apache 2 proxypassreverse appends virtualhost port

1
votes

I have been trying to setup a reverse proxy using apache 2 mod_proxy and the proxypass & proxypassreverse directives.

I am installing WSO2 Identity Server and wish to access that app using a url such as the following . 

hxxp://myserver.domain.com/wso2/

The myserver.domain.com is accessible on the internet

Internally on my network I have set up a virtualhost running in my apache2 configuration with the following parameters:

For various reasons, port 80 is unavailable and the virtualhost must stay as :8080.

Finally, here is my virtual host configuration

<VirtualHost *:8080>

  <Location /wso2/>
    ProxyPass hxxps://internal.wso2.node:9443/
    ProxyPassReverse hxxs://internal.wso2.node:9443/
  </Location>

 ProxyVia On
 ProxyPreserveHost Off
 ProxyAddHeaders Off
 ProxyRequests Off
 SSLProxyEngine On
 SSLProxyCheckPeerCN Off

 </VirtualHost>

The issue:

I can use my web browser ( Firefox/Chrome) to request the http://myserver.domain.com/wso2/ resource. In my log files I see that the request does hit the apache server and the virtualhost catches the /wso2/ location.

It passes through the proxy and lands on the internal.wso2.node server. however, the product WSO2 IS preforms several redirects which, in the log files I see it requesting the resource with the port appended.

Here is the request flow

  hxxp://myserver.domain.com/wso2/  -> hxxps://internal.wso2.node:9443/
  REDIRECT x3
  hxxps://internal.wso2.node:8080/carbon -> 
  hxxps://internal.wso2.node:8080/carbon/admin/login.jsp

  Back to my web browser
  hxxp://myserver.domain.com:8080/wso2/carbon/admin/login.jsp

For some reason the apache response back appends its virtual host to the url I am requesting.

If I remove the port:8080 and request again the full url it will access the resource fine. However any attempt to access using only http://myserver.domain.com/wso2/ will result in redirects and the port appended.

1
apacheapache2reverse-proxymod-proxy
What Host: header is used here? Has UseCanonicalPhysicalPort directive been overridden? How does the hop from port 80 in client to port 8080 in Apache happen? NAT? HTTP Proxy? Usually the self-referential URL will always be right unless the host header is wrong or UseCanonicalPhysicalPort has been overridden. - covener
The directives UseCanonicalName Off UseCanonicalPhysicalPort Off were not set all, I overwrote them to off and added a ServerName and now it works as expected will post the updated configuration - SevSoft

1 Answers

0
votes

As per covener's suggestion the culprit in this case proved to be the following directives:

UseCanonicalName Off
UseCanonicalPhysicalPort Off

Additionally, the web app I am trying to access makes use of sessions and cookies, therefore we must also proxy those, see the added directives under the ProxyPass & ProxyPassReverse.

Therefore the updated virtualhost configuration file should now look like this

<VirtualHost *:8080>

   ServerName: myServer.domain.com
   UseCanonicalName Off
   UseCanonicalPhysicalPort Off

  <Location /wso2/>
    ProxyPass hxxps://internal.wso2.node:9443/
    ProxyPassReverse hxxs://internal.wso2.node:9443/
    ProxyPassReverseCookiePath / /wso2/
    ProxyPassReverseCookieDomain internal.wso2.node myserver.domain.com
  </Location>

ProxyVia On
ProxyPreserveHost Off
ProxyAddHeaders Off
ProxyRequests Off
SSLProxyEngine On
SSLProxyCheckPeerCN Off

</VirtualHost>