LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-11-2019, 11:57 AM   #1
d745fba1cb70ab9dc02a80ee
Member
 
Registered: Nov 2017
Location: Earth
Distribution: Manjaro
Posts: 68

Rep: Reputation: 1
Trying to reverse proxy and password protect an application, but having issues with rewriting URLs and password protection not working


My server is a Raspberry Pi running Raspbian. I have an application that has a web interface, but instead of having authentication it only allows connections from localhost. The documentation said to reverse proxy it if I want to access it on another device. What I'm trying to do is:
1. Reverse proxy connections from example.com/application/url (where example.com is my server address. I don't actually have a domain name because I'm cheap) to localhost:3000/url
2. The application uses relative URLs. I want to rewrite those into absolute URLs for the reverse proxy. For example, one line of the HTML from example.com/application might be <script src="app.js"></script>. Normally, this would access example.com/app.js, not /application/app.js. I want it rewritten to <script src="example.com/application/app.js"></script> to address that. It also has several locations where it is hardcoded to open files or websocket connections to localhost:3000 that I want fixed.
3. Password protect the application because I don't want it accessible to the public.

I was able to get the reverse proxying working perfectly fine, but I wasn't able to get the URL rewriting or password protection working. I've added
Code:
<Location /application>
        ProxyPass "http://localhost:3000"
        ProxyPassReverse "http://localhost:3000"
        SetOutputFilter proxy-html
        ProxyHTMLLinks  a          href
        ProxyHTMLLinks  area       href
        ProxyHTMLLinks  link       href
        ProxyHTMLLinks  img        src longdesc usemap
        ProxyHTMLLinks  object     classid codebase data usemap
        ProxyHTMLLinks  q          cite
        ProxyHTMLLinks  blockquote cite
        ProxyHTMLLinks  ins        cite
        ProxyHTMLLinks  del        cite
        ProxyHTMLLinks  form       action
        ProxyHTMLLinks  input      src usemap
        ProxyHTMLLinks  head       profile
        ProxyHTMLLinks  base       href
        ProxyHTMLLinks  script     src for
        ProxyHTMLURLMap / /application
</Location>
to /etc/apache2/apache2.conf and
Code:
<Directory "/var/www/html/application">
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
</Directory>
to /etc/apache2/sites-enabled/000-default.conf as suggested by several online tutorials. I also did make the /etc/apache2/.htpasswd file, but I forgot how I did that. It looks like it contains a single line with my username, a colon, and then a ton of gibberish.

I don't see anything wrong with my configuration, but I also have no real idea of how to use an Apache web server.
 
Old 06-13-2019, 02:09 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,505

Rep: Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769
Hi,

Take a look at this example

Regards
 
1 members found this post helpful.
Old 06-13-2019, 10:54 AM   #3
d745fba1cb70ab9dc02a80ee
Member
 
Registered: Nov 2017
Location: Earth
Distribution: Manjaro
Posts: 68

Original Poster
Rep: Reputation: 1
That fixed the authentication issues I was having, but my URL rewriting still is not working.
 
Old 06-13-2019, 01:00 PM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,505

Rep: Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769
Quote:
Originally Posted by d745fba1cb70ab9dc02a80ee View Post
That fixed the authentication issues I was having, but my URL rewriting still is not working.
Quote:
The application uses relative URLs. I want to rewrite those into absolute URLs for the reverse proxy. For example, one line of the HTML from example.com/application might be <script src="app.js"></script>. Normally, this would access example.com/app.js, not /application/app.js. I want it rewritten to <script src="example.com/application/app.js"></script> to address that. It also has several locations where it is hardcoded to open files or websocket connections to localhost:3000 that I want fixed.
Why don't you just use <Location /> for the proxied application?
 
Old 06-13-2019, 02:10 PM   #5
d745fba1cb70ab9dc02a80ee
Member
 
Registered: Nov 2017
Location: Earth
Distribution: Manjaro
Posts: 68

Original Poster
Rep: Reputation: 1
I'm pretty sure I am.
 
Old 06-17-2019, 01:41 PM   #6
d745fba1cb70ab9dc02a80ee
Member
 
Registered: Nov 2017
Location: Earth
Distribution: Manjaro
Posts: 68

Original Poster
Rep: Reputation: 1
I'm going to bump this. I have now successfully password protected my application, but after hours of research, I still cannot figure out why URL rewriting is not working. My /etc/apache2/apache2.conf contains
Code:
<Location /application>
        AuthType Basic
        AuthName "Wrapper auth"
        AuthBasicProvider file
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user

        ProxyPass "http://localhost:3000"
        ProxyPassReverse "http://localhost:3000"

        SetOutputFilter proxy-html
        ProxyHTMLLinks  a          href
        ProxyHTMLLinks  area       href
        ProxyHTMLLinks  link       href
        ProxyHTMLLinks  img        src longdesc usemap
        ProxyHTMLLinks  object     classid codebase data usemap
        ProxyHTMLLinks  q          cite
        ProxyHTMLLinks  blockquote cite
        ProxyHTMLLinks  ins        cite
        ProxyHTMLLinks  del        cite
        ProxyHTMLLinks  form       action
        ProxyHTMLLinks  input      src usemap
        ProxyHTMLLinks  head       profile
        ProxyHTMLLinks  base       href
        ProxyHTMLLinks  script     src for
        ProxyHTMLURLMap / /application
</Location>
 
Old 06-18-2019, 04:15 AM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,505

Rep: Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769
Once again, may I ask why don't you use just "/" instead of "/application" for your application? E.g:
Code:
<Location />
<-snip->
### Mind the trailing slashes below ###
        ProxyPass "http://localhost:3000/"
        ProxyPassReverse "http://localhost:3000/"
<-snip->
</Location>

Since I'm not familiar with mod_proxy_html, according to this, I guess that the following should work (again mind the trailing slashes!).
Code:
<Location /application/>
<-snip->
### Mind the trailing slashes below ###
        ProxyPass "http://localhost:3000/"
        ProxyPassReverse "http://localhost:3000/"
<-snip->
ProxyHTMLURLMap / /application/
ProxyHTMLURLMap /application /application
</Location>
 
1 members found this post helpful.
Old 06-18-2019, 01:20 PM   #8
d745fba1cb70ab9dc02a80ee
Member
 
Registered: Nov 2017
Location: Earth
Distribution: Manjaro
Posts: 68

Original Poster
Rep: Reputation: 1
I thought that you were saying <Location /> as an abbreviation for both the opening and closing tags without caring about the content. I often see XML tags referred to that way. By my original interpretation (which your more detailed explanation has proven to be incorrect), you were suggesting exactly what I was already doing. I insist on using /application rather than just / because I have multiple applications running on my server, and I don't want to have to remember and forward all of the ports. /application is an example, and I'm assuming that I can copy-paste it into the config and replace "/application" with a more useful URL and repeat for all of my applications. I want to save the root for either a list of the URLs in case I forget or a redirect to my real website in case someone finds my home server while looking for it. (My home internet is not fast enough to host a public website (10 megabit down/1 megabit up), so I'm putting that on Gitlab Pages.) My config file now contains
Code:
<Location /application>
        AuthType Basic
        AuthName "Wrapper auth"
        AuthBasicProvider file
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user

        ProxyPass "http://localhost:3000"
        ProxyPassReverse "http://localhost:3000"

        ProxyHTMLURLMap http://localhost:3000 /application
        ProxyHTMLURLMap ws://localhost:3000 /application
        ProxyHTMLURLMap / /application
</Location>
This is a little bit different from what you suggested, so I'll explain the changes I made:
1. Even though you said that the trailing slashes were important, my application doesn't work at all unless I don't have trailing slashes on http://localhost:3000. With the local slashes, I get a page that says "Malicious Path" and nothing else. Without the trailing slashes, it works pretty much as expected.
2. ProxyHTMLURLMap /application /application had to be replaced with ProxyHTMLURLMap http://localhost:3000 /application. I figured out that ProxyHTMLURLMap basically scans the HTML for references to the first path and replaces them with references to the second. ProxyHTMLURLMap / /application replaces the root with /application, so it handles all relative requests and works fine. ProxyHTMLURLMap /application /application looks like it will only correct URLs that have already been corrected, so I replaced it with my line that according to the article corrects absolute URLs.
3. I added the ws:// one in an attempt to proxy websocket requests as well because my application uses those.

This seems to have fixed all of my URL issues in the HTML files, but it did not do anything to Javascript files. Those still make requests to localhost:3000 rather than the proxy. Unfortunately, now I can't figure out how to do the same thing to Javascript files. Is there a ProxyJSURLMap?
 
Old 06-18-2019, 05:05 PM   #9
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,505

Rep: Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769
Quote:
1. Even though you said that the trailing slashes were important, my application doesn't work at all unless I don't have trailing slashes on http://localhost:3000. With the local slashes, I get a page that says "Malicious Path" and nothing else. Without the trailing slashes, it works pretty much as expected.
If you use a trailing slash in the <Location /application/> then you need also the trailing slash in the proxied URLs


Quote:
2. ProxyHTMLURLMap /application /application had to be replaced with ProxyHTMLURLMap http://localhost:3000 /application. I figured out that ProxyHTMLURLMap basically scans the HTML for references to the first path and replaces them with references to the second. ProxyHTMLURLMap / /application replaces the root with /application, so it handles all relative requests and works fine. ProxyHTMLURLMap /application /application looks like it will only correct URLs that have already been corrected, so I replaced it with my line that according to the article corrects absolute URLs.
Told you I don'r know much about mod_proxy_html, but "ProxyHTMLURLMap /application /application" is used to stop looping from happening


Re. the javascript files, try this:
Code:
RewriteEngine on
RewriteRule ^/(.*).js /application/$1.js [L]
 
Old 06-18-2019, 07:04 PM   #10
d745fba1cb70ab9dc02a80ee
Member
 
Registered: Nov 2017
Location: Earth
Distribution: Manjaro
Posts: 68

Original Poster
Rep: Reputation: 1
Quote:
"ProxyHTMLURLMap /application /application" is used to stop looping from happening
What do you mean by "looping?" Do you mean throwing the browser into a redirect loop, throwing the server into an infinite loop and bringing it down, or something else? Also, the ReqriteEngine rules did not appear to do anything. It's not the URLs of the javascript files that I am having trouble with, it is the URLs in the javascript files. It seems like the ProxyHTMLURLMap lines are being ignored on javascript files and only being processed for HTML files.
 
Old 06-19-2019, 12:33 AM   #11
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,505

Rep: Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769
Quote:
Originally Posted by d745fba1cb70ab9dc02a80ee View Post
What do you mean by "looping?" Do you mean throwing the browser into a redirect loop, throwing the server into an infinite loop and bringing it down, or something else? Also, the ReqriteEngine rules did not appear to do anything. It's not the URLs of the javascript files that I am having trouble with, it is the URLs in the javascript files. It seems like the ProxyHTMLURLMap lines are being ignored on javascript files and only being processed for HTML files.
If the problem is the URLs hardcoded inside the .js files, you can write a bash script to find and replace recursively the old URLs with the new ones
 
Old 06-19-2019, 03:37 PM   #12
d745fba1cb70ab9dc02a80ee
Member
 
Registered: Nov 2017
Location: Earth
Distribution: Manjaro
Posts: 68

Original Poster
Rep: Reputation: 1
I have no idea how to do that, but I'm willing to learn. I might also just be lazy and use Python to do it. However, this solution has two problems:
1. Forums and developer communities often do not want to support versions of the software that have been modified.
2. This particular application uses node and is run directly from the Git repository, so it should be easy to modify, but in the future I might have to do the same thing for an application that I don't have the source code for. For example, I've seen some embedded devices with web interfaces and it's imaginable that a proprietary app might have the files being served compiled in.
If you are unable to help with this, do you know of any other places I can go?
 
Old 06-20-2019, 12:30 AM   #13
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,505

Rep: Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769Reputation: 1769
Quote:
Originally Posted by d745fba1cb70ab9dc02a80ee View Post
I have no idea how to do that, but I'm willing to learn. I might also just be lazy and use Python to do it. However, this solution has two problems:
1. Forums and developer communities often do not want to support versions of the software that have been modified.
2. This particular application uses node and is run directly from the Git repository, so it should be easy to modify, but in the future I might have to do the same thing for an application that I don't have the source code for. For example, I've seen some embedded devices with web interfaces and it's imaginable that a proprietary app might have the files being served compiled in.
If you are unable to help with this, do you know of any other places I can go?
Of course you can use whatever tool you're familiar with, to find and replace text inside js files.
Anyway if you don't want to modify the code, you could ask the application developers for support.

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Protect Your Ports with a Reverse Proxy LXer Syndicated Linux News 0 12-24-2013 06:42 AM
Apache: Need helping rewriting URLs hex1a4 Linux - Server 1 05-20-2008 09:31 AM
how to check urls and stop internet urls in network gface Linux - Networking 5 03-24-2005 09:48 PM
mod_rewrite not rewriting urls chr15t0 Linux - General 1 11-09-2003 04:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration