Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Proxying Atlassian server applications with Apache HTTP Server

Ryan Schwoerer
Ryan Schwoerer June 3, 2016

I found a small error in the "Configure virtual hosts using mod_proxy" section of this article

If you are using multiple applications behind the same Apache server, on the same physical server, each reverse proxy configuration should exist in the same VirtualHost block.

The article seems to indicate that there should be multiple VirtualHost blocks, which I could not get to work.

 

an example...

<VirtualHost *:80>
    ServerName sub.domain.com
    
    ProxyRequests Off
    ProxyVia Block
    ProxyPreserveHost On
     
    <Proxy *>
         Require all granted
    </Proxy>
 
    ProxyPass /jira http://sub.domaincom:8080/jira
    ProxyPassReverse /jira http://sub.domain.com:8080/jira
    ProxyPass /wiki http://sub.domain.com:8090/wiki
    ProxyPassReverse /wiki "http://sub.domain.com:8090/wiki
    ProxyPass /bitbucket http://sub.domain.com:7990/bitbucket
    ProxyPassReverse /bitbucket http://sub.domain.com:7990/bitbucket
			
	RemoteIPHeader X-Forwarded-For
</VirtualHost>
Answer
Watch
Like Be the first to like this
857 views

1 answer

1 vote
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 3, 2016

Generally, you would have multiple VirtualHosts for this type of configuration.  That allows you to do individual logging and have uniquenesses in configuration per host.

View More Comments
Ryan Schwoerer
Ryan Schwoerer June 3, 2016

do you have a working example of this? I couldn't get it to work.

using the above config, with separate VirtualHost blocks for each ProxyPass/ProxyPassReverse pair I would get 404 on `http://sub.domain.com/wiki`. however, `http://sub.domain.com/jira` would work fine, and `http://sub.domain.com:8090/wiki` would work.

just moving all the ProxyPass/ProxyPassReverse pairs into one block worked.

Like
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 3, 2016

Here's what I typically do.  This is an SSL configuration, but you can ignore that stuff if you don't plan to use SSL.

# Generic 80 -> 443 redirect

<VirtualHost *:80>
	TimeOut 300
        RewriteEngine on
        ReWriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>


# Jira proxy

<VirtualHost *:443>
DocumentRoot "/var/www/jira"
ServerName jira.domain.com

<Proxy *>
        Order deny,allow
        Allow from all
</Proxy>

SSLProxyEngine          On
ProxyRequests           Off
ProxyPreserveHost       On
ProxyTimeout		300
RequestHeader unset Authorization

ProxyPass               /       http://127.0.0.1:8080/ retry=0 connectiontimeout=300 timeout=300
ProxyPassReverse        /       http://127.0.0.1:8080/

LogLevel info
CustomLog /var/log/httpd/access_jira.domain.com.log combined
ErrorLog /var/log/httpd/error_jira.domain.com.log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLStrictSNIVHostCheck off

SSLCertificateFile      /etc/httpd/conf/ssl/host.pem
SSLCertificateKeyFile   /etc/httpd/conf/ssl/host.key
SSLCertificateChainFile  /etc/httpd/conf/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

# Confluence proxy
<VirtualHost *:443>
DocumentRoot "/var/www/confluence"
ServerName confluence.domain.com

<Proxy *>
        Order deny,allow
        Allow from all
</Proxy>

SSLProxyEngine          On
ProxyRequests           On
ProxyPreserveHost       On
ProxyTimeout		600

ProxyPass               /       http://127.0.0.1:8090/ retry=0 connectiontimeout=60 timeout=300
ProxyPassReverse        /       http://127.0.0.1:8090/

LogLevel info
CustomLog /var/log/httpd/access_confluence.domain.com.log combined
ErrorLog /var/log/httpd/error_confluence.domain.com.log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile      /etc/httpd/conf/ssl/host.pem
SSLCertificateKeyFile   /etc/httpd/conf/ssl/host.key
SSLCertificateChainFile  /etc/httpd/conf/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

# Stash proxy

<VirtualHost *:443>
DocumentRoot "/var/www/stash"
ServerName stash.domain.com

<Proxy *>
        Order deny,allow
        Allow from all
</Proxy>

SSLProxyEngine          On
ProxyRequests           On
ProxyPreserveHost       On
ProxyTimeout            300

ProxyPass               /       http://192.168.62.40:7990/ retry=0 connectiontimeout=300 timeout=300
ProxyPassReverse        /       http://192.168.62.40:7990/

LogLevel info
CustomLog /var/log/httpd/access_stash.domain.com.log combined
ErrorLog /var/log/httpd/error_stash.domain.com.log

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile      /etc/httpd/conf/ssl/host.pem
SSLCertificateKeyFile   /etc/httpd/conf/ssl/host.key
SSLCertificateChainFile  /etc/httpd/conf/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

I hope that helps.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events