proxypass interview questions
Top proxypass frequently asked interview questions
I'm trying to exclude all files starting with "dgg-" and ending in ".xml", example: dgg-file-1.xml from using the apache proxy.
This works:
ProxyPass /myfile.xml ! # single file
ProxyPass /directory ! # all files inside dir
This doesn't work:
ProxyPass /dgg-(.*)\.xml !
How can I achieve this ?
ps- I'm using this code inside the httpd.conf->virtualhost
not .htaccess
.
Source: (StackOverflow)
Problem:
%0 is not replaced by server name (i.e. test.local) when used with ProxyPassMatch.
<VirtualHost *:80>
UseCanonicalName Off
# %0 is replaced by server name (works)
VirtualDocumentRoot /Users/mattes/sites/%0
# %0 is replaced by an empty string (problem!)
ProxyPassMatch ^(/.*\.php)$ fcgi://127.0.0.1:9000/Users/mattes/sites/%0/$1
</VirtualHost>
Work-around:
I found an interesting blog post here: http://holtstrom.com/michael/blog/post/225/Apache-2.2-Proxy.html. Basically, Michael uses RewriteEngine to save variables for later usage. Something like this will work, for example:
<VirtualHost *:80>
UseCanonicalName Off
VirtualDocumentRoot /Users/mattes/sites/%0
RewriteEngine On
RewriteRule .* - [E=SERVER_NAME:%{SERVER_NAME}]
ProxyPassInterpolateEnv On
ProxyPassMatch ^(/.*\.php)$ fcgi://127.0.0.1:9000/Users/mattes/sites/ \
${SERVER_NAME}$1 interpolate
</VirtualHost>
While it works, i consider this to be a not-so-nice work-around. I am also getting errors like "AH00111: Config variable ${SERVER_NAME} is not defined".
Has anybody an idea how to solve this?
Source: (StackOverflow)
As a result of horrible, horrible errors, we've changed how we connect Apache to Tomcat. We were using mod_jk
:
JkMount /path ajp13
Now we're using mod_proxy_ajp
:
ProxyPass /path ajp://localhost:8009/path
ProxyPassReverse /path ajp://localhost:8009/path
However, there's a feature that JkMount
offered but ProxyPass
doesn't: the ability to select on file types. This made it possible to proxy html files, but not images - in other words, to let the nice fast Apache serve the static stuff, and resorting to the slow Tomcat only for the dynamic stuff.
JkMount /*.html ajp13
Is there any way of achieving this with ProxyPass
? Possibly using a surrounding <Location>
directive or something like that?
Source: (StackOverflow)
I have a problem configuring apache tomcat ProxyPass directive for two applications that have two different Context Paths in tomcat. The tomcat is running behind an apache and I use the apache to proxy path the requests to tomcat. In apache I want to access both application via a hostname instead of a context path.
Scenario:
tomcat
https://domain:8443/app1
https://domain:8443/app2
in tomcat the applications have the context path app1 and app2
in apache I want to enable both application as follow:
https://app1.host/
https://app2.host/
In apache I have created a configuration for each domain:
ProxyPass / https://localhost:8443/app1
ProxyPassReverse / https://localhost:/8443/app1
The strange thing is app1 is only available through apache using the context path:
https://app1.host/app1
Is it possible to realize such a setup with apache ProxyPass module?
Thx for your help.
Source: (StackOverflow)
I have a RewriteRule setup to change
http://kn3rdmeister.com/blog/post.php?y=2012&m=07&d=04&id=4
into
http://kn3rdmeister.com/blog/2012/07/04/4.php
but that actually redirects where the browser is getting the page from. I want to still display
/blog/post.php?y=xxxx&m=xx&d=xx&id=xx
but have the browser show the simpler URL like
/blog/post/year/month/day/id.php
I read something somewhere about using ProxyPass, but I don't quite know what I'm doing :P
I want people to be able to visit either the post.php URL with the query strings, OR the clean URL with fancy shmancy subdirectories for the dates and get the same content — all while displaying the clean URL in the end.
Source: (StackOverflow)
I have setup a Docker private registry (v2) on a CentOS 7 box following their offical documentation: https://docs.docker.com/registry/deploying/
I am running docker 1.6.0 on a Fedora 21 box.
The registry is running on port 5000, and is using an SSL key signed by a trusted CA. I set a DNS record for 'docker-registry.example.com' to be the internal IP of the server. Running 'docker pull docker-registry.example.com:5000/tag/image', it works as expected.
I setup an nginx server, running nginx version: nginx/1.8.0, and setup a dns record for 'nginx-proxy.example.com' pointing to the nginx server, and setup a site. Here is the config:
server {
listen 443 ssl;
server_name nginx-proxy.example.com;
add_header Docker-Distribution-Api-Version: registry/2.0 always;
ssl on;
ssl_certificate /etc/ssl/certs/cert.crt;
ssl_certificate_key /etc/ssl/certs/key.key;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Docker-Distribution-Api-Version registry/2.0;
location / {
proxy_pass http://docker-registry.example.com:5000;
}
}
When I try to run 'docker pull nginx-proxy.example.com/tag/image' I get the following error:
FATA[0001] Error response from daemon: v1 ping attempt failed with error: Get https://nginx-proxy.example.com/v1/_ping: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
My question is twofold.
