Tuesday, August 13, 2013

Set up reverse proxy & Force https for entire server/domain

Sometime we need to disable http for the entire server/domain, then all applications regardless which web container/server it deployed on, will be only accessible via https.

To do this, we can disable http methods in Apache and use reverse proxy processing all requests to every application which is not with Apache but servlet web containers. And following content shows how to achieve this goal step by step.

Set up reverse proxy


a) Ubuntu: https://help.ubuntu.com/community/ApacheReverseProxy
b) CentOS

Install Apache HTTP Server

Make sure your system is up to date by issuing the following command:
yum update
Enter the following command to install the Apache HTTP Server:
yum install httpd
Issue the following command to start the web server:
/etc/init.d/httpd start
To ensure that Apache starts following the next reboot cycle, issue the following command:
chkconfig httpd on
 
To install PHP support, including common support bundles, issue the following command:
yum install php php-pear

Enabling the Proxy Module

The CentOS package of the Apache HTTP server includes the proxy module. To enable this module, create the /etc/httpd/conf.d/proxy.conf file with the following content.
File excerpt:/etc/httpd/conf.d/proxy.conf
<IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
        #spammers to use your proxy to send email.

        ProxyRequests Off

        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass /app http://localhost:8080/app
        ProxyPassReverse /app http://localhost:8080/app
        # Enable/disable the handling of HTTP/1.1 "Via:" headers.
        # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
        # Set to one of: Off | On | Full | Block

        ProxyVia On
</IfModule>
This turns on proxy support in the module configuration. Please note the warning regarding the ProxyRequests directive. It should be "off" in your configuration. Next, we'll issue the following command to restart Apache:
/etc/init.d/httpd restart
Apache should restart cleanly. If you encounter any issues, you may wish to inspect the logs available under /var/log/httpd/ for more information.

How to create a ssl certificate on Apache


HOWTO: Disable HTTP Methods in Apache

There are a minimum of four components to a mod_rewrite rule; the directive that loads the module, the directive that turns the rewrite engine on, a rewrite condition, and a rewrite rule.
Since mod_rewrite is so commonly used, the directive that loads the module will more likely than not already be present. Search your apache configuraction file(s) for mod_rewrite.so (in /etc/httpd/modules). If it is not found, add the following line to your apache configuration file (typically known as /etc/httpd/confhttpd.conf):
 LoadModule  rewrite_module  path/to/apache/modules/mod_rewrite.so
To enable the rewrite engine and force https for entire server, add the following:
 #
        # Enable the rewrite engine and force https for entire server
        #
        RewriteEngine On 
        RewriteCond %{HTTPS} !=on
        RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

DONE!

 

References:



No comments:

Post a Comment