httpd.conf – Apache 2.4 and Reverse proxy – not redirecting when using VirtualHost

I’m running Apache 2.4 on AWS Linux as httpd. I’ve a single domain, and all requests are directed via /conf/httpd.conf using Listen: 80 and DocumentRoot "/var/www/html". My current domain does use SSL, with the certificates installed on the server.

I’m now at a point where I’d like to introduce a reverse proxy setup to point at another server if a directory match exists. So, for example:
http://my.domain.com/ should be show files from /var/www/html
http://my.domain.com/myAPI/ should be redirected to http://12.34.56.78:9876/

I’ve been attempting to follow the documentation here, and some examples here, and here, but seem to wind up in various states of not being able to start the http daemon, or the daemon successfully starting but not performing any redirects because the /myAPI/ call is not being redirected.

I’ve been attempting various versions of this in /conf/httpd.conf followed by a service restart.

#About line 44 in an otherwise largely unmodified config file
#Listen 80

<VirtualHost *:80>

   ProxyPreserveHost on
   SSLProxyEngine on

   ServerName my.domain.com

   ProxyPass "/myAPI" "http://12.34.56.78:9876/"
   ProxyPassReverse "/myAPI" "http://12.34.56.78:9876/"

</VirtualHost>

Note: I am not running a default-site.conf file. I, quite frankly, am not sure if it will make a difference, and when I’ve tried to set it up I seem to cause a litany of other issues. So if my example is achievable from the default httpd.conf I’d prefer to work in there.

https – How do I handle SSL properly when WP is behind a reverse proxy?

I am running WordPress behind a proxy. The is_ssl() function in wp_includes/load.php will never be able to work in an environment like this because $_SERVER(‘HTTPS’) has no idea how the browser sees the page. All requests are normalized by the proxy.

I can make my site work by changing the is_ssl() function, but now, periodically, WordPress “fixes” my fix when it does auto-updates.

What is the preferred way to deal with this situation? I am currently on v5.7.1 and I don’t even see a way to disable updates. I would rather not disable updates anyhow.

How can I tell WordPress that is_ssl() is always true, and keep it permanently throughout updates?

network manager – Proxy failing because system resolves it using local DNS instead of VPN (Ubuntu 20.04)

I am using an VPN over openconnect through NetworkManager. I also have a proxy server whose configuration is reachable via VPN (at http://wpad/wpad.dat). Sporadically, when I connect to VPN it fails to use the proxy server. I think this is because DNS lookup for the proxy server is failing.

The output of resolvectl status shows both links used for DNS, and the vpn is the default:

Link 5 (vpn0)
      Current Scopes: DNS    
DefaultRoute setting: yes    
       LLMNR setting: yes    
MulticastDNS setting: no    
  DNSOverTLS setting: no    
      DNSSEC setting: no    
    DNSSEC supported: no    
  Current DNS Server: <vpn_dns_a>
         DNS Servers: <vpn_dns_a>    
                      <vpn_dns_b>    
          DNS Domain: ~.    
                      <vpn_dom>

Link 3 (wlo1)
      Current Scopes: DNS    
DefaultRoute setting: yes    
       LLMNR setting: yes    
MulticastDNS setting: no    
  DNSOverTLS setting: no    
      DNSSEC setting: no    
    DNSSEC supported: no    
  Current DNS Server: <local_dns_a>
         DNS Servers: <local_dns_a>
                      <local_dns_b>
          DNS Domain: <local_dom>

I’ve verified that /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf. The file itself looks like:

nameserver 127.0.0.53
options edns0 trust-ad
search <local_dom> <vpn_dom>

systemd-resolve wpad returns the server IP, but nslookup wpad times out. I looked at the systemd-resolved logs in both cases, and it looks like the former uses the VPN’s DNS, but the latter (as well as curl, etc.) uses the local link’s DNS. This might explain why it fails to resolve the server.

After enough fiddling (restarting network manager, clearing caches, etc.) this issue eventually works itself out, but it comes back up later. Do I need to configure anything else to make the system always use the VPN?

docker – nginx proxy pass to the parameters defined (dynamic) host and port

On local machine, I have nginx installed, and on docker, I have dynamic ip+port vms can be created at anytime. So how to access them by specifing host and port in url parameters?

eg:

I have dynamic number of jupyter servers in docker container:

http://10.42.0.9:8888

http://10.42.0.10:8888

http://10.42.0.255:8888

What config do I need to access them like:

http://localhost/?rhost=10.42.0.9&rport=8888 -> http://10.42.0.9:8888

http://localhost/?rhost=10.42.0.10&rport=8888 -> http://10.42.0.10:8888

http://localhost/?rhost=10.42.0.255&rport=8888 -> http://10.42.0.255:8888

I have tried something like

enter image description here

But it doesn’t work like I expected.

