I have an nginx instance behind apache. I have a rewrite in apache to pass the REMOTE_USER through to the backend:
<Proxy *>
...
RewriteRule .* - [E=PROXY_USER:%{LA-U:REMOTE_USER}]
RequestHeader add Proxy-User %{PROXY_USER}e
RequestHeader add Remote-User %{PROXY_USER}e
</Proxy>
So in my backend nginx instance, i can see the env variables HTTP_PROXY_USER and HTTP_REMOTE_USER. Good.
Rather than fork off my authentication code to pick up HTTP_REMOTE_USER rather than REMOTE_USER, is there a way i can force nginx to rewrite the header for me?
Related
I am trying to reverse proxy example.com to production.example.com which lives on a different server. However after adding proxy rules (apache) on the main domain and adding below on production.example.com wp-config.php
define( 'WP_SITEURL', "https://example.com/" );
I was able to load the site without any issue. However when i try to click on a post, the post loads from production.example.com
Example : https://production.example.com/hello-world/
How can i fix this issue letting the site to load on siteurl instead.
Considering that example.com is your external domain.
In the database (or ui directly) I had to update both siteurl and home
update wp_options set option_value="https://example.com" where option_name in ("siteurl", "home");
Pasting also the reverse proxy settings for apache:
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile "/sslcert/server.crt"
SSLCertificateKeyFile "/sslcert/server.key"
ProxyRequests Off
KeepAlive Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# These are required for https reverse proxy to work
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPass / http://non-public-address/
ProxyPassReverse / http://non-public-address/
ProxyPreserveHost On
ErrorLog "logs/wordpress.revproxy-sslerror_log"
CustomLog "logs/wordpress.revproxy-sslaccess_log" common
</VirtualHost>
I have a small problem with redirecting everything from http to https.
Here is the setup of my environment:
The server is a docker host which runs multiple docker containers. I'm trying to access a container that listens on port 9000. so I have a ProxyPass in the vhost file that looks like this:
<VirtualHost *:80>
ProxyPreserveHost On
ServerName subdomain.domain.com
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://localhost:9000/
Redirect / https://subdomain.domain.com/
</VirtualHost>
The SSL Certificate is issued by AWS.
This server is behind a AWS Load Balancer. From the load balancer I have 2 target groups. One is redirecting 80 to 80, and the other 443 to 443.
Right now the https://subdomain.domain.com is throwing 502 bad gateway error.
Could someone have any idea what the issue here might be? Thanks in advance!
Does this help: https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache?
It seems like you need to redirect permanent.
I've tried adding this to the vhosts file:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{subdomain.domain.com/}%{REQUEST_URI} [L,R=permanent]
as indicated in the aws documentation. It doesn't work, I get an error saying invalid redirect. No idea what the problem is.
Anyone else experienced this problem?
i bought a normal ssl (DV ssl) for my site www.example.com
i created ssl on cpanel with no problem.
so i added these lines in .htaccess and my website works to https very nice.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
ok here is my problem :
this ssl works just for https://www.example.com (bought for just 1 address) so if every body type in browser https://example.com would get certificate error!
i googled so much and find that i must create a virtualhost in httpd.conf to bypass certificate error.
something like this code:
NameVirtualHost *:443
<VirtualHost *:443>
ServerName example.com
SSLCertificateFile /etc/ssl/apache2/server.crt
SSLCertificateKeyFile /etc/ssl/apache2/server.key
SSLEngine on
RewriteEngine on
RewriteRule ^/(.*) https://www.example.com%{REQUEST_URI} [L,R]
</VirtualHost>
but i can't change in httpd.conf because my site works on a shared hosting.
so i phoned to hosting admin and ask him to create a virtualhost for me but no success!!
how could i solve this problem? I would appreciate to anyone solve it.
If your certificate is for www.example.com and not for example.com you will always get a certificate warning when trying to access https://example.com because the hostname in the URL does not match the subject(s) of the certificate.
This is simply how certificate validation works and there is no change to httpd.conf, no redirection, no DNS CNAME, no tricks, no whatever which will help you solve this issue. Your only choice is to have a certificate which also matches example.com and there are several CA which offer you free certificates for this case.
