2

Sounds like a basic question, but I don't know about apache config. Any help would be great.

Since Open TSDB wont support https to send data(via REST API), we want to create a https proxy in apache or "Apache Tomcat". For example, the local machine has both TSDB and Apahce. The apache should accept http and https, if I send any to https://<PUBLIC IP>/api/input, it should forward to TSDB in that same machine (Or TSDB could be in different machine) with http.

The big picture

MY Code<---->https://<PUBLIC IP>/api/input<----Proxy to---->http://localhost/api/input

Above I mentioned Apache Tomcat because, mainly we are using Apache Tomcat for other purpose so, first priority is Tomcat(Is it possible with Tomcat?).

NOTE: I know the difference between Apache and Apache Tomcat: Apache is http web server handles the http traffic only, tomcat is servelet container to process the request(For Java only). In build Tomcat has Apache.(Please correct me, if I am wrong)

Veerendra K
  • 273
  • 3
  • 4
  • 10

3 Answers3

2

In Apache HTTPD basically it would be like this:

<VirtualHost *:80>
ServerName publicname.example.com
Redirect / https://publicname.example.com/
</VirtualHost>

<VirtualHost *:443>
ServerName publicname.example.com
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem
ErrorLog /path/to/logs/publicaname.example.com-ssl-error.log
CustomLog /path/to/logs/publicaname.example.com-ssl.log combined

ProxyPass /api/input http://127.0.0.1:8080/api/input
ProxyPassReverse /api/input http://127.0.0.1:8080/api/input
</VirtualHost>

Note: you will need mod_proxy and mod_proxy_http modules loaded first.

ezra-s
  • 2,215
  • 1
  • 7
  • 13
1

Thanks to @ezra-s, I'm able to send data. But while doing, I struggled little bit,so I just want to share some info.

1.sudo apt-get install -y libapache2-mod-proxy-html libxml2-dev apache2-prefork-dev libxml2-dev

2.Enabling modules

sudo a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_htm ssl

3.Generated self signed certificate here is the guide

4.Added config to /etc/apache2/sites-enabled/000-default.conf

5.I tried to restart sudo service apache2 restart. But I got error

 * Starting web server apache2                                                                                                                  * 
 * The apache2 configtest failed.
Output of config test was:
[Mon Feb 13 02:31:06.772053 2017] [proxy_html:notice] [pid 8060] AH01425: I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly.
AH00526: Syntax error on line 39 of /etc/apache2/sites-enabled/000-default.conf:
ProxyPass Unable to parse URL
Action 'configtest' failed.
The Apache error log may have more information.

After a long Internet search I found mod_xml2enc not available bug. So, I built this module from source

sudo apt-get install apache2-prefork-dev libxml2 libxml2-dev
mkdir ~/modbuild/ && cd ~/modbuild/
wget http://apache.webthing.com/svn/apache/filters/mod_xml2enc.c
wget http://apache.webthing.com/svn/apache/filters/mod_xml2enc.h
sudo apxs2 -aic -I/usr/include/libxml2 ./mod_xml2enc.c
cd ~
rm -rfd ~/modbuild/
sudo service apache2 restart
 * Restarting web server apache2                                                                                                               AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
                                                                                                                                        [ OK ]

Thanks for the help!

Veerendra K
  • 273
  • 3
  • 4
  • 10
0

There are many ways how to achieve the result you want.

Make your Tomcat listen on 127.0.0.1:8080 and set-up some front-end server before it. Your front-end server will listen on *:80 and *:443 and forward all requests to the hidden Tomcat.

There are many front-end servers. It can be Apache (as you offered), nginx (which eats less memory) or haproxy (which offers great statistics together with almost constant memory footprint).

One possible configuration snippet for nginx can be:

server {
    listen 443 ssl;

    server_name your.hostname.com; 
    access_log  .../access_log main;
    error_log .../error_log;

    ssl_certificate      /.../fullchain.pem;
    ssl_certificate_key  /.../key.pem;

    # some TLS config should be here

    # forward all requests to Tomcat 8080
    location / {
      proxy_pass      http://127.0.0.1:8080/;
      client_max_body_size    128m;  # limit POST size
    }
}

server {
    listen 80;
    server_name your.hostname.com; 

    access_log  /.../80-access_log main;
    error_log /.../80-error_log;

    location / {
        # redirect everython to HTTPS
        return 301 https://$host$request_uri;
    }
}

For generation TLS configuration I recommend Mozilla SSL configuration generator

Věroš K.
  • 500
  • 3
  • 9
  • Thanks for the answer. Can you please provide any config for "Apache". we dont want to use nginx. And Im able configure SSL for Apache. – Veerendra K Feb 12 '17 at 13:20
  • I love that you answered an apache question with an nginx configuration... – wogsland Feb 12 '17 at 16:20
  • Apache configuration will look probably use directives. `ProxyPass / http://127.0.0.1:8080/` `ProxyPassReverse / http://127.0.0.1:8080/` Please, check http://serverfault.com/questions/255392/tomcat-6-virtual-host-apache-2-proxy it seems to contain the solution. – Věroš K. Feb 12 '17 at 16:53
  • @wogsland I felt using Apache for front-end proxy is an overkill, so I responded with tool which is a better match. – Věroš K. Feb 12 '17 at 16:56
  • @VěrošK. please stop this nonsense, or at least you could try to explain why you say that instead of throwing up slogans like that. – ezra-s Feb 13 '17 at 08:27