>
ServerName forum.csc-stuttgart.org
AssignUserID csc-stuttgart csc-stuttgart
<LocationMatch "^/(?!\.well-known)">
Redirect permanent / <a href="https://forum.csc-stuttgart.org/" title="https://forum.csc-stuttgart.org/">https://forum.csc-stuttgart.org/</a>
</LocationMatch>
DocumentRoot /home/csc-stuttgart/csc-stuttgart.org/pub
CustomLog /home/csc-stuttgart/csc-stuttgart.org/log/access.log combined
ErrorLog /home/csc-stuttgart/csc-stuttgart.org/log/error.log
</VirtualHost>

<VirtualHost *:443>
ServerName forum.csc-stuttgart.org
AssignUserID csc-stuttgart csc-stuttgart
ProxyPreserveHost On
ProxyPass "/" "http://localhost:2080/"
ProxyPassReverse "/" "http://localhost:2080/"
DocumentRoot /home/csc-stuttgart/csc-stuttgart.org/pub
CustomLog /home/csc-stuttgart/csc-stuttgart.org/log/access.log combined
ErrorLog /home/csc-stuttgart/csc-stuttgart.org/log/error.log

SSLEngine On
SSLCertificateFile /home/csc-stuttgart/csc-stuttgart.org/ssl/forum.csc-stuttgart.org.cert
SSLCertificateKeyFile /home/csc-stuttgart/csc-stuttgart.org/ssl/forum.csc-stuttgart.org.key
</VirtualHost>

Re: Re: How to proxy web server?

By Daniel at 05/16/2017 - 11:01

Just add this line first:

ProxyPass /.well-known !

You use the path and ! to specify this as an exception to not proxy.

Always try to define ProxyPass in virtualhost (without location), as
you show possibility A is the simpler one for me, less hassle assured,
less convoluted, imo.

2017-05-16 15:19 GMT+02:00 Florian Lindner < ... at xgm dot de>: