New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apache ProxyPass ! directive #293

Open
chongma opened this Issue Mar 10, 2017 · 11 comments

Comments

Projects
None yet
3 participants
@chongma

chongma commented Mar 10, 2017

For support, please use our forums: http://forums.sentora.org/, you can search for solutions there.
Feel free to open a new question if none of the threads solve your problem.
Please, do NOT use this issue tracker for support.

For bug reports please provide the following information:

Operating System:
CentOS7
Operating System Version number:
centos-release-7-3.1611.el7.centos.x86_64
Sentora Version:
1.0.3
Issue:
Declaring the following directives in vhosts.conf

ProxyPass "/.well-known/" !             # don't pass lets encrypt folder
ProxyPass "/" ajp://localhost:8010/     # pass root to tomcat server

should result in .well-known folder NOT being proxy passed. However it is still passed
How to reproduce it:
In Module Admin->Apache Config choose a virtual host. enter the directives above. try to access .well-known but the folder has been passed to tomcat and gets a tomcat 404 error
Suggested fix or solution if you have any:
check httpd configuration for anything that may be blocking mod_proxy and the ProxyPass directive from functioning correctly

Thank you on the behalf of the Sentora Team.

V 0.0.2

@chongma

This comment has been minimized.

Show comment
Hide comment
@chongma

chongma Mar 14, 2017

it seems to only happen when using SSL. i.e. after Sentora rewrites port 80 to 443 using Apache Config

<virtualhost *:80>
ServerName domain.tld
ServerAdmin administrator@domain.tld
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</virtualhost>

chongma commented Mar 14, 2017

it seems to only happen when using SSL. i.e. after Sentora rewrites port 80 to 443 using Apache Config

<virtualhost *:80>
ServerName domain.tld
ServerAdmin administrator@domain.tld
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</virtualhost>
@MBlagui

This comment has been minimized.

Show comment
Hide comment
@MBlagui

MBlagui Mar 14, 2017

Contributor

I don't this we should use this routine any more. HTTP to SSL redirection should be done another way.

We will clean this after the release quickly.

Contributor

MBlagui commented Mar 14, 2017

I don't this we should use this routine any more. HTTP to SSL redirection should be done another way.

We will clean this after the release quickly.

@MBlagui MBlagui added this to the 1.0.5 milestone Mar 14, 2017

@MBlagui MBlagui added the bug label Mar 14, 2017

@chongma

This comment has been minimized.

Show comment
Hide comment
@chongma

chongma Mar 14, 2017

this page https://httpd.apache.org/docs/2.4/rewrite/avoid.html recommends to use Redirect

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>

chongma commented Mar 14, 2017

this page https://httpd.apache.org/docs/2.4/rewrite/avoid.html recommends to use Redirect

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>
@PhilipMcGaw

This comment has been minimized.

Show comment
Hide comment
@PhilipMcGaw

PhilipMcGaw Mar 14, 2017

PhilipMcGaw commented Mar 14, 2017

@chongma

This comment has been minimized.

Show comment
Hide comment
@chongma

chongma Mar 14, 2017

I haven't tested it but that is how Apache recommends redirecting to HTTPS. I assumed it would redirect anything above the root. Have you checked? Otherwise I will test tomorrow and report back

chongma commented Mar 14, 2017

I haven't tested it but that is how Apache recommends redirecting to HTTPS. I assumed it would redirect anything above the root. Have you checked? Otherwise I will test tomorrow and report back

@PhilipMcGaw

This comment has been minimized.

Show comment
Hide comment
@PhilipMcGaw

PhilipMcGaw Mar 14, 2017

PhilipMcGaw commented Mar 14, 2017

@MBlagui

This comment has been minimized.

Show comment
Hide comment
@MBlagui

MBlagui Mar 15, 2017

Contributor

The redirect should be in .htaccess if you want to enforce the SSL instead of the vhost.

We will see later how we improve the SSL implementation

Contributor

MBlagui commented Mar 15, 2017

The redirect should be in .htaccess if you want to enforce the SSL instead of the vhost.

We will see later how we improve the SSL implementation

@PhilipMcGaw

This comment has been minimized.

Show comment
Hide comment
@PhilipMcGaw

PhilipMcGaw Mar 15, 2017

PhilipMcGaw commented Mar 15, 2017

@PhilipMcGaw

This comment has been minimized.

Show comment
Hide comment
@PhilipMcGaw

PhilipMcGaw Mar 15, 2017

PhilipMcGaw commented Mar 15, 2017

@chongma

This comment has been minimized.

Show comment
Hide comment
@chongma

chongma Mar 16, 2017

I have tested Redirect "/" "https://www.example.com/" on virtualbox and it works perfectly well. it does not redirect to the root. i tested with

  • example.com/index.html
  • example.com/test.html
  • example.com/subdir/test.html

and all redirected through from http to https with absolutely no problem

chongma commented Mar 16, 2017

I have tested Redirect "/" "https://www.example.com/" on virtualbox and it works perfectly well. it does not redirect to the root. i tested with

  • example.com/index.html
  • example.com/test.html
  • example.com/subdir/test.html

and all redirected through from http to https with absolutely no problem

@MBlagui

This comment has been minimized.

Show comment
Hide comment
@MBlagui

MBlagui Mar 30, 2017

Contributor

We first implement a clean Vhosts with support for SSL then we will see if we can tune the performance and add a check box to enforce SSL.

Contributor

MBlagui commented Mar 30, 2017

We first implement a clean Vhosts with support for SSL then we will see if we can tune the performance and add a check box to enforce SSL.

@MBlagui MBlagui added the Delayed label Mar 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment