[users@httpd] Issue with REST API payload response

[Christina Carmosino]

Hi everyone!

We have a Java application deployed to a WebLogic application server as well as 
a separate Sencha ExtJS based application deployed directly to the document 
root of our Apache server. Apache is configured to reverse proxy the requests 
to the backend Java application and the Sencha application is configured to 
make REST API calls to the backend Java application via the proxy URL. So our 
URLs look something like:

Web URL for Java app: https://example.com/javaapp --> this is reverse proxying 
to WebLogic
Web URL for Sencha app: https://example.com/senchaapp --> this is just a folder 
called 'senchaapp' under Apache's document root, inside 'senchaapp' folder we 
are making REST calls to https://example.com/javaapp

We are seeing some strange behavior where certain REST API calls fail when 
accessing the Sencha application through Apache. We have tried deploying the 
Sencha application to the Java application itself (by adding the same folder 
which sits in the document root of the web server to the root of the WAR file) 
and the REST API calls are working as expected when we access it through the 
application server URL which leads us to believe there is an issue with our 
Apache configuration somewhere.

This is the behavior we are expecting:

  *   Login to the Sencha application
  *   Dashboard loads
  *   Reload the page
  *   Login again
  *   Dashboard loads

This is the behavior we are seeing:

  *   Login to the Sencha application
  *   Dashboard loads
  *   Reload the page
  *   Login again
  *   Spinning page

>From developer tools in Firefox, the request that is failing is a REST API 
>call that returns an unexpected payload response (even though status code is 
>200 for the request):
layName":"10 Character"},{"code":"C9","displayName"HTTP/1.1 200 
OKCache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, 
pre-check=0, private
Date: Thu, 20 Sep 2018 23:00:43 GMT
Pragma: no-cache
Content-Length: 324
Content-Type: application/json
Expires: Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified: Thu, 20 Sep 2018 23:00:43 GMT
X-V3-APP: ---
X-FRAME-OPTIONS: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-WebKit-CSP: script-src 'self' 'unsafe-inline' 'unsafe-eval'; options 
inline-script eval-script; xhr-src 'self'; form-action 'self'; connect-src 
'self'; reflected-xss block
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; 
options inline-script eval-script; xhr-src 'self'; form-action 'self'; 
connect-src 'self'; reflected-xss block
X-XSS-Protection: 1
X-Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; 
options inline-script eval-script; xhr-src 'self'; form-action 'self'; 
connect-src 'self'; reflected-xss block
{"items":[{"internalName":"xx","seqNo":1,"analyticsConfig":{"trackingName":"xx","variables":{"page_l4":"landing","page_l2":"mobile
 
app","page_l3":"x","page_l1":"x"}},"name":"Home","icon":{},"subDashboard":false,"id":"","widgetLayout":"GR"}],"totalRecordsCount":1}

When we really are only expecting the payload response to return that last part:
{"items":[{"internalName":"xx","seqNo":1,"analyticsConfig":{"trackingName":"xx","variables":{"page_l4":"landing","page_l2":"mobile
 
app","page_l3":"x","page_l1":"x"}},"name":"Home","icon":{},"subDashboard":false,"id":"","widgetLayout":"GR"}],"totalRecordsCount":1}

Has anyone ever seen this before and knows what is causing it?  I have attached 
our httpd.conf file for reference.

Any help would be greatly appreciated!

Thanks,
Christina

This e-mail message and any files transmitted with it may contain confidential 
and proprietary information and are intended solely for the use of the 
individual or entity to which they are addressed. Any unauthorized review, use, 
disclosure or distribution is strictly prohibited. If you have received this 
e-mail in error please notify the sender by reply email and destroy all copies 
of the original message. Thank you for your cooperation.


httpd.conf
Description: httpd.conf

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

[Filipe Cifali]

Osman,

I think you really need to understand the things you are using before
trying to actually use them.

You need to have an IP address to point the proxy, even if it's 127.0.0.1
on some random port like 3000.

You don't really need to pay for a domain, there are "free" services that
provide you with a DNS entry you can point to where you want BUT, and a BIG
BUT, they have their own rules and you probably won't have full control of
it, which can be quite bad for a service.

As Frank already pointed, Proxies are agnostic for ENV variables, CGI or
whatever is behind the proxy, they CAN inject some info but that's very
specific and doesn't seems to be your case.

The IP of the reverse proxy is where the httpd daemon is Listening on, you
configure that and when it's running you can check what ports are open
using tools like 'ss' or 'netstat' on Linux. If you want it to be always
working, you need to have the service always online, be a VPS, a cloud
computing node or your own computer (leaving him turned on always).

These things are not REALLY attached to httpd itself but are more
conceptual to *any* webserver, dns, proxy that you may use. I encorage you
to first learn how they work (even in high level, doesn't need to go into
details of the source code) before trying to use / set them up, otherwise
you will hit some bugs by not understanding what you are actually doing.

Also, whenever you want to share files with a mailinglist, I recommend you
to post into a pastebin / gist or anywhere online, otherwise you are
sending this to all the users in the mailing list, even if they are just
text files.

On Thu, Sep 20, 2018 at 3:59 PM Osman Zakir 
wrote:

> If I'm using a reverse proxy, do I need the IP address of the reverse
> proxy server?  And if so, how do I get the IP address of the reverse proxy
> server (if you don't want to tell, please point me to a resource I read
> about it on)?  I got a free subdomain name from subdomain.net.  So do I
> put Apache's IP address (if I can find it) in for IP used by the host name
> in my hosts file?
> --
> *From:* Eric Covener 
> *Sent:* Thursday, September 20, 2018 9:20 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy
>
> On Thu, Sep 20, 2018 at 10:57 AM Osman Zakir 
> wrote:
> >
> > I haven't changed what I'm saying my problem is that much.  I'm probably
> having a hard time explaining it.
> >
> > The host name seems to be the main problem, though, aside from the
> environment variables.  I don't have a host name.  I'd prefer it if I could
> get a free subdomain and get my server to take it (without having to pay
> any money if possible).
>
> The server doesn't "take" a hostname. If you have a domain, you need
> to setup the DNS outside of the webserver to point to the right IP
> address. Or, mock it up on your workstation with your local host file.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

-- 
[ ]'s

Filipe Cifali Stangler

[users@httpd] Apache PHP-FPM unix domain sockets questions

[Rose, John B]

After looking at the documentation on httpd.apache.org and wiki.apache.org I 
have a few questions ...


  1.  I have seen examples of both "ProxyPassMatch" and "SetHandler" used to 
implement Unix Domain Sockets. Which is better?


   2. On the wiki page it says "Using too many sockets will cause apache to 
give a (99)Cannot assign requested address: error"


  If PHP-FPM is configured to use "ondemand" does this help avoid that 
problem?


  3. If "ondemand" is used in PHP-FPM, is it still advisable to tweak 
/proc/sys/net/ipv4/tcp_tw_reuse?


  4. What are some advisable ways to determine an ideal value for "ulimit" 
if using Unix Domain Sockets?




Thanks

Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

[Osman Zakir]

If I'm using a reverse proxy, do I need the IP address of the reverse proxy 
server?  And if so, how do I get the IP address of the reverse proxy server (if 
you don't want to tell, please point me to a resource I read about it on)?  I 
got a free subdomain name from subdomain.net.  So do I put Apache's IP address 
(if I can find it) in for IP used by the host name in my hosts file?

From: Eric Covener 
Sent: Thursday, September 20, 2018 9:20 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

On Thu, Sep 20, 2018 at 10:57 AM Osman Zakir  wrote:
>
> I haven't changed what I'm saying my problem is that much.  I'm probably 
> having a hard time explaining it.
>
> The host name seems to be the main problem, though, aside from the 
> environment variables.  I don't have a host name.  I'd prefer it if I could 
> get a free subdomain and get my server to take it (without having to pay any 
> money if possible).