How do I configure proxy for my terminal with v2ray?

With v2ray on macOX 10.13.6, I can access some sites from Chrome but I cannot access those sites from terminal.

the configuration for v2ray looks like this

{
    "v": "2",
    "ps": "u8bxx-Azure",
    "add": "xx.acrossgw.info",
    "port": 8088,
    "id": "xxx-b6xxx8954c",
    "aid": "16",
    "net": "ws",
    "type": "none",
    "host": "xxx.acrossgw.info",
    "path": "/data",
    "tls": "tls"
}

Per this post, this command sets proxy for terminal session

export http_proxy="username:password@ip address:port number"

I put this line at the end of my ~/.bash_profile

export http_proxy="xxx-b6xxx8954c:u8bxx-Azure@xx.acrossgw.info:8088"

but I cannot access those sites from terminal either, how do I do?

networking – Ubuntu 20.04 Slack 4.15.0 not using system proxy on VPN

When on my vpn (connected with openconnect), I require an http proxy to access the internet.

I have the system proxy configured to use wpad, and I know this works because firefox is set to use the system proxy, and it works both on and off of the VPN without changing any network settings.

So can Slack 4.15.0 use this system wide proxy setting and if so how? (This works fine on a different system running slack 4.14.0)

If slack cannot use the system wide proxy settings, can I configure slack to manually specify a proxy? I see older posts that suggest starting slack from the CLI using a --proxy-server option, but that option appears to not be available in 4.15. And I can’t find any way to set it in the /etc/slack.conf file either.

How can I use this latest version of slack on my VPN?

smtp – Use HAProxy as a Forward Proxy for PowerMTA

PowerMTA can use HAProxy as forward proxy to deliver mail using the IP address HAProxy is serving on.

This is not the typical use case of HAProxy because it’s not load balancing, it is connecting THROUGH haproxy to use the IP address that HAProxy is on. They wrote an article about this here:

PowerMTA 5.0: Using a proxy for email delivery

I’ve googled and not found much. The one article I did find is like the opposite of what I want:

Set Up SMTP & IMAP Proxy with HAProxy (Debian, Ubuntu, CentOS)

They say to use the following:

frontend ft_smtp
      bind 12.34.56.78:25
      mode tcp
      timeout client 1m
      log global
      option tcplog
      default_backend bk_smtp

backend bk_smtp
      mode tcp
      log global
      option tcplog
      timeout server 1m
      timeout connect 7s
      server postfix 10.10.10.101:2525 send-proxy

I am wanting to connect to HAProxy on port 2525, and have it act as a proxy to connecting to smtp servers, i.e. test@gmail.com.

I am not sure if I explained this well enough, if not please let me know. Any help would be much appreciated as I can not find much online.

linux networking – How can I set up a layer 3 bridge using Proxy ARP such that http requests can be made to the inside/proxied host’s IP successfully?

Currently I am using a Raspberry Pi to bridge an ethernet connected printer to wireless internet and have used DNAT successfully to give the printer internet access, manually forwarding the printer’s port 80 to the Rpi’s wlan0 interface port 80 along with other needed ports to access the printer using outside hosts. I’ve also been able to use Proxy ARP so that the printer’s static IP address is visible on the network, the Pi responding to ARP broadcasts on the printer’s behalf and proxying ARP requests for the printer. What I would like to do is combine the functionality of the DNAT approach with the IP separation provided by Proxy ARP.

The problem is that I cannot figure out how to seamlessly accomplish the needed forwarding/spoofing with the Rpi so that instead of directing requests to the Pi’s port 80, outside hosts can make requests using the printer’s IP directly even if it’s on a different subnet, say 10.1.2.254:80, to access the http page.

Is it possible to accomplish this routing in tandem with Proxy ARP? Are there other approaches that are better suited for this arrangement, or could IP aliases alongside DNAT accomplish this illusion that the printer’s IP and active ports are also present on the network/another network?