0

I'm not sure if it's possible what I'm trying to do but I have a few applications on multiple servers. I have one server for gitlab, one for jenkins and one for sonarqube. I want to be able to navigate to them by using my domain as follows:

gitlab > https:// git.mydomain.com
jenkins > https:// jenkins.mydomain.com
sonarqube > http:// sonar.mydomain.com

What I'm trying to do is setup a reverse proxy with apache2 on a 4th server that runs independent from the applications. Here is what I tried to do:

<VirtualHost *:80>
    ServerName http:// mydomain.com
    ProxyPass http:// sonar.mydomain.com/ http:// sonar.mydomain.com:9000/
    ProxyPassReverse http:// sonar.mydomain.com http:// sonar.mydomain.com:9000/
    ProxyPass http:// jenkins.mydomain.com/ https:// jenkins.mydomain.com:8081/
    ProxyPassReverse http:// jenkins.mydomain.com/ https:// jenkins.mydomain.com:8081/
</VirtualHost>

When I do it this way it won't work it will just go to the apache default page. What I did try is doing it with / and I noticed that it won't work with https:// extentions no matter in what way I try to set it. Is there a way to get this working?

and is it possible to set the proxy up the way I want?

NoSixties
  • 111
  • 6

2 Answers2

1

it won't work with https:// extentions no matter in what way I try to set it

Your <VirtualHost *:80> is only matching port 80 traffic, so it cannot work with "https:// extentions."

Whatever problem there might be with your proxy setup, your first issue is with your virtual host setup.

EDIT per OP comment to answer:

what I want to do is redirect to https when someone tries to access the http

In this case, you should consider just doing a simple Redirect, rather than trying to set up a proxy:

<VirtualHost *:80>
  ServerName jenkins.mydomain.com
  Redirect permanent / https://jenkins.mydomain.com
<VirtualHost *:80>

<VirtualHost *:443>
  ServerName jenkins.mydomain.com
  * * * * *
  EVERY DIRECTIVE YOU WANT TO SET UP THE HTTPS SERVER
  * * * * *
<VirtualHost *:80>
Colt
  • 1,939
  • 6
  • 20
  • 25
  • Well what I want to do is redirect to https when someone tries to access the http. Hope that makes sense – NoSixties Jul 01 '16 at 13:10
  • Then why don't you just do a simple Redirect, rather than trying to set up a proxy? – Colt Jul 01 '16 at 13:13
  • The redirects work. However I feel the proxy is a bit nicer of a solution. But I will use the redirects unless I can get the proxy to work – NoSixties Jul 01 '16 at 14:02
  • Why do you think the "proxy is a bit nicer of a solution" if what you want to do is a simple redirect? – Colt Jul 01 '16 at 14:03
  • I don't necessarily want the ports to show and it would allow me to close the ports in my router – NoSixties Jul 01 '16 at 14:06
  • There is nothing wrong with having port 80 _and_ 443 open on a webserver, and in fact, if you are trying to proxy the traffic on port 80 to an internal port 443 connection (vs. forcing a secure connection using redirect) you are in fact requiring users to use an insecure connection. You are causing their traffic to be exposed. How can this be better than opening port 443 (secure) to web traffic? – Colt Jul 01 '16 at 14:17
  • You are right there however I have more then just 443 and 80 opened up right now. 9000 and 8081 are open as well. However about the last part you are right however I was thinking to create a cert for the main entrance as well just wanted to get it working like this first but I'm not having any luck with it so far – NoSixties Jul 01 '16 at 14:36
  • Well, get rid of the "proxy," CLOSE 9000 and 8081, and set up [virtual hosts properly](http://httpd.apache.org/docs/2.4/vhosts/) to handle the sites enirely on 80 and 443. The only reason it looks like you have the _other_ ports open is because you are trying to do this the hard way! – Colt Jul 01 '16 at 15:05
  • As to your mention that "I was thinking to create a cert for the main entrance as well," you CAN'T make port 80 traffic https:// by adding a cert. Port 80 is http://, which cannot use certs, and port 443 is https://, which requires certs. You can REDIRECT a port 80 hit to a port 443 site, which tells the browser to send the request again on port 443 to the redirect target site AND signals the browser/user that this is how they should access the site in the future. A proxy, on the other hand, is usually used to offload some processing to a back end server. – Colt Jul 01 '16 at 15:16
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/41910/discussion-between-nosixties-and-colt). – NoSixties Jul 01 '16 at 16:07
0

The typical config is that your users/visitors browse to http://www.example.com.com/sonar and then they get the content reverse proxied from http://sonar.example.com:9000/.

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com

    ProxyPass /sonar http://sonar.example.com:9000/
    ProxyPassReverse /sonar http://sonar.example.com:9000/

    ProxyPass /jenkins https://jenkins.example.com:8081/
    ProxyPassReverse /jenkins https://jenkins.example.com:8081/
</VirtualHost>

And then repeat the same in the TLS virtualhost entry:

<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com

    ProxyPass /sonar http://sonar.example.com:9000/
    ProxyPassReverse /sonar http://sonar.example.com:9000/

    ProxyPass /jenkins https://jenkins.example.com:8081/
    ProxyPassReverse /jenkins https://jenkins.example.com:8081/
</VirtualHost>
HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • I tried this myself but when I use /sonar css won't load so I get a plain html. for jenkins I still get an internal server error with it set up this way – NoSixties Jul 01 '16 at 13:25
  • Your apache error_log should give an indication to why that internal server error happens, as to the why your style sheet fails: http://serverfault.com/a/561897/37681 – HBruijn Jul 01 '16 at 13:34
  • I tried two of the options. I tried the fourth and third solution. the fourth didn't work for me. The second worked on the first page but as soon as I try to do something the paths are wrong so it won't find the requested page. The redirects work but it just feels like a less nice solution – NoSixties Jul 01 '16 at 14:00