The server doesn't "take" a hostname. If you have a domain, you need
to setup the DNS outside of the webserver to point to the right IP
address. Or, mock it up on your workstation with your local host file.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

[Eric Covener]

On Thu, Sep 20, 2018 at 10:57 AM Osman Zakir  wrote:
>
> I haven't changed what I'm saying my problem is that much.  I'm probably 
> having a hard time explaining it.
>
> The host name seems to be the main problem, though, aside from the 
> environment variables.  I don't have a host name.  I'd prefer it if I could 
> get a free subdomain and get my server to take it (without having to pay any 
> money if possible).

The server doesn't "take" a hostname. If you have a domain, you need
to setup the DNS outside of the webserver to point to the right IP
address. Or, mock it up on your workstation with your local host file.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

[Osman Zakir]

I haven't changed what I'm saying my problem is that much.  I'm probably having 
a hard time explaining it.

The host name seems to be the main problem, though, aside from the environment 
variables.  I don't have a host name.  I'd prefer it if I could get a free 
subdomain and get my server to take it (without having to pay any money if 
possible).

Previously, I hadn't added any values to the PassEnv directives in httpd.conf; 
I just added those recently.  Do I need to put double-quotes around the values, 
or is it without double-quotes?

From: Frank Gingras 
Sent: Thursday, September 20, 2018 6:05 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

I'm afraid that you're not capable of formulating a coherent question or 
problem. As such, I'm probably going to lose interest in this thread.

On Wed, Sep 19, 2018 at 8:24 PM Osman Zakir 
mailto:osmanzaki...@hotmail.com>> wrote:
I went to the app with the reverse proxy but the Google Map didn't display.

I read about DNS, but my problem is just how to get my server app to take the 
subdomain I want it to take.  I get the feeling that I need to find a place 
where I can put the server application so that it'll take the domain name.  But 
there aren't any web hosts that would accept an actual web server app aside 
from a VPS.  I could use a CGI script, but I'll have to change my app and I 
don't even know how I can make the current HTML file I have work with a CGI 
script (also, can a CGI script take environment variables?)?



From: Frank Gingras mailto:thu...@apache.org>>
Sent: Thursday, September 20, 2018 5:15 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

The first step would be to provide useful troubleshooting information. Use curl 
on the server. Read about networking and DNS, in general.

As for the environment variables, proxying shouldn't affect those. Can you 
describe the issue you have with those, in detail?

On Wed, Sep 19, 2018 at 7:24 PM Osman Zakir 
mailto:osmanzaki...@hotmail.com>> wrote:
I tried to navigate to the app with the virtual host URL on MS Edge and got 
"Hmm...We can't reach this page".  I don't know how to map a domain or 
subdomain to my server app, either.

And I need to know how to get the environment variables to work with Apache's 
reverse proxy.  Again: the environment variables are in the C++ server 
application to begin with and the frontend needs to get them so it request for 
them.  The app works perfectly on localhost, so I just need to deploy it.

From: Frank Gingras mailto:thu...@apache.org>>
Sent: Thursday, September 20, 2018 4:14 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

It would be better if you explained your current problem better instead of 
using expressions like "doesn't seem to be working correctly".

As for the testing, you can use curl on the server itself to see if httpd can 
reach the backend.

On Mon, Sep 17, 2018 at 2:38 PM Osman Zakir 
mailto:osmanzaki...@hotmail.com>> wrote:

I already figured I'd have to keep Apache running at all times.


I'd like it if you guys were to read my httpd.conf and the virtual host 
configuration file to see if I did it correctly.  I did read the documentation 
for it, but I'm not sure if I did correctly and the virtual host also doesn't 
seem to be working correctly (I tried to navigate to the site after starting 
Apache httpd as a service, but it didn't work; how do I correctly navigate to a 
proxied app on Apache?).


Thanks in advance.


From: Frank Gingras mailto:thu...@apache.org>>
Sent: Sunday, September 9, 2018 8:17:34 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Want to Deploy Web App Behind a Reverse Proxy

See http://httpd.apache.org/docs/2.4/howto/reverse_proxy.html and 
http://www.apachetutor.org/admin/reverseproxies.

