Re: [users@httpd] Use of ProxyPassReverse
Awesome explanation Matt! El mar., 29 ene. 2019 a las 19:36, Muggeridge, Matt () escribió: > > ProxyPassReverse is used for rewriting response headers related only to > redirection. As per the docs, it affects only “Location”, > “Content-Location” and “URI” headers on HTTP redirect responses. > > > > The example they give is helpful (although cluttered with other concepts). > Here is a more crystalized version of the example and a protocol exchange for > clarity. > > > > ProxyPass "/mirror/foo/" "http://backend.example.com/"; > ProxyPassReverse "/mirror/foo/" "http://backend.example.com/"; > > If the backend server uses a redirect to some other location on the same > backend server, the reverse-proxy rewrites the ‘redirect headers’ according > to the ProxyPassReverse directive. > > > > Let’s say the backend.example.com uses the location header to redirect a > request http://backend.example.com/bar to http://backend.example.com/quux. > The end-to-end protocol exchange looks something like (caveat: written > without validating): > > > > Client Request: > > GET /mirror/foo/bar HTTP/1.1 > > Host: example.com > > > > Reverse Proxy rewrites it to the backend (courtesy of the ProxyPass > directive): > > GET /bar HTTP/1.1 > > Host: backend.example.com > > > > Backend Server responds with a redirect using the location header: > > HTTP/1.1 302 Found > > Location: http://backend.example.com/quux > > > > Reverse Proxy Intervenes (courtesy of the ProxyPassReverse directive) and > rewrites the Location header to be: > > HTTP/1.1 302 Found > > Location: http://example.com/mirror/foo/quux > > > > The client then reissues the request to the Location > http://example.com/mirror/foo/quux and the Reverse Proxy forwards it onto > http://backend.example.com/quux. > > > > Matt. > > > > > > From: Ananya Dey [mailto:ananyadey...@gmail.com] > Sent: Tuesday, 29 January 2019 9:13 PM > To: users@httpd.apache.org > Subject: [users@httpd] Use of ProxyPassReverse > > > > Hi all, > > > > I am trying to connect my Apache webserver with my backend tomcat server. I > am using ProxyPass to do the same. Is there a need to put ProxyPassReverse > also along with it? I am not able to understand the working functionality of > the two in depth. Could someone please elaborate on the same . > > > > Thanks > > Ananya -- Daniel Ferradal HTTPD Project #httpd help at Freenode - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Stupid question time - VirtualHost
Maybe related to using a name instead of an ip address with Listen directive. IMO using names with Listen directive is a terrible idea, documentation of Listen directive specifies you should use ip address too. Is that name correctly resolving to the specific ip address in the system? El mar., 5 feb. 2019 a las 17:57, Jeff Cauhape () escribió: > > Ok. I changed the port number in httpd.conf to something I know won’t work, > and attempted a restart of apache. > > > > [root@web1e conf]# apachectl start > > Job for httpd.service failed because the control process exited with error > code.See "systemctl status httpd.service" and > "journalctl -xe" for details. > > > > [root@web1e conf]# systemctl status httpd.service > > ● httpd.service - The Apache HTTP Server > >Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor > preset: disabled) > >Active: failed (Result: exit-code) since Tue 2019-02-05 08:51:13 PST; 1min > 46s ago > > Docs: man:httpd(8) > >man:apachectl(8) > > Process: 16769 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, > status=1/FAILURE) > > Process: 13948 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful > (code=exited, status=0/SUCCESS) > > Process: 16768 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND > (code=exited, status=1/FAILURE) > > Main PID: 16768 (code=exited, status=1/FAILURE) > > > > Feb 05 08:51:13 web1e.detr.nv systemd[1]: Starting The Apache HTTP Server... > > Feb 05 08:51:13 web1e.detr.nv httpd[16768]: (13)Permission denied: AH00072: > make_sock: could not ...082 ß The significant error. > > > >The full message is “(13) Permission > denied: AH00072: make sock: could not bind to address 10.xxx.xxx.xx:1082” > > > > Feb 05 08:51:13 web1e.detr.nv httpd[16768]: no listening sockets available, > shutting down > > Feb 05 08:51:13 web1e.detr.nv httpd[16768]: AH00015: Unable to open logs > > Feb 05 08:51:13 web1e.detr.nv systemd[1]: httpd.service: main process exited, > code=exited, statu...LURE > > Feb 05 08:51:13 web1e.detr.nv kill[16769]: kill: cannot find process "" > > Feb 05 08:51:13 web1e.detr.nv systemd[1]: httpd.service: control process > exited, code=exited status=1 > > Feb 05 08:51:13 web1e.detr.nv systemd[1]: Failed to start The Apache HTTP > Server. > > Feb 05 08:51:13 web1e.detr.nv systemd[1]: Unit httpd.service entered failed > state. > > Feb 05 08:51:13 web1e.detr.nv systemd[1]: httpd.service failed. > > Hint: Some lines were ellipsized, use -l to show in full. > > > > > > Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator > > Nevada Department of Employment, Training and Rehabilitation > > (775) 684-3804 (office) jpcauh...@detr.nv.gov > > > > From: Frank Gingras [mailto:thu...@apache.org] > Sent: Monday, February 4, 2019 4:35 PM > To: users@httpd.apache.org > Subject: Re: [users@httpd] Stupid question time - VirtualHost > > > > Depending on the error returned by the OS, httpd can't do much in some cases. > It would be useful if you were to share the verbatim error, as a start. > > > > On Mon, 4 Feb 2019 at 13:17, Jeff Cauhape wrote: > > Yes, it was the Secure Linux preventing the use of the port. I wonder if the > error message should be broadened to include > the possibility that security policies are not allowing it's use, rather than > just assuming that the port is not available because > it's already in use. > > I added the port to the security policy with this command: > > # semanage port -a -t http_port_t -p tcp 280 > > I had already added the port to the firewall > > [root@web1e conf]# firewall-cmd --info-zone=public > > public (active) > target: default > ... > services: dhcpv6-client https http ssh > ports: 9100/tcp 9101/tcp ... 280/tcp > ... > > Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator > Nevada Department of Employment, Training and Rehabilitation > (775) 684-3804 (office) jpcauh...@detr.nv.gov > > -Original Message- > From: Jeff Cauhape [mailto:jpcauh...@detr.nv.gov] > Sent: Monday, February 4, 2019 8:29 AM > To: users@httpd.apache.org > Subject: RE: [users@httpd] Stupid question time - VirtualHost > > Luca, > > Thanks for the suggestion. It looks like we may have stumbled over the Secure > Linux policy settings. I'll know more later this morning. I'll post a follow > up when I figure it out. > > Thanks, > > Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator > Nevada Department of Employment, Training and Rehabilitation > (775) 684-3804 (office) jpcauh...@detr.nv.gov > > -Original Message- > From: Luca Toscano [mailto:toscano.l...@gmail.com] > Sent: Saturday, February 2, 2019 11:29 AM > To: users@httpd.apache.org > Subject: Re: [users@httpd] Stupid question time - VirtualHost > > Hi Jeff! > > Il giorno ven 1 feb 2019 alle ore 16:02 Jeff Cauhape > ha scritto: > > > > My usage of Apache has been pretty plain vanill
Re: [users@httpd] Re: Logging issues with custom Apache2 module
This was the bit I was missing! Thanks! --Tom Noonan II On Wed, Feb 6, 2019 at 3:45 PM Eric Covener wrote: > On Wed, Feb 6, 2019 at 3:38 PM Tom Noonan wrote: > > > > Good afternoon: > > > > I've written a custom Apache2 module and I'm having some difficulty with > logging. Logging is working as expected using the global log level. For > example, if I set the following I get debug logs from my module: > > > > LogLevel Debug > > > > However, if I attempt to set the loglevel for only my module I do not > see debug logs: > > > > LogLevel Warn mod_proxy_jwt_auth.c:Debug > > > > In looking at the logs I see other modules output "[date] > [module_name:level]" whereas mine is outputting "[date] [:level]". I'm > guessing this is a factor in the per-module log level not working and that > I'm getting some part of the module API wrong. However, I reviewed > https://httpd.apache.org/docs/2.4/developer/modguide.html and I simply > don't see my error. > > > > The source of my module is here: > https://github.com/Root-App/mod_proxy_jwt_auth/blob/master/mod_proxy_jwt_auth.c > > > > Can anyone advise? Thanks! > > > > --Tom Noonan II > > There is a slightly different way to do do the AP_MODULE_DECLARE_DATA > stuff in 2.4 that results in this macro being added to your code: > > APLOG_USE_MODULE(proxy_jwt_auth) > > You can also just add it explicitly, which is needed if you use > multiple C files for the module. > > The alternate way is module AP_MODULE_DECLARE_DATA > mod_proxy_jwt_auth_module; at the top and > AP_DECLARE_MODULE(proxy_jwt_auth) -- you should see that pattern in > the standard mods in 2.4. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] 403 Forbidden Error on Apache 2.4
