With enabled nginx I'm unable to contact web pages via TLSv1.1 and TLSv1.2. When nginx is disabled and the pages are handled by Apache everything is fine. But only when nginx is completely deactivated. It's not enough to disable "Smart static files processing" at the "Web Server Settings for sub.domain.tld".
I tried to add "ssl_protocols TLSv1.1 TLSv1.2;" at "Additional nginx directives" at the Web Server Settings, without effect.
I think i have to modify /etc/nginx/plesk.conf.d/server.conf but this file is generated by Plesk.
Being relatively new to the Linux world, I don't exactly know why my reverse proxy settings are not working. Nothing i have tried has worked.
The code below is from my old windows server what does not seem to be working in my new 1&1 vps server. I have the below code at the moment at the bottom of my httpd_ip_defult.conf file under /var/www/vhosts/system/mydomain.com/conf/
The following errors also show up in my vhosts error log:
Code:
[Sun Oct 12 23:30:56 2014] [error] (70007)The timeout specified has expired: proxy: HTTP: attempt to connect to xxx.xxx.xxx.xxx:8008 (xxx.xxx.xxx.xxx) failed [Sun Oct 12 23:30:56 2014] [error] ap_proxy_connect_backend disabling worker for (xxx.xxx.xxx.xxx) I also have mod_proxy.so , mod_proxy_http.so and mod_proxy_html.so all enabled in my main httpd.conf file at /etc/httpd/conf/
Basically, I need to fix this urgently as a core feature of my site relies on this setup.
When accessing a backup in backup-manager in a user subscription via a reverse proxy (eg. plesk panel is called as localhost:8443) I get following error:
Internal error: Failed to exec pmm-ras: (array ( 'code' => 127, 'stdout' => 'Transport error: File 'clients' not found ', 'stderr' => '', )). Message Failed to exec pmm-ras: (array ( 'code' => 127, 'stdout' => 'Transport error: File 'clients' not found ', 'stderr' => '', )). File Connector.php Line 227 Type PleskPMMResponseException
This happens when I try to download the backup and also when clicking on the backup name. These are the apache settings for the reverseproxy domain:
SSLProxyEngine On AllowEncodedSlashes On <Location /> ProxyPass https://localhost:8443/ ProxyPassReverse https://localhost:8443/ </Location>
Centos6.6 x86_64 Minimal install + Plesk12 installation completed without problem.
However when I logged into Plesk Panel i get this message.
ERROR: PleskException Up Level Unable to configure control panel: nginxmng failed: [2014-12-02 07:32:44] ERR [util_exec] proc_close() failed enabling nginx proxy failed: 255 Service /etc/init.d/httpd failed to start Service /etc/init.d/httpd failed to start
Nginx proxy changes had been reverted.
Everything seems to work but i would like to have it enabled for performance reasons, when i check it # /etc/init.d/nginx status nginx is stopped
Then I try to start it manually /etc/init.d/nginx start Not starting nginx as it is disabled in config
then i try to force it /usr/local/psa/admin/bin/nginxmng --enable
[2014-12-02 08:19:48] ERR [util_exec] proc_close() failed enabling nginx proxy failed: 255 Service /etc/init.d/httpd failed to start Service /etc/init.d/httpd failed to start Nginx proxy changes had been reverted.
For some reason my nginx doenst start and I get the following error:
Error: Unable to start service: Unable to manage service by nginxmng: [2015-05-30 01:03:20] ERR [util_exec] proc_close() failed enabling nginx proxy failed: getsebool: SELinux is disabled
255 Service /etc/init.d/nginx failed to start getsebool: SELinux is disabled
if my main site hosted in usa and reverse proxy server located in UK or Canada. will my site load still quickly or be slow dramtically? both use linux and apache. or canada user will quickly load my site or still slow? how about usa customers?
I researched a few options and have come to this conclusion use Ultramonkey (LVS + HA Proxy) -> apache2 mod_php/ mod_python (serve php / python) -> lighttpd (serve static files) -> mongrel (ruby server)
I will be storing personal customer information in mysql, so security is driving all my requirements. I was thinking the architecture will be :-a dedicated web server within a DMZ and placed behind a firewall and border router.
a dedicated database server inside the internal network behind another firewall, All running Linux
building out and management of the servers to be done by hosting provider or third party Please feel free to comment on this setup.
