I'm new to Squid, and am investigating whether it would be able to accomplish a task at hand.
I need to "transpose" port 80 of a static IP to the port 1088 on a dynamic IP that has a hostname pointer though no-ip.com. In other words:
somedomain.com has an A record 1.2.3.4
someotherdomain.com a dynamic A record (updated via no-ip.com)
the static IP 1.2.3.4 is served by a proxy (such as Squid?) at port 80 which, when accessed (http://www.somedomain.com), relays the request to someotherdomain.com:1088 and displays it as if it came from 1.2.3.4 (somedomain.com).
somedomain.com cannot be used as a general proxy to access other locations than someotherdomain.com; in fact, the relay in the back-end should be transparent to the user accessing somedomain.com
Thanks for any insights on this!
Ville
What you are looking for is a reverse proxy and yes, Squid can do that.
http_port 1.2.3.4:80 accel defaultsite=www.somedomain.com
cache_peer someotherdomain.com parent 1088 0 no-query originserver
Apache can as well with mod_proxy:
<VirtualHost 1.2.3.4:80>
ServerName www.somedomain.com
DocumentRoot c:/docroot
ProxyPass / http://someotherdomain.com:1088/
ProxyPassReverse / http://someotherdomain.com:1088/
</VirtualHost>
Related
(This SO thread seems to be very similar, but does not answer my problem)
I have a loadbalancer listening on https://loadbalancerurl:443/
which terminates SSL and forwards requests to the IHS (IBM HTTP Server) on port 80.
I need to configure the IHS as a reverse proxy, such that requests get forwarded to https://targeturl:443/
browser --443--> loadbalancer --80--> IHS --443--> target
The reason we need to do this on the IHS, is because on that server we have direct and quick access to change the target url on demand, whereas the loadbalancer is out of our control.
This means, that i need to activate SSL in the IHS, but only for the outgoing requests to the targeturl, but not for the incoming requests.
Pages like
this from IBM
or this blog post
assume that SSL is incoming and outgoing.
Here is the relevant code block of the httpd.conf file:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
SSLProxyEngine on
<VirtualHost *:80>
# ServerName webserverhostname # not needed so far
SSLEnable # without this i get "SSL0263W: SSL Connection attempted when SSL did not initialize."
KeyFile store.kdb # without this i get "SSL0170E: GSK could not initialize, no keyfile specified."
SSLStashFile store.sth
ProxyPass / https://targeturl/
ProxyPassReverse / https://targeturl/
</VirtualHost>
SSLDisable
where the store.kdb contains the CA certificates of the targeturl, as indicated in the SO thread
However, the server continuously spits out the following error message:
SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file, or the specified label is not a 'personal certificate' (no private key). Label='(null)'
As far as i understand, this means that IHS is failing to handle incoming https traffic, which should not happen. It should not happen because the <VirtualHost *:80> specifies port 80, and also because any traffic that reaches the IHS has the SSL terminated by the loadbalancer.
Am i misunderstanding the error message? If not, how can i get this working?
edit to show working solution:
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
SSLProxyEngine on
<VirtualHost *:80>
# ServerName webserverhostname # not needed so far
# SSLEnable # this would activate SSL for incoming traffic
KeyFile store.kdb # this contains the CA certificates of the target server
# SSLStashFile store.sth # would only be needed for incoming SSL
ProxyPass / https://targeturl/
ProxyPassReverse / https://targeturl/
</VirtualHost>
# SSLDisable
SSLEnable should not be present in a virtual host that doesn't actually handle inbound SSL.
SSLStashFile is also not needed. It is unfortunately named.
You should deep dive on the error_log entries you get in the config without these two. There is likely an early SSL error that does not fail startup. The only necessary config even without frontend SSL is just:
SSLProxyEngine on
ProxyPass / https://example.com/
KeyFile /path/to/key.kdb
For one of my customer projects, I have a domain name abc.my-app.com. My server public IP is x.y.z.a .
I have developed a Spring boot based application. In the application, I have configured automatic redirect from http port 8088 to https 8443.
The application is accessible as https://x.y.z.a:8443/ without issues.
The application is also redirected to https when accessed as http://x.y.z.a:8088
in the browser.
Refer https://drissamri.be/blog/java/enable-https-in-spring-boot/ on how I have configured this.
I also have setup apache 2.4.18 version on my server. I have configured virtual hosts to be able to redirect to https when my application is accessed from browser as https://abc.my-app.com to https://abc.my-app.com:8443.
But, if user accesses http://abc.my-app.com (without https), the apache does not redirect to my application on https.
How do I enable Apache to redirect from http://abc.my-app.com to https://abc.my-app.com?