- Why is the docker client looking for the /v1_/ping?
- Why am I seeing the 'malformed http response'
If I run 'curl -v nginx-proxy.example.com/v2' I see:
[root@alex amerenda] $ curl -v https://nginx-proxy.example.com/v2/
* Hostname was NOT found in DNS cache
* Trying 10.1.43.165...
* Connected to nginx-proxy.example.com (10.1.43.165) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.example.com,O="example, Inc.",L=New York,ST=New York,C=US
* start date: Sep 15 00:00:00 2014 GMT
* expire date: Sep 15 23:59:59 2015 GMT
* common name: *.example.com
* issuer: CN=GeoTrust SSL CA - G2,O=GeoTrust Inc.,C=US
> GET /v2/ HTTP/1.1
> User-Agent: curl/7.37.0
> Host: nginx-proxy.example.com
> Accept: */*
> \x15\x03\x01\x00\x02\x02
If I do 'curl -v docker-registry.example.com' I get a 200 OK response. So nginx has to be responsible for this. Does anyone have an idea why this is happening? It is driving me insane!
Source: (StackOverflow)
I am trying to set up my apache (version 2.2.3) to work as reverse proxy. I configured apache on public server as it is described at http://www.askapache.com/htaccess/reverse-proxy-apache.html
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
ProxyRequests off
ProxyPass /app1/ http://internal1.example.com/page1/
ProxyPassReverse /app1/ http://internal1.example.com/page1/
ProxyHTMLURLMap http://internal1.example.com/page1/ /app1/
internal1 is other server in local network.
Home page (www.example.com/app1/) is displayed correctly, but the problem occures when my internal server does redirection. In this case my browser (Firefox 3.5.3 or Internet Explorer 7) searches for address in local network (internal1.example.com/page1/). It seems for me that ProxyPassReverse directive is ignored by apache.
Thanks,
Dejan
Source: (StackOverflow)
I want to achieve the following:
Request Host:
http://example.com.proxy.myserver.com
Should be rewritten to
http://example.com
and passed to a squid server via nginx proxypass.
server {
listen 80;
server_name ~^(?<subdub>.*)\.proxy\.myserver\.com$;
location / {
rewrite ^ $scheme://$subdub break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $scheme://$subdub;
proxy_set_header Request-URI $scheme://$subdub;
proxy_pass http://localhost:3128;
proxy_redirect off;
}
}
The problem is, that nginx redirects this request immediately to http://example.com
Any ideas how to get this working?
Source: (StackOverflow)
Folks,
We are trying to setup Apache reverse proxy for the following scenario:
- Incoming requests take the form
http://foo.com/APP/v1/main.html
- For some servers the URL will reference a difference version, say,
http://foo.com/APP/v2/main.html
- An upstream load balancer (HAProxy) will send the request to the right server which will have an Apache2 reverse proxy fronting a JBoss server.
- When the request shows up at Apache 2 it will have request path like
/APP/v1/main.html
- We want it to (reverse) proxy out to
http://localhost:8080/AppContext/main.html
, irrespective of version fragment in URL (v1, v2, etc.).
I have been trying to do this like so:
ProxyPassMatch ^/.*?/APP.*?/(.*)$ http://localhost:8080/AppContext/$1
ProxyPassReverse /APP http://localhost:8080/AppContext
My questions are:
- Is my use of
ProxyPassMatch
correct?
- My
ProxyPassReverse
is "static". How do I make it aware of the potentially variable stuff after /APP
?
Thanks for any insights.
-Raj
Source: (StackOverflow)
I have an nginx proxy_pass
setup to pass every request on /api
through to a backend Tomcat REST service. This service in some cases returns a Location
header which varies according to the type of request, e.g., Location: http://foo.bar/baz/api/search/1234567
-- the baz
part is due to it being hosted on Tomcat.
My current configuration rewrites the foo.bar
host name correctly, but leaves the baz
part intact. I'd like to strip this, but the proxy_pass options seem to be limited to clearing or setting a new value for the header.
Is there a way to modify headers dynamically before being passed on to the client, using a regex substitute, for instance? This is my nginx configuration:
location /api {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_redirect off;
proxy_pass http://foo.bar:8080/baz/api;
}
Source: (StackOverflow)
I have added ProxyPass
in the virtual-host and end up with below error in the error.log file.
proxy: No protocol handler was valid for the URL /. If you are using a
DSO version of mod_proxy, make sure the proxy submodules are included
in the configuration using LoadModule.
In the front end I get 500 when I request particular page.
How can I fix this error?
Source: (StackOverflow)
I got a web application running inside a Tomcat at http://<server>:8080/app/portal/
.
I want the world to see this application through the URL http://<server>/portal/
.
