Reverse Proxy

Try to explain the best I can. I have an Apache reverse proxy configure as such and it works and is in production.

 <VirtualHost https://192.168.1.1:443>
   SSLEngine on
   SSLCertificateFile computer.cer
   SSLCertificateKeyFile computer.key
   SSLCACertificateFile CAs.pem
   SSLVerifyDepth 10
   SSLVerifyClient require
   SSLProtocol -ALL +TLSv1.2
   SSLCipherSuite ALL:!EXP:!NULL:!LOW:!SSLv2:!MD5:!RC4:!aNULL:!3DES:!IDEA
   ProxyRequests off
   ProxyPreserveHost on
   ProxyPass / https://192.168.1.1:50000/
   ProxyPassReverse / https://192.168.1.1:50000/
</VirtualHost>

The Kibana is on the same host as the Reverse Proxy.

Okay, now for the hard part. We are in the midst of upgrading from 7.6.x to 7.10.x and would like to have both current and new Kibana being served by the same reverse proxy. According to the interwebs, this should have worked, but it does not. It still serves up the current Kibana.

<VirtualHost https://192.168.1.1:443>
  SSLEngine on
  SSLCertificateFile computer.cer
  SSLCertificateKeyFile computer.key
  SSLCACertificateFile CAs.pem
  SSLVerifyDepth 10
  SSLVerifyClient require
  SSLProtocol -ALL +TLSv1.2
  SSLCipherSuite ALL:!EXP:!NULL:!LOW:!SSLv2:!MD5:!RC4:!aNULL:!3DES:!IDEA
  ProxyRequests off
  ProxyPreserveHost on
  ProxyPass / https://192.168.1.1:50000/
  ProxyPassReverse / https://192.168.1.1:50000/
  ProxyPass /new https://192.168.1.5:50001
  ProxyPassReverse /new https://192.168.1.5:50001
</VirtualHost>

Any assistance is greatly appreciated.

Cheers

Carl

@kamandohl the order of the rules is important here as the first one to match gets the request.

Could you try:

ProxyPass /new https://192.168.1.5:50001
ProxyPassReverse /new https://192.168.1.5:50001
ProxyPass / https://192.168.1.1:50000
ProxyPassReverse / https://192.168.1.1:50000

Cheers

1 Like

tiagocosta,

I have a different error now, which is good, progress. I guess order does matter! I will let you know tomorrow once I go into the office and validate.

Cheers

Made the switch as suggested

ProxyPass /new http://192.168.1.5:50001/
ProxyPassReverse /new http://192.168.1.5:50001/
ProxyPass / http://192.168.1.1:50000/
ProxyPassReverse / http://192.168.1.1:50000/

The result was better. When trying to access /new in the httpd error.log. The 192.168.1.50 is my host pc

[Thu Dec 03 09:26:05.868424 2020] [proxy:debug] [pid 15486] proxy_util.c(2203): AH00942: HTTP: has acquired connection for (192.168.1.5)

[Thu Dec 03 09:26:05.868438 2020] [proxy:debug] [pid 15486] proxy_util.c(2256): [client [192.168.1.50:59142](http://192.168.1.50:59142/)] AH00944: connecting http://192.168.1.5:50001/ to [192.168.1.5:50001](http://192.168.1.5:50001/)

[Thu Dec 03 09:26:05.868729 2020] [proxy:debug] [pid 15486] proxy_util.c(2426): [client [192.168.1.50:59142](http://192.168.1.50:59142/)] AH00947: connected / to [192.168.1.5:50001](http://192.168.1.5:50001/)

[Thu Dec 03 09:26:05.869402 2020] [proxy:debug] [pid 15486] proxy_util.c(2802): AH02824: HTTP: connection established with [192.168.1.5:50001](http://192.168.1.5:50001/) (192.168.1.5)

[Thu Dec 03 09:26:05.869458 2020] [proxy:debug] [pid 15486] proxy_util.c(2969): AH00962: HTTP: connection complete to [192.168.1.5:50001](http://192.168.1.5:50001/) (192.168.1.5)

[Thu Dec 03 09:26:05.873707 2020] [proxy:debug] [pid 15486] proxy_util.c(2218): AH00943: http: has released connection for (192.168.1.5)

[Thu Dec 03 09:26:06.597122 2020] [proxy:debug] [pid 15508] proxy_util.c(1843): AH00925: initializing worker http://192.168.1.5:50001/ shared

[Thu Dec 03 09:26:06.597139 2020] [proxy:debug] [pid 15508] proxy_util.c(1885): AH00927: initializing worker http://192.168.1.5:50001/ local

[Thu Dec 03 09:26:06.597179 2020] [proxy:debug] [pid 15508] proxy_util.c(1936): AH00931: initialized single connection worker in child 15508 for (192.168.1.5)

[Thu Dec 03 09:26:07.599139 2020] [proxy:debug] [pid 15509] proxy_util.c(1843): AH00925: initializing worker http://192.168.1.5:50001/ shared

[Thu Dec 03 09:26:07.599156 2020] [proxy:debug] [pid 15509] proxy_util.c(1885): AH00927: initializing worker http://192.168.1.5:50001/ local

After a few of these, it just redirects back to the 192.168.1.1:50000

Still gonna plow through this and figure it out. I cannot be the only one trying to access two intances of kibana from one reverse proxy, am I?

Thanks for the assistance...Carl

Issue has been solved. Below was the configuration we used.

httpd.conf

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile computer.cer
  SSLCertificateKeyFile computer.key
  SSLCACertificateFile CAs.pem
  SSLVerifyDepth 10
  SSLVerifyClient require
  SSLProtocol -ALL +TLSv1.2
  SSLCipherSuite ALL:!EXP:!NULL:!LOW:!SSLv2:!MD5:!RC4:!aNULL:!3DES:!IDEA
  ProxyRequests off
  ProxyPreserveHost on
  Redirect /new /new/
  ProxyPass /new/ http://192.168.1.5:31966/new/
  ProxyPassReverse /new/ http://192.168.1.5:31966/new/
 
  ProxyPass / http://192.168.1.1:5601/
  ProxyPassReverse / http://192.168.1.1:5601/

</VirtualHost>

kibana.yml

server.basePath: "/new"
server.rewriteBasePath: true

Used the following URL to access the new stack

https://192.168.1.5/new/login?next=%2Fkibana%2F

I hope this helps others if you are trying to do this. Also, to note, we are using Kubernetes on prem.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.