My Virtual host configuration is below:
<VirtualHost *:80 *:8080 *:443>
ServerAdmin webmaster#xyzc
DocumentRoot /var/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/apache2/ssl/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/ca.key
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName Off
ProxyPreserveHost On
# Servers to proxy the connection, or
# List of application servers Usage
ProxyPass / https://x.y.z.a:8443/
ProxyPassReverse / https://x.y.z.a:8443/
ServerName ip-x-y-z-a
</VirtualHost>`
I finally got it working. Not sure though this is the right way.
In Spring boot application, I configured redirect from port 80 to port 443.
Apache2 redirects from 443 to my application running on port 8443.
at first sorry for my bad english.
I am using Plesk 12 on my Ubuntu 14.04 Server. In the past i made Tor hidden services for my Domains simply whit the Apache virtual Host Files. And it Works fine.
But now i am using Plesk and now i dont understand hor to make a Exsiting Site reachable over a Hidden Service.
The Site www.example.com is available an the Host settings are :
<VirtualHost 85.214.50.74:7080 >
ServerName "example.com:80"
ServerAlias "www.example.com"
ServerAlias "ipv4.example.com"
ServerAdmin "admin#example.com"
.....
Now i added a second Virtual host :
<VirtualHost 85.214.50.74:8081 >
ServerName "xxxxxxxxxxxxxxxx.onion:80"
ServerAlias "xxxxxxxxxxxxxxxx.onion"
ServerAdmin "admin#xxxxxxxxxxxxxxxx.onion"
......
In the Torrc the Hidden service ist Corret and it generated a kex and a hostname. But if i reload Apache and Nginx and restart Tor, i cant reach the Hidden service.
You shouldn't add the onion site as a virtual host. Apache doesn't serve the requests to the .onion site directly.
Instead, edit your torrc file and add something like:
HiddenServiceDir /var/lib/tor/example.com
HiddenServicePort 8081 127.0.0.1:80
This runs a hidden service on port 8081 that proxies to port 80 on the local host. When you first start Tor it will generate all the keys and the onion address for your site which you can find in /var/lib/tor/example.com/hostname
If you have multiple virtual hosts, you might need to change the HiddenServicePort to use the hostname (or serveralias), but make sure it resolves locally so you're proxying to the local machine.
Actually we are developing a new website in PHP . So is it possible to create a environment where we can share our works done .
in simple One wamp and two pc connected with lan is possible or not ? if it is how??
Within your VHOST definition there should be a <Directory ......</Directory> parameter
Inside that add
If you are using Apache 2.2.x
Allow from 192.168.1
If you are using Apache 2.4.x
Require ip 192.168.1
This will allow any ip address starting with 192.168.1 to connect to that VHOST
If you want to be specific and only allow certain ip's you can use this instead
Allow from 192.168.1.10 192.168.1.11
Or, if youare using Apache 2.4
Require ip 192.168.1.10 192.168.1.11
So your VHOST should look like this
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/countlead"
ServerName domain.com
ServerAlias www.domain.com
<Directory "C:/xampp/htdocs/countlead">
AllowOverride All
Require local
Require ip 192.168.2
</Directory>
</VirtualHost>
if run xampp or wamp (apache), and If Dmz (modem option) Forward packet to pc that wamp is run on it (LAN IP Address: exp:192.168.x.x) You Can Use His Remote Ip address To See (wamp/xampp) Root Directory .
I have a computer at home running Ubuntu 10.10. I am trying to make a server and host my own website, and I am running a LAMP (Linux, Apache, MySql, PHP) server. But my IPS blocks incoming traffic on port 80. To get around this, I want my server to take HTTP requests from port 8080, in addition to port 80. But after I tried to add port 8080 to the accepted ports file, my browser cannot access it. It says "The server at mywebsite.com is taking too long to respond.". Does anyone know why it is timing out and not returning the webpage, or how I can fix this? Here is what I've done so far:
The port.conf file contains:
NameVirtualHost *:80
Listen 80
Listen 8080
The apache2.conf file contains:
# Include the virtual host configurations:
Include sites-enabled/
NameVirtualHost *:80
NameVirtualHost *:8080
The sites-available/default file contains:
<VirtualHost *:80 *:8080>
ServerAdmin webmaster#localhost
Lastly I restarted apache:
$: /etc/init.d/apache2 restart
All this, as far as I can tell, should add port 8080 to for HTTP requests. When I type in "localhost" or "localhost:8080" into the web browser, it returns my website. If I type in "mysite.com" or "mysite.com:80", the site also works. But my website does not work when I search for "mysite.com:8080"; rather it times out. The reason "mysite.com:80" works is because I am accessing the site from within my local network, so I don not need to go through the modem, which would block port 80. Does anyone know why this is not working?
FIX: I'm dumb and forgot to add port 8080 on the list of acceptable ports on my Ubuntu firewall.
Have you had a look at the requests with wireshark or something like that? localhost will be going through the loopback device, and I'm guessing that when you request mysite.com the request is going out over a real network device. Check whether the request is getting back in again from your network - port 8080 might be blocked somewhere else.