To do this, I set up a Reverse Proxy with Apache 2.2. According to the documentation for ProxyPass I expect the reverse proxy to pass all requests through transparently. My browser should never know about the Tomcat URL.
Here is my configuration:
No virtual hosts, I added these lines to my httpd.conf
<Location /portal/>
AllowOverride All
RewriteEngine On
ProxyPass http://server:8080/app/portal/
ProxyPassReverse http://server:8080/app/portal/
</Location>
When I use Firefox to open http://<server>/portal/
, I get a 302 Moved Temporarily, and all follow-up calls go from my browser directly to http://<server>:8080/app/portal/
. My browser points to this URL.
This is not what I expected of a Reverse Proxy. Did I do the configuration wrong or did I misunderstand the purpose of Reverse Proxies? What should I do to get my desired behavior?
Source: (StackOverflow)
I am setting up an Apache 2.4.6 server on an internal machine for testing purposes. One of the things that Apache server is supposed to do is act as a reverse-proxy for another server found on localhost:3030.
The server on localhost:3030 expects one out of a few dataset names on its first path level (for now, the set comprises only of the dataset experimental
, but some more will be added later on), so I am trying to pass that through from the requested path.
In my vhost, this works:
<Location /experimental/>
ProxyPass http://localhost:3030/experimental/
ProxyPassReverse /
</Location>
For additional datasets, I could copy that and replace experimental
with the other dataset names. Obviously, that leads to a lot of code duplication/redundancy, which is both a source of errors and a maintenance horror.
Therefore, I would like to become somewhat more flexible and treat several datasets in a single such block. This should be possible with the LocationMatch
directive.
As indicated by this comment and this page, I need to replace ProxyPass
ProxyPassMatch
when using that inside a LocationMatch
block. Essentially, the docs state the same:
The same will occur inside a LocationMatch section, however ProxyPass does not interpret the regexp as such, so it is necessary to use ProxyPassMatch in this situation instead.
The LocationMatch
docs explain:
From 2.4.8 onwards, named groups and backreferences are captured and written to the environment with the corresponding name prefixed with "MATCH_" and in upper case. This allows elements of URLs to be referenced from within expressions and modules like mod_rewrite. In order to prevent confusion, numbered (unnamed) backreferences are ignored. Use named groups instead.
That information is only valid as of Apache 2.4.8, which is presumeably why the following does not work on my 2.4.6 installation:
<LocationMatch /(?<dataset>experimental)/>
ProxyPassMatch http://localhost:3030/%{env:MATCH_DATASET}/
ProxyPassReverse /
</LocationMatch>
On the other hand, this page and that posting imply that the numerical group index ($1
) can be used (as the help text is valid only as of httpd 2.4.8, my suspicion / hope is that the numerical reference works before 2.4.8 (?)
In any case, I have tried this:
<LocationMatch "/(experimental)/">
ProxyPassMatch http://localhost:3030/$1/
ProxyPassReverse /
</LocationMatch>
yet according to the logs, the internal call invokes http://localhost:3030/$1/
instead of http://localhost:3030/experimental/
when requesting the experimental
path on the vhost URL.
The ProxyPassMatch
docs only say:
When used inside a LocationMatch section, the first argument is omitted and the regexp is obtained from the LocationMatch.
However, the text does not bother to provide an example for how to combine LocationMatch
and ProxyPassMatch
. What am I doing wrong?
Source: (StackOverflow)
Here's the problem:
The host machine has multiple docker apps running on different ports for eg. App1 @ 3001, App2 @ 3002...3100 etc
Now I would like to access the apps in this format http://hostname.com/app1, http://hostname.com/app2..
To do this i'm running nginx on the host to proxy requests to the right port based on the sub-uri
location = /app1 {
proxy_redirect http://hostname:3001/;
include /etc/nginx/proxy_params;
}
location ^~ /app1 {
proxy_redirect http://hostname:3001/app1;
include /etc/nginx/proxy_params;
}
But this does not work when the site's sub uri changes or if the site redirects.
For example:
If I visit the site at hostname:3001 -> I can see the site
If I visit the site at http://hostname.com/app1 -> I can see the site
If the site page is at hostname:3001/static/index.html then when i access it as http://hostname.com/app1 the page changes to http://hostname.com/static/index.html -> I get 404.
Is there a way to do this? Or is the only way to do it is to set the dns as app1.hostname.com and do a name based routing?
Source: (StackOverflow)
I'm trying to include $remote_addr or $http_remote_addr on my proxy_pass without success.
The rewrite rule works
location ^~ /freegeoip/ {
rewrite ^ http://freegeoip.net/json/$remote_addr last;
}
The proxy_pass without the $remote_addr works, but freegeoip does not read the x-Real-IP
location ^~ /freegeoip/ {
proxy_pass http://freegeoip.net/json/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
Then, I'm adding the ip to the end of the request, like this:
location ^~ /freegeoip/ {
proxy_pass http://freegeoip.net/json/$remote_addr;
}
but nginx report this error: no resolver defined to resolve freegeoip.net
Source: (StackOverflow)