I'm trying to use mod_proxy (apache 2.2) in front of a tomcat (6.0.35) instance. I have this in my apache config:
ProxyPass /Touchpad/ ajp://10.10.6.1:8010/Touchpad/
The client is trying to post a multipart form, and I see the proper header come in on the apache side, but it gets rewritten to text/plain.
I do have a DefaultType set to text/plain globally, but don't understand why that might override the real content type from the client.
Any ideas?
Related
I use wicket 8.10, it is installed on tomcat and proxied by nginx. SSL certificates configured in nginx config. Also Nginx forwards all HTTP requests to HTTPS.
The problem is following:
When I submit any form wicket returns response headers where the Location tag contains url with HTTP protocol.
Why it is important:
The last chrome update makes browser show alert when Location contains HTTP protocol on page opened by HTTPS. Before that, nginx quietly redirected the request, but now user see alert page from browser (similar to when certificate is invalid or absence).
The problem here is that your Wicket application does not know that it is behind a proxy.
There are two solutions:
use XForwardedRequestWrapperFactory
It will wrap the Tomcat's HttpServletRequest with one that reads X-Forwarded-*** request headers.
Just make sure that Nginx exports X-Forwarded-Proto request header
use HttpsMapper
Just overwrite protected Scheme getDesiredSchemeFor(Class<? extends IRequestablePage> pageClass) to return Scheme.HTTPS in PRODUCTION mode and Scheme.HTTP in DEVELOPMENT mode (I assume you don't use Nginx proxy while developing)
The simplest solution I have found is to use the nginx directive:
proxy_redirect http://example.com https://example.com;
It changes location header from http://example.com/any/path to https://example.com/any/path
when several clients request the same file, which is responsed by the gzip function in nginx . I hope that other responses could use the cached gzip content . How to config ?
There was a discussion of the same in NGINX forums.
I find that this suggestion makes the most sense. However, it mostly applies to when you do proxy with NGINX and not fastcgi cache.
Essentially you will ensure Accept-Encoding: gzip is sent to your backend to ensure that you always generate/cache gzipped content, and then use gunzip module for clients that don't request gzip encoding.
I have an instance of Nginx Plus deployed as a reverse proxy. The proxy app returns a "set-cookie" header in the response which I'd like to modify (the domain associated with the to-be cookie):
Change
set-cookie:key=value;Path=/;HttpOnly;Domain=my.domain.net
to
set-cookie:key=value;Path=/;HttpOnly;Domain=new.domain.com
Needless to say I can't modify the application to use something like an outbound rewrite rule.
The Nginx http proxy module has two directives which manipulate the “Set-Cookie” header in the response from the upstream server.
proxy_cookie_path can change the path attribute of the “Set-Cookie” header.
proxy_cookie_domain can change the domain attribute of the “Set-Cookie” header.
i have installed wordpress and i've set SSL (LetsEncrypt).
It works fine since few months.
Now i want to add Varnish to speed up site and i have one issue.
My config is:
MyPage.com (443) -> Varnish (80) -> MyPage (8080) no https.
When i open page, everything is OK
besides address to static files.
All URL's to CSS, JS, Images are served as HTTP, NOT HTTPS.
That is because in the end page is served by Apache without SSL.
Do you know how to change address to static files, that they will be served as HTTPS (https://MyPage.com/my.js instead of http://MyPage.com/my.js)?
Wordpress save the links absolutly in the database.
Soloution 1:
You edit all entries in the Database
Soloution 2:
Simple use this Plugin to write all url´s in the database from http to https:
https://de.wordpress.org/plugins/really-simple-ssl/
You might need to make sure the X-Forwarded-Proto header is set and passed all the way back through Varnish to the backend.
Assuming you have Apache:443 -> Varnish:80 -> Backend:8080
Then in the Apache config that is handling the https add the following to the VirtualHost
RequestHeader set X-Forwarded-Proto "https"
Varnish should forward this by default, unless you have done anything custom to the config that might prevent it.
This header should then be respected and used to set the protocol on the urls for assets.
Apache has something called VirtualHosts.
You can configure it in that way that when you go to example.com get a different site than example2.com even if you use the same IP's.
A HTTP Request looks something like this:
GET /index.html HTTP/1.0
[some more]
How does the server know you are trying to access www.example.com or www.example2.com?
In addition to the GET line, the browser sends a number of headers. One of these headers is the Host header, which specifies which host the request is targeted at.
A simple example request could be:
GET /index.html HTTP/1.0
Host: example.com
This indicates that the browser wants whatever is at http://example.com/index.html, and not what is at http://example2.com/index.html.
Further information:
The Host header in the HTTP specification
IIS also has this and I believe refers to it as host header redirection.
The http packet header contains the destination hostname which the server uses to determine which website to serve up. Some more reading: http://www.it-notebook.org/iis/article/understanding_host_headers.htm