mod-proxy interview questions
Top mod-proxy frequently asked interview questions
I need to set up a proxy with authentication to verify the behavior of an application that connects to the internet.
I am trying to set-up an Apache installation with forward proxy and authentication, and even though I am close to make it work, I wonder if there is maybe a better way, as the configuration is fairly esoteric.
How can Apache be configured to work this way?
Is there any other good option that is already configured? Maybe some VM or some other software tool, instead of Apache?
Source: (StackOverflow)
We're running a web app on Tomcat 6 and Apache mod_proxy 2.2.3. Seeing a lot of 502 errors like this:
Bad Gateway!
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /the/page.do.
Reason: Error reading from remote server
If you think this is a server error, please contact the webmaster.
Error 502
Tomcat has plenty of threads, so it's not thread-constrained. We're pushing 2400 users via JMeter against the app. All the boxes are sitting inside our firewall on a fast unloaded network, so there shouldn't be any network problems.
Anyone have any suggestions for things to look at or try? We're heading to tcpdump next.
UPDATE 10/21/08: Still haven't figured this out. Seeing only a very small number of these under load. The answers below haven't provided any magical answers...yet. :)
Source: (StackOverflow)
I am trying to use the apache's proxy module for working with xmpp on ubuntu desktop. For this i did the following things -
1) enabled mod_proxy by creating a symlink of proxy.conf, proxy.load and proxy_http.load from /etc/apache2/mods-available/ in the mods-enabled directory.
2) Added the following lines to the vhost
<Proxy http://mydomain.com/httpbind>
Order allow,deny
Allow from all
</Proxy>
ProxyPass /httpbind http://mydomain.com:7070/http-bind/
ProxyPassReverse /httpbind http://mydomain.com:7070/http-bind/
I am new to using the proxy module but what i can make from the above lines is that requests to http://mydomain.com/httpbind
will be forwarded to http://mydomain.com:7070/http-bind/
. Kindly correct if wrong.
3) added rule Allow from .mydomain.com
in /mods-available/proxy.conf
Now i try to access http://mydomain.com/httpbind
and it shows 403 Forbidden error..
What am i missing here ? Please help. thanks
Edit : The problem got solved when i changed the following code in mods_available/proxy.conf
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from mydomain.com
</Proxy>
to
<Proxy *>
AddDefaultCharset off
Order deny,allow
#Deny from all
Allow from all
</Proxy>
Didnt get what was wrong with the initial code though
Source: (StackOverflow)
For background information: (Question at bottom)
I'm trying to connect to a client, who has 8 servers, all of which have unique IP addresses. The client uses the same SSL certificate on all the servers (for this example, cert name == www.all_servers.com). The client only allows incoming requests over https.
I'm trying to create an apache proxy using mod_proxy that maps different URI mappings to different servers. For example:
https://PROXY_SERVER/SERVER1/{REQUEST}
This would send {REQUEST} to server1
https://PROXY_SERVER/SERVER2/{REQUEST}
would send {REQUEST} to server2.
So far, pretty simple.
In Apache 2.2, this could be achieved by using the IP addresses like so:
SSLProxyEngine On
ProxyPass /server1 https://1.1.1.1/
ProxyPassReverse /server1 https://1.1.1.1/
ProxyPass /server2 https://1.1.1.2/
ProxyPassReverse /server2 https://1.1.1.2/
This was due to Apache 2.2 not checking if the certificate matched (1.1.1.1 != www.all_servers.com)
However, in Apache 2.4, I'm now getting certificate issues (rightly so). (This exact code works on an apache 2.2 box)
[Thu Oct 10 12:01:48.571246 2013] [proxy:error] [pid 13282:tid 140475667224320] (502)Unknown error 502: [client 192.168.1.1:48967] AH01084: pass request body failed to 1.1.1.1:443 (1.1.1.1)
[Thu Oct 10 12:01:48.571341 2013] [proxy:error] [pid 13282:tid 140475667224320] [client 192.168.1.1:48967] AH00898: Error during SSL Handshake with remote server returned by /server1/asd
[Thu Oct 10 12:01:48.571354 2013] [proxy_http:error] [pid 13282:tid 140475667224320] [client 192.168.1.1:48967] AH01097: pass request body failed to 1.1.1.1:443 (1.1.1.1) from 192.168.1.1 ()
I can't use /etc/hosts, as one server would work, using:
1.1.1.1 www.all_servers.com
SSLProxyEngine On
ProxyPass /server1 https://www.all_servers.com/
ProxyPassReverse /server1 https://www.all_servers.com/
But many servers wouldn't
So, to the actual question:
Is there a way to force mod_proxy to ignore miss-matching certificates. Or, is there a better way to do this.
Thanks for any help with this!
