Jump to content

Read-Only domain setting for reverse proxy


Alex8000
 Share

Recommended Posts

Goodmorning all,

We have configured a reverse proxy for our customers so that they will be able to access our instance through a subdomain of ours. The wiki states that the service.network.allowedOriginDomains setting will have to be changed in order to for anyone be able to access the instance from that subdomain.
If anyone reading this is interested in also configuring a reverse proxy I would be happy to share our setup details!

Would someone be so kind as to add our subdomain to the service.network.allowedOriginDomains setting of our instance?

Best regards,

Alex

Link to comment
Share on other sites

Good Morning @Alex8000

What domain name would you like to be set?

We would also need you confirm a date and time when you would be happy for a quick (less than a minute) reboot of the services to allow this new setting to be picked up, we recommend a time out of your normal working hours for the minimum disruption. 

Kind Regards

Trevor Killick

Link to comment
Share on other sites

  • 3 weeks later...

Hi @TrevorKillick,

Sorry for the delay. I have only now gotten around to giving it another go. Reinstalled LAMP and did everything by the book, unfortunately I am still getting the same error.

VirtualHost file:

<VirtualHost *:443>

        ServerAdmin webmaster@panas.nl
        DocumentRoot /var/www/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine On
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateFile /etc/apache2/ssl/certificate.crt
        SSLCertificateKeyFile /etc/apache2/ssl/certificate.key
        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass / https://customer.hornbill.com/*instancename*/
        ProxyPassReverse / https://customer.hornbill.com/*instancename*/
        ServerName support.panas.nl
	
</VirtualHost>

apache2.conf loaded modules:

LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

ports.conf

Listen 80
Listen 443

Unfortunately I am still getting the following.

aI7hYDw.png

 

Thanks in advance! I am running out of ideas as to how to fix this ;-)
The A-record to support.panas.nl has been configured. You should run into the same error when going to that URL.

Best regards,

Alex

Link to comment
Share on other sites

Hi @TrevorKillick, all,

Just to be sure, do I need to reverse proxy every subdomain for this to work? (i.e. api.*, service.*, live,* etc)

One thing I have noticed is that navigating to support.panas.nl/servicemanager generates a significantly URL than customer.hornbill.com/panashornbill/servicemanager does. (about double/triple the length)

Surely we're not the first ones to try this, someone must have gotten this to work! ;-)

Happy holidays,

Alex

Link to comment
Share on other sites

Hello all, 

Just an update: I noticed that proxying support.panas.nl/whatever/ to our instance does work, and that the error only occurs when trying to proxy the root support.panas.nl to our instance. Will continue playing with this tomorrow. 

Updating this starts to feel like some kind of diary, I hope someone gets something useful out of this! 

Best regards, 

Alex

Link to comment
Share on other sites

Hi @TrevorKillick,

So I got the thing working with https://support.panas.nl/[INSTANCENAME]/ by loading the API and support subdomain and triple checking that all modules were loaded. (it tripped over wstunnel once, but that's nothing a2enmod can't fix)

I can't however for the life of me get the thing to proxy to "just" https://support.panas.nl/. When trying this I get the 502 error. Apache gives this as the error: 
 

[Tue Jan 03 12:20:28.394887 2017] [ssl:warn] [pid 20114] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Jan 03 12:20:28.396196 2017] [ssl:warn] [pid 20114] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 03 12:20:28.402392 2017] [mpm_prefork:notice] [pid 20114] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.20 OpenSSL/1.0.1f configured -- resuming normal operations
[Tue Jan 03 12:20:28.402458 2017] [core:notice] [pid 20114] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jan 03 12:22:33.566619 2017] [ssl:warn] [pid 20178] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 03 12:22:32.594522 2017] [mpm_prefork:notice] [pid 20114] AH00169: caught SIGTERM, shutting down

Does this mean that Cloudflare does not support RFC 4366?
Is there a way to have it reverse proxy to 'just' a domain without exposing endusers to our instancename at all? 

Pastebin for config: http://pastebin.com/89mpeG8b

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...