Apache proxy redirect

Discussion in 'ISPConfig 3 Priority Support' started by Jemt, Feb 21, 2021.

  1. Jemt

    Jemt Member HowtoForge Supporter

    I have multiple websites running like this:
    Each folder has different content.

    Now I would like to be able to associate a real domain with any of the websites in one of these folders.
    E.g http://company.com should display the content from http://name.com/85462816, while keeping company.com in the address bar of the browser.

    I figured I could use the Proxy redirect under settings for the company.com website, but unfortunately that results in a real redirect, taking the user from company.com to name.com/85462816 in the browser.


    The configuration above results in the following entry in my vhost file:
    RewriteRule ^/(.*)$ http://name.com/85462816/$1 [P]

    Is the Proxy flag not what I am looking for? Or is something here broken?

    These are the Apache modules currently loaded (apache2ctl -M):
    Loaded Modules:
    core_module (static)
    so_module (static)
    watchdog_module (static)
    http_module (static)
    log_config_module (static)
    logio_module (static)
    version_module (static)
    unixd_module (static)
    access_compat_module (shared)
    actions_module (shared)
    alias_module (shared)
    auth_basic_module (shared)
    auth_digest_module (shared)
    authn_core_module (shared)
    authn_file_module (shared)
    authz_core_module (shared)
    authz_groupfile_module (shared)
    authz_host_module (shared)
    authz_user_module (shared)
    autoindex_module (shared)
    cgi_module (shared)
    dav_module (shared)
    dav_fs_module (shared)
    deflate_module (shared)
    dir_module (shared)
    env_module (shared)
    fastcgi_module (shared)
    fcgid_module (shared)
    filter_module (shared)
    headers_module (shared)
    include_module (shared)
    mime_module (shared)
    mpm_prefork_module (shared)
    negotiation_module (share)
    passenger_module (shared)
    php5_module (shared)
    proxy_module (shared)
    proxy_fcgi_module (shared)
    proxy_http_module (shared)
    python_module (shared)
    reqtimeout_module (shared)
    rewrite_module (shared)
    setenvif_module (shared)
    socache_shmcb_module (shared)
    ssl_module (shared)
    status_module (shared)
    suexec_module (shared)

    I'm monitoring the error log for company.com, but there is no errors being emitted, when requesting company.com in the browser.
    tail -f /var/www/company.com/log/error.log

    Notice: name.com and company.com are not the actual domains of course.

    I'm stuck here so any help would be greatly appreciated - thanks

  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I think it would be better to move the content of the sites to the web folder of the newly created web, also due to traffic limits. Why wouldn't you do that?
  3. Jemt

    Jemt Member HowtoForge Supporter

    @Th0m Unfortunately that's not an option. The content is generated by a CMS shared by all the folders. So that would require a LOT of redundant CMS installations. I appreciate the suggestion though :)
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Are you sure that the redirect is done by apache and not by your cms? Another option might be that you have other redirects in a htaccess file or in the main website which conflicts with that setting.
  5. Jemt

    Jemt Member HowtoForge Supporter

    Hi @till
    The CMS generates static content, so there is no server side code complicating things.
    And we can completely take name.com out of the equation.
    Consider the following screenshot from Chrome. In this case I'm using a test domain which is supposed to load "name.com"/12345678 via proxy. But as you can see, a permanent redirect is being issued.
    I have tried this from numerous devices and browser instances, most of which have never loaded the test domain before. I've tried different internet connections, in case the Permanent Redirect was cached in my router.
  6. Jemt

    Jemt Member HowtoForge Supporter

    Wait a second.. name.com redirects http:// to https:// - that's the problem. Sorry guys. Thanks for pointing me in the right direction.
    till likes this.
  7. Jemt

    Jemt Member HowtoForge Supporter

    @till I just found what I believe is a bug.
    https://company.com now loads https://name.com/xyz, but that doesn't work because the proxy rewrite rule is defined without "SSLProxyEngine on".

    SSLProxyEngine on
    RewriteRule ^/(.*)$ https://name.com/xyz/$1 [proxy]
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  9. Jemt

    Jemt Member HowtoForge Supporter

    @Th0m I completely forgot about that.
    However, wouldn't it make sense to have ISPConfig add "SSLProxyEngin On" when redirecting to https:// ?
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Yes, maybe we should. @till wdyt?
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Not sure if we should do that, from Apache manual:

    So if we add it, then we should limit it to the absolute nescessary cases.
    Jemt likes this.
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Probably best thing to do is not add it and let user it configure it when they need it.
  13. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    ISPConfig uses reverse proxy mode, so this note doesn't apply to our case.

    I think for a vhost which has a single redirect, if the destination is https:// it could make sense to enable SSLProxyEngine. But that setting applies to the entire virtual host definition, and we have cases where we add multiple redirects (ie. add a subdomain/aliasdomain with a redirect), and there doesn't seem to be a clearly correct thing to do if redirects to both http and https are present.
    till likes this.
  14. Jemt

    Jemt Member HowtoForge Supporter

    Personally I would much rather have the proxy option limited to HTTP, if HTTPS doesn't work out of the box. Being able to - so easily - configure something that doesn't work, seems like an inappropriate user interface design. Just my 5 cents :)

Share This Page