Apache ProxyPass ! directive

[chongma]

For support, please use our forums: http://forums.sentora.org/, you can search for solutions there. Feel free to open a new question if none of the threads solve your problem. Please, do NOT use this issue tracker for support.

For bug reports please provide the following information:

Operating System: CentOS7 Operating System Version number: centos-release-7-3.1611.el7.centos.x86_64 Sentora Version: 1.0.3 Issue: Declaring the following directives in vhosts.conf

ProxyPass "/.well-known/" !             # don't pass lets encrypt folder
ProxyPass "/" ajp://localhost:8010/     # pass root to tomcat server

should result in .well-known folder NOT being proxy passed. However it is still passed How to reproduce it: In Module Admin->Apache Config choose a virtual host. enter the directives above. try to access .well-known but the folder has been passed to tomcat and gets a tomcat 404 error Suggested fix or solution if you have any: check httpd configuration for anything that may be blocking mod_proxy and the ProxyPass directive from functioning correctly

Thank you on the behalf of the Sentora Team.

V 0.0.2

[chongma]

it seems to only happen when using SSL. i.e. after Sentora rewrites port 80 to 443 using Apache Config

<virtualhost *:80>
ServerName domain.tld
ServerAdmin administrator@domain.tld
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</virtualhost>

[MBlagui]

I don't this we should use this routine any more. HTTP to SSL redirection should be done another way.

We will clean this after the release quickly.

[chongma]

this page https://httpd.apache.org/docs/2.4/rewrite/avoid.html recommends to use Redirect

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>

[PhilipMcGaw]

It would be better to redirect to the same full URL as requested on non https.

That way you don't just dump people at the front page of your site when they click a link into your domain.

Sent from my iPhone

On 14 Mar 2017, at 17:38, Matthew Broadhead notifications@github.com wrote:

this page https://httpd.apache.org/docs/2.4/rewrite/avoid.html recommends to use Redirect

<VirtualHost *:80> ServerName www.example.com Redirect "/" "https://www.example.com/"

<VirtualHost *:443> ServerName www.example.com

... SSL configuration goes here

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[chongma]

I haven't tested it but that is how Apache recommends redirecting to HTTPS. I assumed it would redirect anything above the root. Have you checked? Otherwise I will test tomorrow and report back

[PhilipMcGaw]

Nope that configuration slaps everything back to the root as it doesn't know better.

Chances are you will get wonderful browser errors telling you the redirect won't work.

Sent from my iPhone

On 14 Mar 2017, at 22:35, Matthew Broadhead notifications@github.com wrote:

I haven't tested it but that is how Apache recommends redirecting to HTTPS. I assumed it would redirect anything above the root. Have you checked? Otherwise I will test tomorrow and report back

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[MBlagui]

The redirect should be in .htaccess if you want to enforce the SSL instead of the vhost.

We will see later how we improve the SSL implementation

[PhilipMcGaw]

Htaccess costs less cpu time.

Sent from my iPhone

On 15 Mar 2017, at 20:21, Mehdi B notifications@github.com wrote:

The redirect should be in .htaccess if you want to enforce the SSL instead of the vhost.

We will see later how we improve the SSL implementation

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[PhilipMcGaw]

Vhost costs less cpu time than htaccess. Vhost is the best place for this.

Sent from my iPhone

On 15 Mar 2017, at 20:21, Mehdi B notifications@github.com wrote:

The redirect should be in .htaccess if you want to enforce the SSL instead of the vhost.

We will see later how we improve the SSL implementation

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[chongma]

I have tested Redirect "/" "https://www.example.com/" on virtualbox and it works perfectly well. it does not redirect to the root. i tested with

• example.com/index.html
• example.com/test.html
• example.com/subdir/test.html

and all redirected through from http to https with absolutely no problem

[MBlagui]

We first implement a clean Vhosts with support for SSL then we will see if we can tune the performance and add a check box to enforce SSL.

[TGates71]

Changed/fixed with v2 and new SSL module.