I've setup an Apache reverse proxy to forward api.mydomain.com
to localhost:2000
which works just fine.
However, the real issue i'm having is in regard to sessions - it seems that the req.session's aren't being stored when querying via api.mydomain.com
. Sessions will work just fine visiting from localhost:2000
.
I assume this has something to do with the proxied domain...
server.js
var express = require('express'),
app = express();
app.enable('trust proxy');
app.configure(function() {
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ secret: 'supersecret'});
app.use(app.router);
});
app.get('/session', function(req, res, next){
console.log(req.session.username)
// this will be undefined when called from api.mydomain.com...
});
app.post('/session', function(req, res, next){
req.session.username = 'my username';
});
apache config
<VirtualHost *:80>
ServerName api.mydomain.com
ProxyPass / http://localhost:2000/
ProxyPassReverse / http://localhost:2000/
ProxyPreserveHost On
ProxyPassReverseCookieDomain api.domain.com localhost:2000
ProxyPassReverseCookiePath / /
</VirtualHost>
EDIT
Notably, for further testing - adding the below code before app.use(app.router)
in app.configure()
....
app.use(function (req, res) {
res.send('<h2>Hello, your session id is ' + req.sessionID + '</h2>');
});
will result in the following (each line represents a new GET /session request to the app - node hasn't restarted either).
localhost:2000
Hello, your session id is sHkkESxJgzOyDhDwyTjwpNzq
Hello, your session id is sHkkESxJgzOyDhDwyTjwpNzq
Hello, your session id is sHkkESxJgzOyDhDwyTjwpNzq
api.mydomain.com
Hello, your session id is uuo4U5ierZAG8LSH1BdwTlVf
Hello, your session id is 8BxL97Bo35SDt4uliuPgnbia
Hello, your session id is 0xkqZZpzQNvTsQpbJtUlXgkR
Setup info
NodeJS v0.8.8
Apache v2.4.2
ExpressJS v3.0.0rc4
UPDATE 2
Well, I've so far resolved to simple use mydomain.com/api
, as that seems to fix everything. So I suppose it's just something to do with how Apache handles domain communication with Express!
Judging by Apache ProxyPass and Sessions This apache config Maybe ...
<VirtualHost *:80>
ServerName api.mydomain.com
ProxyPass / http://localhost:2000/
ProxyPassReverse / http://localhost:2000/
ProxyPassReverseCookiePath / /
</VirtualHost>
I experienced this exact issue and tried everything else mentioned here without success. The final piece of the puzzle was adding the following to Apache's SSL Virtual Host config:
RequestHeader set X-Forwarded-Proto "https"
This particular gem I discovered in one of the last comments at https://github.com/expressjs/session/issues/251
So overall the things I implemented to fix it were as follows:
RequestHeader set X-Forwarded-Proto "https"
ProxyPassReverseCookiePath / /
app.enable('trust proxy');
It should be trivial to look at the session cookie being forwarded and see why your browser doesn't re-send it when proxied -- the domain or path are likely wrong.
Re: your later comments -- Maybe you really did set "ProxyPassReverseCookieDomain / /" instead of using domains as the argument?
ProxyPreserveHost would probably also indirectly work for you, but fixing up the cookie is better.
Using this config maintains my session id on node 0.6.17, express 3.0.0rc4. Initially I had the following in the virtualhost, but even after changing to match your config, it still works.
ServerName api
ServerAlias api.internal.local
I get a Set-cookie connect.sid which is maintained.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With