I know that this is a common question, and there are answers for the same, but the reason I ask this question is because I do not know how to approach the solution. Depending on the way I decide to do it, the solution I can pick changes. Anyways,
I have an AWS EC2 instance. My DNS is handled by Route53 and I own example.com. Currently, on my instance, there are two services running:
example.com:80 [nginx/php/wordpress]
example.com:8142 [flask]
What I want to do is, make app.example.com point to example.com:8142. How exactly do I go about doing this? I am pretty sure that I will have to point app.example.com to the same IP as example.com, since it is the same box that will be serving it. And, nginx will be the first one to handle these requests at port 80. Is there a way with which I can make nginx forward all requests to localhost:8142?
Is there a better way that I can solve this problem?
You could add a virtual host for app.example.com that listens on port 80 then proxy pass all requests to flask:
server {
listen 80;
server_name app.example.com;
location / {
proxy_pass http://localhost:8142;
}
}
This is how you would do it with apache.
$cat /etc/apache2/sites-available/app.conf
<VirtualHost *:80>
ServerName app.example.com
ProxyPreserveHost On
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://localhost:8142/
ProxyPassReverse / http://localhost:8142/
</VirtualHost>
You can redirect your domain to a certain port. This depends on the web service you are using -Nginx/Apache. If you are using Nginx, you’ll need to do add a server block to your Nginx’s website config. This can be achieved by using the bellow
location /{
proxy_pass http://127.0.0.1:8142/;
}
If you are using Apache, you have two options, the first one is to add a redirection rule in your website’s .htaccess and the second one would be to do it directly in the Apache’s Vhost file. I like using the first option. In your .htaccess file, you can add the following rule
RewriteEngine on
# redirect to 3000 if current port is not 3000 and "some-prefix/" is matched
RewriteRule ^/(.*[^/])/?$ http://blabla:3000/$1/ [R=301,L]
If you want to use Apache’s Vhost file, I’ll recommend going through the following tutorial link
I have ubuntu 16 and nginx with two NodeJS instances, one for front, one for admin.
In, I have:
/etc/nginx/sites-available/default
I've added:
server {
...
location / {
proxy_pass http://127.0.0.1:8001;
}
location /admin {
rewrite ^/admin(.*) /$1 break;
proxy_pass http://127.0.0.1:8002;
}
location /other {
rewrite ^/other(.*) /$1 break;
proxy_pass http://127.0.0.1:8003;
}
...
}
I've used this to have access for admin.
I put my plone site on a remote sever. I configured the virtual host.
When I get to the default page, it just shows as plain html format. No CSS no style.
My rewrite rule is:
^/(.*) http://localhost:8085/VirtualHostBase/http/interoptest-vlab.drimm.u-bordeaux1.fr:80/VirtualHostRoot/$1 [P,L]
The site is
http://interoptest-vlab.drimm.u-bordeaux1.fr/
you can go and have a look.
The rest is like this.
<VirtualHost *:80>
ServerName interoptest-vlab.drimm.u-bordeaux1.fr
ServerAlias www.interop-vlab.eu
ServerSignature On
ProxyVia On
# prevent your web server from being used as global HTTP proxy
<LocationMatch "^[^/]">
Deny from all
</LocationMatch>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteLogLevel 1
Rewritelog /var/log/apache2/plone4_rewrite_log
RewriteRule ^($|/.*) \
http://127.0.0.1:8085/VirtualHostBase/\
http/%{SERVER_NAME}:80/VirtualHostRoot$1 [L,P]
</VirtualHost>
You want to use the excellent RewriteRule Witch to generate your VHM rewriting configurations.
For your settings, the witch recommends you use:
RewriteRule ^($|/.*) \
http://127.0.0.1:8085/VirtualHostBase/\
http/%{SERVER_NAME}:80/VirtualHostRoot$1 [L,P]
This differs from yours in that the root is handled better, and the server name is auto-included from the browser headers, ensuring that you always use the correct server name.
However, your site is serving just the homepage, even a obvious 404 not found response results in the homepage. Something is rewriting your paths to discard all path information, perhaps before the VHM proxy rewrite rule is executed.