0

I have two web servers running Apache 2.4 on CentOS 7 and I am trying to set up a reverse proxy server for my web server. As of now, the proxy server is using a Let's Encrypt certificate, and when I access the proxy server before making changes to any virtual host configurations, I access the domain I have set up on the proxy and see a green lock in the upper left hand corner (no problems). I am using Firefox by the way.

Now, when I configure a virtual host to redirect the request to my web server, I get a web page with missing content (yellow exclamation point on the browser lock). My web browser appears to be blocking the images for my own protection, apparently. The proxy server appears to be redirecting my original request, which is good, but I am not see all the content load on-screen. It's likes it's been filtered out (it is) because the browser is just saying it's insecure.

How can I solve it?

Here is my configuration for a virtual host: 

<VirtualHost _default_:443>


# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#
ProxyRequests Off

ProxyPass / http://IP:80/
ProxyPassReverse / http://IP:80/


</virtualhost>

I reviewed this article too: http://awesometoast.com/cors/

Java Apprentice
  • 1
  • 5

1 Answers1

0

You should read about CORS (Cross Origin Resource Sharing)

After proxy pass (in the vhost config), try adding this (make sure you have apache mod_headers installed)

Header add "Access-Control-Allow-Origin" "*"

This is not a secure configuration, but the reason your resources are not loading and the yellow exclamation sign is showing up is because you are trying to load resources from a different domain, thus the browser is showing the site as not secure. Allowing the specific domains with the resources in the headers will tell the browser that the server with the resources is allowed.

Here are some links to refer:

  1. Apache proxy with cors headers

  2. Server Apache

Paul C
  • 25
  • 8
  • The changes I made did not work in httpd.conf or ssl.conf ProxyPass http://IP:80/index Header add "Access-Control-Allow-Origin" "*" – Java Apprentice Jul 29 '17 at 04:41
  • The format of the above comment is terrible. Also, when I continue to browse after the proxy server redirects, I eventually get a "http:// ip address". Should I have any of these configurations on the back-end (web server). – Java Apprentice Jul 29 '17 at 04:48
  • The option should be set in the virtualhost configuration. – Paul C Jul 29 '17 at 22:02
  • I can get the proxy to pass, but the domain changes to another domain using HTTP instead of keeping the SSL domain. – Java Apprentice Jul 30 '17 at 01:32
  • What is the developer console in firefox saying? Also, I dont think this will fix the problem, but I think it should be set for the configuration you want. ProxyPreserveHost On Add that to your vhost config. This will maintain the host header of the client facing server. – Paul C Jul 30 '17 at 01:33
  • The only way I can get this to work is with a index.html file with simple HTML text tags, such as "

    ". The text seems to be the only thing that transfers through.     – Java Apprentice Jul 30 '17 at 01:48
  • On another note it is also working with index.php and the php script is being executed properly too. – Java Apprentice Jul 30 '17 at 01:55
  • Did you add ProxyPreserveHost On to the vhost config? When I was playing around with some node apps, I used this DigitalOcean tutorial to understand how to get it working... https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension Just to understand a bit better.. you have server 1 (reverse proxy) to server 2 (web server) are the images on server 2 actually on server 2? Like the and not some other place on the net? – Paul C Jul 30 '17 at 02:06
  • Yes, I was using Drupal as a CMS (on server 2) and most of the images for the themes homepage was missing. All content is on server 2 and the registered domain name is on server 1 using SSL. I can get index.php and index.html to work. – Java Apprentice Jul 30 '17 at 02:49
  • I am sorry, I just dont have enough information to help you further. What are the logs showing on server 1 and server 2? Check both the error and access logs, those will give you an idea of what is happening during the transaction between both servers. – Paul C Aug 03 '17 at 02:30