Directory / is the root of the filesystem, so it should always be set in server config with Require all denied, it is not the documentroot, chances are you have a Directory directive elsewhere denying, also make 100% sure you don't mix Order/Allow/Deny with 2.4 directives. So: Server config Require all denied in virtualhost and for documentroot: DocumentRoot /path/do/docroot ### # Other directives here Require all granted El mié., 6 feb. 2019 a las 6:03, Dan Ehrlich () escribió: > > I think it’s the L in your rewrite rule. > > It stands for Last and means it won’t process any further rules. Remove it > and it should (maybe) work. > > Someone else feel free to correct me if I’m wrong. > > > On Feb 5, 2019, at 8:55 PM, Jayaram Ponnusamy > wrote: > > Dear All, > Our Site is Public Site and there is no restriction @ any level. We are using > apache on top of Java based CMS (Tomcat Server). > Recently we upgraded Apache from 2.2.21 to 2.4.25. Where ever Order > allow,deny & Allow from all coming there we changed it to Require all granted > but root page only loading without any issue. We are getting 403 Forbidden > Message on Rest of the Pages. Kindly please help how to enable permission to > all folder and its subfolders in 2.4.25. > > For Example: > Working: > http://domain.com/sites > > Notworking: > http://domain.com/newsroom > http://domain.com/events > http://domain.com/about > & Other pages > > RewriteEngine on > RewriteRule ^/+$ /sites/ [R,L] > DocumentRoot "/apps/apache2.4" > > Options FollowSymLinks > AllowOverride None > Require all granted > -- Daniel Ferradal HTTPD Project #httpd help at Freenode - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: Logging issues with custom Apache2 module
On Wed, Feb 6, 2019 at 3:38 PM Tom Noonan wrote: > > Good afternoon: > > I've written a custom Apache2 module and I'm having some difficulty with > logging. Logging is working as expected using the global log level. For > example, if I set the following I get debug logs from my module: > > LogLevel Debug > > However, if I attempt to set the loglevel for only my module I do not see > debug logs: > > LogLevel Warn mod_proxy_jwt_auth.c:Debug > > In looking at the logs I see other modules output "[date] > [module_name:level]" whereas mine is outputting "[date] [:level]". I'm > guessing this is a factor in the per-module log level not working and that > I'm getting some part of the module API wrong. However, I reviewed > https://httpd.apache.org/docs/2.4/developer/modguide.html and I simply don't > see my error. > > The source of my module is here: > https://github.com/Root-App/mod_proxy_jwt_auth/blob/master/mod_proxy_jwt_auth.c > > Can anyone advise? Thanks! > > --Tom Noonan II There is a slightly different way to do do the AP_MODULE_DECLARE_DATA stuff in 2.4 that results in this macro being added to your code: APLOG_USE_MODULE(proxy_jwt_auth) You can also just add it explicitly, which is needed if you use multiple C files for the module. The alternate way is module AP_MODULE_DECLARE_DATA mod_proxy_jwt_auth_module; at the top and AP_DECLARE_MODULE(proxy_jwt_auth) -- you should see that pattern in the standard mods in 2.4. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: Logging issues with custom Apache2 module
Good afternoon: I've written a custom Apache2 module and I'm having some difficulty with logging. Logging is working as expected using the global log level. For example, if I set the following I get debug logs from my module: LogLevel Debug However, if I attempt to set the loglevel for only my module I do not see debug logs: LogLevel Warn mod_proxy_jwt_auth.c:Debug In looking at the logs I see other modules output "[date] [module_name:level]" whereas mine is outputting "[date] [:level]". I'm guessing this is a factor in the per-module log level not working and that I'm getting some part of the module API wrong. However, I reviewed https://httpd.apache.org/docs/2.4/developer/modguide.html and I simply don't see my error. The source of my module is here: https://github.com/Root-App/mod_proxy_jwt_auth/blob/master/mod_proxy_jwt_auth.c Can anyone advise? Thanks! --Tom Noonan II >
Re: [users@httpd] How to fix HTTP 100-continue from client HTTP 417 error in Apache 2.4.10?
Hello Dan, On Wed, 6 Feb 2019 at 13:05, Dan Ehrlich wrote: > > Looks like you just need to enable mod_headers > (http://httpd.apache.org/docs/current/mod/mod_headers.html) and then add the > below text that they mention in the Stack Over question? > > You might need to run “a2enmod headers” from terminal once to get it loaded > into Apache HTTPD forever, but that’s it. > > Btw put that text (assuming you’re fine running it for every website on that > server) in either /etc/apache2/apache2.conf. Might be /etc/apache2/httpd.conf > can’t remember > For me it's /etc/apache2/apache2.conf So the steps I need to perform = i) Put below code at end of the apache2.conf file & save it. ii) Run “a2enmod headers” iii) restart apache2 iv) Test back. Am I right? > Does this help? > > > “ > > > > RequestHeader unset Expect early > > > > “ > > > On Feb 5, 2019, at 11:26 PM, Amey Abhyankar wrote: > > Hello, > > I am using Apache 2.4.10 server on Debian 8.11. > > I am having following issue = Request sender is sending Expect: > 100-Continue" in header. > > Reference URL suggesting the fix = > https://stackoverflow.com/questions/3889574/apache-and-mod-proxy-not-handling-http-100-continue-from-client-http-417 > > How to fix this issue? Thanks. > > Regards, > Amey. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org