Setting up the Apache HTTP Server Proxy

Last modified by Lane Duncan on 2024/03/19

Example inpired from https://www.myxwiki.org (with only the important parts):

  • any acces to port 80 redirect to port 443
  • proxy the port 443 to the port 8080 (where most application servers are listening by default)
  • redirect / access to /xwiki/
  • make sure XWiki have enough information to know what is the source URL
  • make sure that special characters like / and + are allowed
  • Mind the "noncanon" keyword. Without it, URLs containing semicolons will be mangled
  • Tomcat server.xml should include the following connector attributes (default: 8080 connector) in order to avoid some "mixed protocol" failures:
    • proxyName="my.wiki.hostname" 
    • proxyPort="443" 
    • scheme="https" 
      <Connector port="8080" protocol="HTTP/1.1"
                    connectionTimeout="20000"
                    proxyName="wiki.example.com"
                    proxyPort="443"
                    scheme="https"
                    redirectPort="8443"
                    maxParameterCount="1000"
                    />

Sample apache httpd conf file

<VirtualHost *:80>
  ServerName mydomain.com
  ServerAlias *.mydomain.com

  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
  ServerName mydomain.com
  ServerAlias *.mydomain.com

  DocumentRoot /var/www/

  ErrorLog /var/log/apache2/xwiki-error.log
  CustomLog /var/log/apache2/xwiki-access.log combined

  RedirectMatch ^/$ /xwiki/

 <Location /xwiki>
    Order Deny,Allow
    Satisfy Any
 </Location>

  AllowEncodedSlashes NoDecode

  ProxyRequests Off
 <Proxy *>
    Order deny,allow
    Allow from all
 </Proxy>
  ProxyPreserveHost On
  ProxyPass /xwiki http://localhost:8080/xwiki nocanon
  ProxyPassReverse /xwiki http://localhost:8080/xwiki

  ## Workaround for https://bz.apache.org/bugzilla/show_bug.cgi?id=58001 (ProxyPreserveHost does not includes Forwarded)
  RequestHeader set Forwarded "proto=https"

  # TODO: add your SSL setup
</VirtualHost>
Tags:
   

Get Connected