Question regarding Reverse Proxy Feature

Hi,

I am using the latest RC4 and have the following issue.
I am using the Reverse Proxy-Feature and have the current environment:
Server1: Nethserver
Server2: A Windows Server with Tomcat (not my one :poop:) that has a website on port 80 in a path named /crappyname (http only).
What I want to do:
I am accessing the Internet and all HTTP(S) traffic is directed to my Server1 (Nethserver). On my Nethserver my homepage www.company.com is running with SSL enforcing enabled. Now I want to open https://company.com/portal that should show me what I can see internally on http://server2/crappyname.
So there are 2 things:

  1. Add the SSL encryption to the Internet
  2. Use a simple name (/portal) instead of a complicate one (/crappyname).

What I did:

  • I enabled the “Reverse Proxy” Feature via Software Center
  • Configured the following at “Reverse Proxy” Feature:
    – Name: portal
    – Target: http://10.11.12.13:80/crappyname (IP of the internal server)
    – Require SSL Connection: active
    – Description: Crappyname Portal

What I have now:
I open https://company.com/portal and after some time (I assume the Chrome timeout) I have in my address field http://10.11.12.13/crappyname - what the target is.
Is the Reverse Proxy the wrong solution for this? If yes: what is it for - maybe I have a missunderstanding of that phrase. If no: what can be the bug?

Your setup seems correct to me.
Have a look in /var/log/httpd/access.log (and error.log just in case).

You if run curl http://10.11.12.13/crappyname on nethserver, do you reach the right page?

Hi,

the ProxyPass.conf looks like this

SSLProxyEngine on
# ProxyPass: portal
# Description: Portal
ProxyPass	/portal	http://10.11.12.13:80/crappyname
ProxyPassReverse	/portal	http://10.11.12.13:80/crappyname
<Location /portal>
    SSLRequireSSL
</Location>

the log shows this line 2 times when I try to open the website

31.16.111.XXX - - [25/Jan/2017:18:45:31 +0100] "GET /portal HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"

what the curl command should return in the console? For me it returns the code of the Website

(Remark: first version of this post had a missing trailing / at the curl-command. So curl http://10.11.12.13/crappyname/ is the correct command

The webpage of the crappy tomcat app.
You could omit “:80”, but it shouldn’t make a difference.

See the edit in my post. The trailing / was missing.

What I am wondering is, that I see the internal address behind the reverse proxy in my Browsers address bar. In theory my browser should not know this, as far as I understood the functionality of the reverse proxy.

Edit:
I figured out, that I also had no trailing / at the end of the Reverse Proxy configuration.
After I added this, something is happening, but ends up in a blank page. The access.log shows, that there is some traffic and some files are loaded.

Edit2:
I did more research this evening. And figured out that is must be something with the reverse Proxy. I assume, that the javascripts in that folder trying to execute something that may lead into this issues.
If I have a PC in the same LAN as the Reverse Proxy and try to open the Portal via Reverse Proxy, I have the issue. If I use the server instead, it works. That eleminates everything else in the network (i.e. the Firewall between DMZ and internal network).
In the next step I investigated the website with the debugger of the browser. I figured out if I call http://nethserver/portal, there are some 404 errors:

Maybe again a tailing slash missing…? Yepp…

Never the less: The application itself cannot be accessed. Do you know how the Reverse Proxy is reacting to HTML5?

In the next step I tried the same from external with Hostnames instead of internal with IP.
If I use http://mycompany.com/portal, like internally, I get an empty page with 404 errors. If I use http://mycompany.com/portal/ it results in the same end like internally.
I will ask the provider of the appliance what exactly they are using. Except of “HTML5” the engineer I talked to told me…

I’m not an expert, but, based on how the crappy app works, you may need additional options to modify pages.
Examples on the net use the ProxyHTMLURLMap directive.
The “crappy developer” should be your best source of information. :slight_smile:

You probably need also to set special headers.
Not all web applications work well with proxy pass :frowning: