Menu
I've got several webapps running on my webserver:
https://beta.mydomain.tld/svn/repos
https://beta.mydomain.tld/trac
http://beta.mydomain.tld/, using a Proxy for the local Apache Tomcat on port 8080Please note that the first two are available via SSL, the third is not (yet). Now I need to make my web app available via https, but I want Trac and SVN Browser still to be accessible in their current location.
I.e. I am trying to configure apache2 to proxy all requests not starting with svn or trac to Tomcat.
For the existing SSL web apps, there's the following configuration
<Location /svn/repos>
DAV svn
SVNParentPath /home/myuser/svn
SVNListParentPath on
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /home/myuser/.htpasswd
Require valid-user
</Location>
<Location /trac>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /home/myuser/trac
PythonOption TracUriRoot /trac
AuthType Basic
AuthName "Trac"
AuthUserFile /home/myuser/.htpasswd
Require valid-user
</Location>
I tried to add the following location, but it did not help anything...
<Location />
ProxyPass http://localhost:8080
ProxyPassReverse http://localhost:8080/
</Location>
For further information, here is the complete apache2 configuration regarding the SSL part (without any of my failed trials in it - I think it is default trac configuration):
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName beta.mydomain.tld:443
DocumentRoot /var/www/
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl.crt
SSLCertificateKeyFile /etc/ssl/private/ssl.key
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Location /svn/repos>
DAV svn
SVNParentPath /home/myuser/svn
SVNListParentPath on
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /home/myuser/.htpasswd
Require valid-user
</Location>
<Location /trac>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /home/myuser/trac
PythonOption TracUriRoot /trac
AuthType Basic
AuthName "Trac"
AuthUserFile /home/myuser/.htpasswd
Require valid-user
</Location>
344
ProxyPassReverse will intercept those headers, and rewrite them to match the Apache proxy server. ProxyPass will create a reverse proxy. A reverse proxy (or gateway), appears to the client just like an ordinary web server.
In addition to being a "basic" web server, and providing static and dynamic content to end-users, Apache httpd (as well as most other web servers) can also act as a reverse proxy server, also-known-as a "gateway" server.
mod_proxy is an optional module for the Apache HTTP Server. This module implements a proxy, gateway or cache for Apache. It implements proxying capability for AJP13 (Apache JServ Protocol version 1.3), FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and (since Apache 1.3. 23) HTTP/1.1.
The Apache reverse proxy handles the incoming request, recognizes that an Apache ProxyPassReverse setting exists, and then forwards the request to Tomcat. Then Tomcat handles the request, returns a response to the Apache reverse proxy, and Apache returns the response to the client.
Just put ProxyPass ! into those two Location blocks. That stops proxying for the locations concerned.
91
I have the same scenario (on windows). For anybody struggling with this:
It only started to work for me when I moved the "svn location" part before the Proxy* directives.
<VirtualHost *:443>
ServerName www.domain.com
DocumentRoot "C:/Apache/domain"
ServerAdmin [email protected]
SSLEngine On
SSLCertificateFile "conf/ssl/domain.crt"
SSLCertificateKeyFile "conf/ssl/domain.key"
SSLCertificateChainFile "conf/ssl/domain.ca-bundle.crt"
<Location /svn>
DAV svn
SVNPath "C:/svnrepo"
SSLRequireSSL
AuthName "www.domain.com"
AuthType Basic
AuthUserFile "conf/svn/users"
AuthGroupFile "conf/svn/groups"
Require valid-user
# needs to come before the ProxyPass directives
ProxyPass !
</Location>
ProxyRequests off
ProxyPreserveHost on
ProxyPass / ajp://127.0.0.1:8080/
ProxyPassReverse / ajp://127.0.0.1:8080/
</VirtualHost>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