QuestionsIs a reverse proxy a benefit for security.
Am I right in saying that a reverse proxy hides the OS and server details from prying eyes and provides another layer of security
if a reverse proxy server is a benefit, is it normally the default architecture at most reputable hosts.
Loading a page with ~150 files (most images and js files) i keep runing into "locked requests" that are not comeing back and block the whole page from finishing loading. The files differ every time.
I see this warnings in my error.log (looks like they are connected to the behauviour above).
Code:
[Tue Nov 19 20:38:10.890013 2013] [cache_disk:warn] [pid 216692:tid 15924] (OS 5)Access is denied. : [client x.x.x.x:58963] AH00699: rename tempfile to file failed: C:/temp/cache/aptmpcBQArf -> C:/temp/cache/H8Cta/9ha4U/Uhhhs/OlQfU/1Q.data,
I m trying to setup a reverse proxy with several site that will redirect the request into several internal server.I wanted to do that with several VirtualHost (like shown below). Unfortunatly whatever I type on my browser testsupport.xxxx.com or support2.xxxx.com I m redirected at the first of the config file (in the exemple http://10.253.12.41/.Is it the ServerName key that will redirect to the right proxypass ?
We are struggling to configure our Apache reverse proxy (on WIN 2008) server to force https.
We have the cert installed on the proxy server, and it seems to be working but we are unable to force connections to https: and the site is still available via http:
How do you enforce https on the site?
reading read about the .htaccess file, virtual hosts but still having a hell of a time putting it all together
I'm trying to do a setup of alfresco.It has two basic sites. [URL]. Both use kerberos authentication. Alfresco has SSO and share has not. Both sites are on the same server (its just one site but different subs)
I want to put this behind a reverse proxy to eliminate the servername:port combination.
When I put it in a normal config with ajp everything works fine for the share website. I can login without problems. Not so however for the alfresco website. I get a browser login request (not the alfresco one) when i enter my credentials he asks them again and again and then he ends on the regular login page of alfresco at which point everything works. The username I entered is displayed at this point. When I do not enter my credentials correct I do not reach the page.
If I remove the SSO from the alfresco website everything is normal (but i have to login)
I'm currently in the process of configuring a red hat linux server as a proxy server for a number of back end web servers. I set up reverse proxying to hide the web server url's, but I've run into a problem with the second web server, because some of the directory structures are identical on both servers.
I am having a little trouble getting a reverse proxy redirect to work. I have a Linux server running Apache2. I have installed SABnzbd+, Sickbeard, Couchpotato & Headphones onto this device. I want to access SABnzbd+, Sickbeard, Couchpotato & Headphones from the outside world (via a DYNDNS name).
I know that I could just forward the ports through the router, but I don't want all the extra ports opened. I was told that I can have Apache to do a revers proxy, but I can't get it to work. I basically want to be able to do type myname.dyndns.org/sickbeard instead of typing in myname.dyndns.org:8081.
I am running a few different web servers on my home network and have found a way of binding each wb server (and any virtual hosts) to domain names and having a "central" web server rerouting a request to the appropriate server using reverse-proy. at the moment, this central web server is IIS (Windows Server 2008 R2) based and it works perfectly. I want to change the central server to an Apache based one.
As an example; I want the central server to see an incoming http request (e.g sub.domain.com) and reroute it using reverse-proxy to a different web server that wouldn't normaly be accessible from the Internet (e.g 192.168.1.122/index.html).
My question is how do you reverse-proxy to a different server on the LAN with mod_rewrite in Apache?
I am trying to set up a reverse proxy to the application Surveillance Station on my Synology NAS. Altough the reverse proxy works ok for other apps like Webadmin, Download Station and such, parts of the Surveillance Station app do not work, particulary the Live View & Time Line.
From the logs, I suspect an authorisation problem (because of the 401), but I'm not sure. I have tried ProxyPreserveHost on, ProxyVia full, and some rewrite rules, but I'm not sure what I'm doing Direct access to the port of the app works (i.e. 83.xxx.x.xxx:9900), so i know it has something to do with the reverse proxy.
I've been working with the Apache server (primary under CentOS, but some under Red Hat and on XAMPP stacks as well) and have been tasked with a project.
Periodically, we need to have our web sites down for maintenance - updates, backups, etc. What I've been told to do is find a way to have a 'front end' to our web sites so that, when they are down for maintenance, that then end-users will receive a message 'This site is down for maintenance till XX:XX AM/PM' or such.
Here are my questions:
- What would you call what I am trying to setup? The reading I've done implies that what I really want to setup is a reverse proxy server. Is that what I want to do? - If it isn't a reverse proxy I want to set up, what do I want to setup? - Of the different types of solutions available, What I could use for this? I've read about using Nginx in front of Apache, I've heard of Squid, I've heard about Tomcat. - Is this a type of 'clustering/high availability' project I'm really looking at here? I've been hearing those terms thrown about as well.
In case it makes any kind of a difference, the Apache instances are pretty simple - PHP, MySQL and that's about it - not very involved (for now). I'm hoping that I can learn what/how to do this correctly and, when I'm ready to add more capabilities, that I'll be able to extrapolate out from there what I'd need to do.
-1 Public IP -Host Windows Server 2008 R2 AD/DNS/Hyper-V (server0) + VM Windows Server 2008 R2 Exchange 2010/IIS (server1) + VM Ubuntu server 13.11 Apache 2.4.6 with virtual hosts (server2) + VM Windows Server 2008 R2 Blackberry Enterprise Server running on a Jboss webserver (server3) -All port 80,443 requests points Ubuntu server 13.11 (server2)
Within Apache 2.4.6 I have virtualhost where the setup are as followed
For learning purpose I am configuring a blackberry enterprise server(bes) on server3. It's a clean installation with only the needed applications to run a bes. Because I only have 1 public ip I am trying to reverse proxy this webservice two like server1. The bes webservice is configured to accept connections on port 443. So my first web.conf setup was similar to the setup I used for server1 but I noticed that the webpage was displayed but I couldn't interact with the page because it was a java application. So digging deeper into this i found that the webpage that bes provided me to use isn't the real application but more like a iframe setup.
Example: BES Console address: https://server3.com/webconsole/login Real address: https://server3.com/websconsole/app
Unfortunately after finding this and editing my web.conf to proxypass reverse to this real address I encountered a other problem. The bes webconsole works with session is and parameters
Currently i am trying to install an Apache 2.4.3 as a caching reverse proxy. I would like to use memcached as my cache backend. I figured out there is a mod_socache_memcache, which from my understanding, should do exactly that(in combination with mod_cache_socache). So i compiled mod_cache_socache from trunk, loaded mod_cache, mod_cache_socache and mod_socache_memcache, but now i am stuck with the configuration. Here is what i tried:
where do i configure the path to my memcached instance? The reason for memcached as chaching backend, is that the machine is a windows machine, and from my understanding mod_cache_disk is not as efficient on a NTFS filesystem as it is on EXT3/4.
Another reason is, that later on there should be a possibility to put a second Reverse Proxy machine which shares the cache with the first one by using the same memcached instance (is that possible at all?).
I'm using the isapi rewrite module for iis 6 which uses the exact same syntax as mod_rewrite in apache. I'm not very well versed in apache and need getting this to work asap. Basically I have a directory in our website: URL....
I need to forward this to an IP address, for example to this address:100.12.33.45/folder.While keeping the original URL (www.xyz.edu/folder). I'm unsure of the apache syntax for this.
I have several applications that use authentication and expect REMOTE_USER to be set by Apache for authentication/authorization.
I am putting a reverse proxy, with shibboleth in front of these applications, on a separate server.
Currently, REMOTE_USER is not sent. I have tried a few things, and I am currently sending it inside another header, but I have some applications that are closed sources and this will not work.
Is this possible to do? I am running this with Apache 2.4.7, I believe, on the Windows platform.
I am trying to do reverse proxy for several web servers in my network.I have successfully configure the reverse proxy.However , when website with multimedia webpages are requested , the multimedia content is not displaying. What is is that I am missing in my config file.