Source: (StackOverflow)
I'm so lost and new to building NGINX on my own but I want to be able to enable secure websockets without having an additional layer.
I don't want to enable SSL on the websocket server itself but instead I want to use NGINX to add an SSL layer to the whole thing.
Every web page out there says I can't do it, but I know I can! Thanks to whoever (myself) can show me how!
Source: (StackOverflow)
What are the advantages and disadvantages of using mod_jk
and mod_proxy
for fronting a tomcat instance with apache?
I've been using mod_jk in production for years but I've heard that it's "the old way" of fronting tomcat. Should I consider changing? Would there be any benefits?
Source: (StackOverflow)
I am now exploring to use Apache's mod_proxy's directive, eg ProxyPass, as part of solution for cross-domain scripting restriction (for html/ajax/flash code). However, I am afraid by enabling mod_proxy, I would risk having the server as open proxy.
What's the risk, and how to minimize the risk, in short?
Thanks.
Source: (StackOverflow)
I have apache sitting in front of my node server. Node is running on certain port, I am using apache to proxy to that port and also have apache configured for https.
When I start apache and then start my node server everything runs great. If I bring down the node server and try to hit my service apache says 'Service Temporarily Unavailable'. This is expected as my node server is down.
However when I bring my server back up without touching apache and try to hit me service again apache still says 'Service Temporarily Unavailable'. Its like apache is not trying again. If I bounce apache all is well again.
Since I am running with forever there is a chance my server could be down for a few second if a fatal happens. I don't want to have to bounce apache if that happens.
Is there anyway to get apache to always try and not cache the fact that a Service it recently tried to hit was unavailable?
Source: (StackOverflow)
I have a page at host1.mydomain.com/page_from_host1.jsp and an HTML page at host2.mydomain.com/page_from_host2.html. host1 is an IIS7/Tomcat box and host2 is an IIS7 box. I want to allow the first page to submit a form, which displays the second page, and the URL does not change.
That is, the URL is host1.mydomain.com/page_rom_host2.jsp, but the contents of the page are from host2.mydomain.com/page_from_host2.html.
I would imagine I can setup a reverse proxy on IIS to accomplish this, similar to mod_proxy, but the Apache Tomcat Server throws a bit of a wrench into all of this. How can I setup a reverse proxy to allow cross-host communication and mask the URL?
Thank you.
Source: (StackOverflow)
They say that Apache's mod_rewrite is the swiss-army knife of URL manipulation, but can it do this?
Lets say I want to add a new application to my Apache webserver, where the only configurable option of the app is a port number.
I want to use & give out URLs of the form "http://hostname.example.com/app" rather than "http://hostname.example.com:8080". This would ensure that clients would be getting through the institution's firewall as well, and it's generally tidier.
My application includes absolute URIs in php, javascript and css, so I want to prepend my own root location to the URI in the applications internal links. I have no access to DNS records and so can't create another name-based virtual server.
Using Apache's mod_rewrite and mod_proxy modules, I can transparently redirect a client to the correct home-page of the application. But links within that homepage don't point a client to links relative to the new base URL.
So, what's the best way of proxying a request to an application that is listening on a specific port?
For example, if I had an application listening on port 8080, I could put this in my Apache configuration:-
<VirtualHost *:80>
SSLProxyEngine On
ServerName myhost.example.com
RewriteEngine On
UseCanonicalName On
ProxyVia On
<Location "/application">
RewriteRule ^/application/?(.*) http://localhost:8080/$1 [P,L]
</Location>
</VirtualHost>
This would work fine if the application didn't use absolute URLs, but it does. What I need to do is rewrite URLs that are returned by the application's css, javascript and php.
I've looked at the ProxyPass and ReverseProxyPass documentation, but I don't think these would work..?
I've also come across Nick Kew's mod_proxy_html, but this isn't included in the standard Apache Distribution, and my institution's webserver seems to have been fine for years without it.. Other than trawling manually (or using a grep -r | sed type expression) through the application's source code, or using this 3rd party add-on, are there any other ways to go about this?
Could I perhaps use some of the internal server variables in a mod_rewrite rule? For example a rewrite rule based on ’HTTP_REFERER'?
Source: (StackOverflow)
DeviceA serves as a reverse-proxy and is supposed to forward requests as follows:
192.168.1.10/DeviceB ==> 192.168.1.20/index.html
192.168.1.10/DeviceC ==> 192.168.1.30/index.html
Both index files are located under /var/www and are static "Hello world!" pages. The problem is that I can't access those files through DeviceA, but if I call a test service also running on DeviceC (listening on port 12345) everything works fine.
