Alex8000 Posted December 7, 2016 Share Posted December 7, 2016 Goodmorning all, We have configured a reverse proxy for our customers so that they will be able to access our instance through a subdomain of ours. The wiki states that the service.network.allowedOriginDomains setting will have to be changed in order to for anyone be able to access the instance from that subdomain. If anyone reading this is interested in also configuring a reverse proxy I would be happy to share our setup details! Would someone be so kind as to add our subdomain to the service.network.allowedOriginDomains setting of our instance? Best regards, Alex Link to comment Share on other sites More sharing options...
TrevorKillick Posted December 7, 2016 Share Posted December 7, 2016 Good Morning @Alex8000 What domain name would you like to be set? We would also need you confirm a date and time when you would be happy for a quick (less than a minute) reboot of the services to allow this new setting to be picked up, we recommend a time out of your normal working hours for the minimum disruption. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Alex8000 Posted December 7, 2016 Author Share Posted December 7, 2016 Hi @TrevorKillick, support.panas.nl would be terrific! If you would be able to do it within 26 minutes then the reboot could happen right away (before 12:00 UK)! If not it can be done from 16:00 UK time. Link to comment Share on other sites More sharing options...
TrevorKillick Posted December 7, 2016 Share Posted December 7, 2016 Hi @Alex8000 the setting has been changed I will get cloud to bump the services, let me know how it goes i will keep an eye on this thread. The services have been restarted. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Alex8000 Posted December 7, 2016 Author Share Posted December 7, 2016 Hi @TrevorKillick, Thanks! Do you know if the instance has been restarted yet? Getting a 403 at the moment. Best regards, Alex Link to comment Share on other sites More sharing options...
TrevorKillick Posted December 7, 2016 Share Posted December 7, 2016 Hi @Alex8000 It has, i will get one of our cloud guys to take a look and i will get back to you. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Alex8000 Posted December 7, 2016 Author Share Posted December 7, 2016 @TrevorKillick, please note that the public DNS record for support.panas.nl is not currently pointing at the reverse proxy. I have a record in my hosts file pointing to 95.85.57.127 in order to test this. Link to comment Share on other sites More sharing options...
TrevorKillick Posted December 7, 2016 Share Posted December 7, 2016 Hi @Alex8000 We think there is some configuration missing from the documentation, can you provide a copy of the configuration you are using and if its Apache or Nginx that you are using for the Proxy. Thanks Trevor Killick Link to comment Share on other sites More sharing options...
Alex8000 Posted December 27, 2016 Author Share Posted December 27, 2016 Hi @TrevorKillick, Sorry for the delay. I have only now gotten around to giving it another go. Reinstalled LAMP and did everything by the book, unfortunately I am still getting the same error. VirtualHost file: <VirtualHost *:443> ServerAdmin webmaster@panas.nl DocumentRoot /var/www/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off # Set the path to SSL certificate # Usage: SSLCertificateFile /path/to/cert.pem SSLCertificateFile /etc/apache2/ssl/certificate.crt SSLCertificateKeyFile /etc/apache2/ssl/certificate.key ProxyRequests off ProxyPreserveHost On ProxyPass / https://customer.hornbill.com/*instancename*/ ProxyPassReverse / https://customer.hornbill.com/*instancename*/ ServerName support.panas.nl </VirtualHost> apache2.conf loaded modules: LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so ports.conf Listen 80 Listen 443 Unfortunately I am still getting the following. Thanks in advance! I am running out of ideas as to how to fix this ;-) The A-record to support.panas.nl has been configured. You should run into the same error when going to that URL. Best regards, Alex Link to comment Share on other sites More sharing options...
Alex8000 Posted December 27, 2016 Author Share Posted December 27, 2016 After setting ProxyRequests Off ProxyPreserveHost Off in the virtual host file I am now getting a 502 error.. That's progress.. maybe? https://i.imgur.com/xaIHoFa.png Best Regards, Alex Link to comment Share on other sites More sharing options...
Alex8000 Posted December 28, 2016 Author Share Posted December 28, 2016 Hi @TrevorKillick, all, Just to be sure, do I need to reverse proxy every subdomain for this to work? (i.e. api.*, service.*, live,* etc) One thing I have noticed is that navigating to support.panas.nl/servicemanager generates a significantly URL than customer.hornbill.com/panashornbill/servicemanager does. (about double/triple the length) Surely we're not the first ones to try this, someone must have gotten this to work! ;-) Happy holidays, Alex Link to comment Share on other sites More sharing options...
Alex8000 Posted December 28, 2016 Author Share Posted December 28, 2016 Hello all, Just an update: I noticed that proxying support.panas.nl/whatever/ to our instance does work, and that the error only occurs when trying to proxy the root support.panas.nl to our instance. Will continue playing with this tomorrow. Updating this starts to feel like some kind of diary, I hope someone gets something useful out of this! Best regards, Alex Link to comment Share on other sites More sharing options...
Alex8000 Posted January 3, 2017 Author Share Posted January 3, 2017 Hi @TrevorKillick, So I got the thing working with https://support.panas.nl/[INSTANCENAME]/ by loading the API and support subdomain and triple checking that all modules were loaded. (it tripped over wstunnel once, but that's nothing a2enmod can't fix) I can't however for the life of me get the thing to proxy to "just" https://support.panas.nl/. When trying this I get the 502 error. Apache gives this as the error: [Tue Jan 03 12:20:28.394887 2017] [ssl:warn] [pid 20114] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache] [Tue Jan 03 12:20:28.396196 2017] [ssl:warn] [pid 20114] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Tue Jan 03 12:20:28.402392 2017] [mpm_prefork:notice] [pid 20114] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.20 OpenSSL/1.0.1f configured -- resuming normal operations [Tue Jan 03 12:20:28.402458 2017] [core:notice] [pid 20114] AH00094: Command line: '/usr/sbin/apache2' [Tue Jan 03 12:22:33.566619 2017] [ssl:warn] [pid 20178] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Tue Jan 03 12:22:32.594522 2017] [mpm_prefork:notice] [pid 20114] AH00169: caught SIGTERM, shutting down Does this mean that Cloudflare does not support RFC 4366? Is there a way to have it reverse proxy to 'just' a domain without exposing endusers to our instancename at all? Pastebin for config: http://pastebin.com/89mpeG8b Link to comment Share on other sites More sharing options...
TrevorKillick Posted January 3, 2017 Share Posted January 3, 2017 Hi @Alex8000 Thanks for continuing to look into this, i will feedback this information to our Cloud Team and see if they can advice further. Kind Regards Trevor Killick Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now