Apache reverse proxy with 3 webservers on the same machine

Issues related to applications and software problems
Ravendark
Posts: 14
Joined: 2015/11/12 19:56:21

Apache reverse proxy with 3 webservers on the same machine

Postby Ravendark » 2017/11/27 20:48:56

Hello,

I have the following situation:
On the same machine, I have 3 webservers:
One Keycloak auth server running on port 9443 (https://myserver.com:9443).
Nginx serving a js page on port 3443 (https://myserver.com:3443). If you access the nginx page it redirects you to keycloak for authentication.
One tomcat serving a war file "MyApp" on port 8443 (https://myserver.com:8443/MyApp)
All of the above use SSL

What I need to do is setup reverse proxy using apache for these three services on port 443 (SSL)

Originally I had in mind something like:
Keycloak could be accessible through: https://myserver.com/accounts for example
Nginx through: https://myserver.com/frontpage
and the tomcat war application https://myserver.com/MyApp.

But it seems this cannot be done.

Using something like this does not work:

Code: Select all

ProxyPass /frontpage https://myserver.com:3443/
ProxyPassReverse /frontpage https://myserver.com:3443/
ProxyPass /accounts https://myserver.com:9443/
ProxyPassReverse /accounts https://myserver.com:9443/


What I have managed to make it work so far is by using different server names (using entry on /etc/hosts) but this does not help me as I must have different domain names for each service...
This is for front page (Nginx)

Code: Select all

<VirtualHost *:443>
ServerName myserver.com
ServerAlias www.myserver.com

# Logging
LogLevel warn
ErrorLog logs/front-page-error_log
CustomLog logs/frontpage-access_log combined

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

SSLEngine on
SSLProxyEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCertificateFile /some/path/cert.crt
SSLCertificateKeyFile /some/path/cert.key

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyRequests Off
ProxyPreserveHost on

DocumentRoot /some/path/nginx/frontpage
ProxyPass / https://myserver.com:3443/
ProxyPassReverse / https://myserver.com:3443/
</VirtualHost>


and one more VirtualHost entry like the one above without Document root for keycloack with different ServerName (for some reason if I do not specify DocumentRoot it does not work)

Code: Select all

ServerName accounts.myserver.com
ProxyPass / https://myserver.com:9443/
ProxyPassReverse / https://myserver.com:9443/


If I hit https://myserver.com on the browser, it takes me to the frontpage.
If I hit https://accounts.myserver.com on the browser, it takes me to keycloak.

Haven't tried with tomcat yet.

Is there a way to reverse proxy all three on the same domain name (myserver.com)?

Thank you in advance