Am I wrong saying that the web server on DeviceB, DeviceC should respond with index.html if a request comes in on port 80 ???
lighttpd.conf DeviceA @192.168.1.10
server.modules = ( "mod_proxy" )
proxy.server = (
"/DeviceB" => ( "" => ( "host" => "192.168.1.20", "port" => 80 )),
"/DeviceC" => ( "" => ( "host" => "192.168.1.30", "port" => 80 )),
"/TestService" => ( "" => ( "host" => "192.168.1.30", "port" => 12345 ))
)
lighttpd.conf DeviceB @192.168.1.20
server.document-root = "/var/www"
server.port = 80
index-file.names = ( "index.html" )
lighttpd.conf DeviceC @192.168.1.30
server.document-root = "/var/www"
server.port = 80
index-file.names = ( "index.html" )
Update
Do I need $HTTP["host"] == ... around proxy.server() to rewrite/redirect URLs? Or, how to define what shall be proxy(ed)
Source: (StackOverflow)
I'm having some issues with getting cookies to work when using a ProxyPass to redirect traffic on port 80 to a web-application hosted via Tomcat.
My motivation for enabling cookies is to get rid of the "jsessionid=" parameter that is appended to the URLs.
I've enabled cookies in my context.xml in META-INF/ for my web application.
When I access the webapplication via http://url:8080/webapp it works as expected, the jsessionid parameter is not visible in the URL, instead it's stored in a cookie.
When accessing my website via an apache2 virtualhost the cookies doesn't seem to work because now "jsessionid" is being appended to the URLs. How can I solve this issue?
Here's my VHost configuration:
<VirtualHost *:80>
ServerName somedomain.no
ServerAlias www.somedomain.no
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost Off
ProxyPass / http://localhost:8080/webapp/
ProxyPassReverse / http://localhost:8080/webapp/
ErrorLog /var/log/apache2/somedomain.no.error.log
CustomLog /var/log/apache2/somedomain.no.access.log combined
</VirtualHost>
EDIT: The cookie is actually being set. I am guessing that the problem is that the cookie contains the "Path: /webapp".
Source: (StackOverflow)
I am using Tomcat 7.0.29 fronted with Apache 2.2.22 modproxy.
Configured Ajp as the protocol in httpd.conf and AjpNioProtocol in server.xml.
After the server starts, the logs are filled with the following message:
Severe: Invalid message received with signature 20599
com.apache.coyote.ajp.AjpMessage processHeader
There are no requests sent to the web or tomcat server and it still throws that error. Access logs in tomcat and apache show that no request is coming in.
What is causing the invalid message error?
Here is the configuration :
httpd.conf
ProxyPass /wl ajp:// ip : port /wl
ProxyPassReverse /wl ajp:// ip : port /wl
server.xml
<Connector port="port"
protocol="org.apache.coyote.ajp.AjpNioProtocol"
connectionTimeout="20000"
acceptorThreadCount="2"
maxThreads="1600"
redirectPort="8443" />
Source: (StackOverflow)
What I have and works:
I'm using Apache HTTPD 2.2 for proxy requests. I have multiple ProxyPass mappings:
ProxyRequests On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost Off
ProxyPass /a http://some_ip/
ProxyPassReverse /a http://some_ip/
ProxyPass /b http://some_other_ip/
ProxyPassReverse /b http://some_other_ip/
...
This works well.
What I want:
Some of my requests are taking longer, so they timed out giving me a Proxy Error - Reason: Error reading from remote server.
I want to set timeout
for all of my requests. Can I do this without having to add timeout=... KeepAlive=On
for every ProxyPass
mapping?
I currently have something like:
ProxyPass /a http://some_ip/ timeout=1200 KeepAlive=On
ProxyPassReverse /a http://some_ip/
ProxyPass /b http://some_other_ip/ timeout=1200 KeepAlive=On
ProxyPassReverse /b http://some_other_ip/
... and i do this for all my ProxyPass mappings
Can I tell Apache in some way to add timeout
and KeepAlive
parameters for all the mappings? Thanks in advance.
Source: (StackOverflow)
When acting as a reverse proxy, apache adds x-forwarded headers as described here.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers
In my configuration I have configured server A as a forward proxy. There is a rule like this:
RewriteRule proxy:(.*example.com)/(.*) $1.mysecondserver.com/$2 [P]
This rule lets the server request the resource from one of my other servers.
On the second server (origin) I have a virtual host container for the resource and another rewrite rule like this:
RewriteRule some-regex some-url [P]
It may not seem to make sense like this but there is a lot of other stuff going on that I left out as it is not part of the problem.
However that final request has these headers:
[X-Forwarded-For] => ip of 1st server
[X-Forwarded-Host] => example.myseconserver.com
[X-Forwarded-Server] => example.com
I want those headers gone.
I seem to be unable to unset them with mod_headers. I can add more entries to the, but I can not remove them
Any Ideas?
Source: (StackOverflow)