You do need to have a httpd instance running at all times; how else do you 
think it will serve requests?

Lastly, your comment about the documentation is a bit odd - perhaps you could 
offer constructive comments on specific sections instead, so that we could work 
on improving it. A lot of folks dedicated a lot of time writing it, and even 
more would benefit from improvements.

On Thu, Sep 6, 2018 at 7:42 PM Osman Zakir 
mailto:osmanzaki...@hotmail.com>> wrote:

I have a web application I want to deploy behind a reverse proxy.


Do I have to do this on my own computer with the instance of the Apache HTTP 
Server that I've installed on my machine, or is it possible to do this on the 
Apache somehow as well?  If possible, I'd like to do the latter because I'd 
prefer not having to always keep my computer on.


The reason I want a reverse proxy is

Re: [users@httpd] Reverse proxy

[Frank Gingras]

Listen 8001 and Listen 127.0.0.1:8000 would do it.

On Thu, Sep 20, 2018 at 7:58 AM @lbutlr  wrote:

> If I have a secondary web service service running on www.example.com:8000
> and I want to create a reverse proxy on port 8001, how do I prevent users
> from connecting to :8000 anyway?
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

[users@httpd] Reverse proxy

[@lbutlr]

If I have a secondary web service service running on www.example.com:8000 and I 
want to create a reverse proxy on port 8001, how do I prevent users from 
connecting to :8000 anyway?



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Re: DocumentRoot in ProxyPass?

[@lbutlr]

On 19 Sep 2018, at 14:41, Eric Covener  wrote:
> On Wed, Sep 19, 2018 at 4:35 PM @lbutlr  wrote:
>> 
>> Is it possible to do something along these lines in the apache.conf files?
>> 
>> DocumentRoot /usr/local/www/roundcube/
>> ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000${DocumnetRoot}$1
>> 
>> (that is, not have to repeat the information that is already in the 
>> configuration)
> 
> Not automatically like that, but e.g.:
> 
> # Will also use native environment variable if not found as a 'Define'
> Define ROOT /var/www
> DocumentRoot ${ROOT}
> 
>  Require all granted
> 

Six of one, half a dozen of the other, I suppose. I just wrote a script to 
parse all the conf files, extract the document root, and add the fcgi line 
after it.

It is annoying to have to do this for every domain, but so it goes.

But thanks, that is good to know for future reference, it will make generating 
a ne domain conf file simpler.

cat domain_info > /path/to/confs/domain.conf
cat default_conf >> /path/to/confs/domain.conf

How about this:

Define DOMAIN example.com
Define ROOT /www/${DOMAIN}
Define ALIAS www.${DOMAIN}

Eh, I should just try it. How bad can it be? :)

-- 
No matter how fast light travels it finds the darkness has always got
there first, and is waiting for it.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] REMOTE_USER is not available at the time of external function call in httpd RewriteMap

[Chudamani Padhan]

Hi,
I am trying to set HTTP basic auth header for an user which is already
authenticated by external application. For doing that, we have to set
base64 encoded of "username:dummy"  where password is any dummy value.  In
ssl config, REMOTE_USER is getting captured properly in RequestHeader(Line
5) but not in RewriteRule (Line 3).  In line 3, I tried with REMOTE_USER,
LA-U:REMOTE_USER, HTTP:REMOTE_USER. But all these variables are null. Am I
missing any config here?


ssl.conf

Line 1- RewriteEngine on
Line 2- RewriteMap base64map "prg:/opt/scripts/base64.pl"
Line 3- RewriteRule .* -
[E=AUTHN:${base64map:%{LA-U:REMOTE_USER}:%{LA-U:REMOTE_USER}},NE]
Line 4- RequestHeader set Authorization "Basic %{AUTHN}e"

Line 5- RequestHeader set X-Remote-User2 %{REMOTE_USER}s

Thanks,
Chudamani