Apache Redirect Root URL to Subfolder

Apache Redirect Root URL to Subfolder

Get Social!

The Apache HTTP is able to redirect traffic to a specific URL with use of the Apache mod_rewrite. mod_rewrite can do at least 100 other things and I’ll include some of those in a later blog post.

Let’s take a look at a simple redirection of traffic from / to /mysubfolder.

For example, this would redirect all traffic sent to http://www.jamescoyle.net/ to http://www.jamescoyle.net/mysubfolder/

This can be very helpful when you are using a reverse proxy and the application you are proxying is on a sub folder in the URL path. You can simply use this technique to redirect all users to the subdirectory folder path.

Make sure the module is enabled. In Ubuntu you can simply run the a2enmod command however in RHEL/ Cent OS you may need to add the module manually to your httpd.conf file.

a2enmod rewrite

Then in your sites file you will need to add the following code.

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /mysubfolder/ [R=301]
  • RewriteEngine on is used to specify to Apache that this site will use Rewrite rules to transform the URL
  • RewriteCond is the match part of the pattern. If the URL matches this pattern then RewriteRule will be applied. This particular pattern is checking if the requested URL path is equal to /.
  • RewriteRule is going to add /mysubfolder/ to the URL which only contains the domain due to the above RewriteCond already performing the check.

Apache Active Directory Group Authentication

Get Social!

apache-logoThe Apache HTTP server can be used with LDAP or Microsoft’s Active Directory to authenticate users before viewing a webpage or site.

Before getting started, you will need to have the required Apache mods installed. Run the following command to enable the required LDAP mods.

a2enmod ldap authnz_ldap

The LDAP configuration generally goes in the Location tags, as per the below example.

<Location />
        Order allow,deny
        Allow from all
	AuthzLDAPAuthoritative on
	AuthLDAPBindDN "CN=ldapservice,CN=Users,DC=jamescoyle,DC=net"
	AuthLDAPBindPassword "mypassword"
	AuthLDAPURL "ldap://jamescoyle.net/OU=Users,DC=jamescoyle,DC=net?sAMAccountName?sub?(objectClass=*)"
	AuthType Basic
	AuthName "JamesCoyle.net Authentication"
	AuthBasicProvider ldap
	AuthLDAPGroupAttributeIsDN on
	AuthLDAPGroupAttribute member
	Require ldap-group CN=mygroup,OU=Groups,DC=jamescoyle,DC=net
</Location>

Lets break down each attribute in the above config:

  • AuthzLDAPAuthoritative specifies to Apache that LDAP/ Active Directory authentication should override any other form of authentication.
  • AuthLDAPBindDN is the user DN which Apache will bind to when connecting to your LDAP/ Active Directory server.
  • AuthLDAPURL is the LDAP/ Active Directory URL which specifies your LDAP/ Active Directory server, the location where the users are stored within the directory and the attributes which will be used as a username when authenticating.
  • AuthType is the type of authentication which will be used. Basic gives us the dialogue box to enter our credentials.
  • AuthName is the text which will appear in the login dialogue box. This can differ depending on the web browser.
  • AuthBasicProvider specifies that we will use LDAP as the authentication mechanism.
  • AuthLDAPGroupAttributeIsDN when set to ON this option specifies to use the DN of the user when checking for group permissions in the LDAP/ Active Directory server. Otherwise the username will be used, in this example sAMAccountName.
  • AuthLDAPGroupAttribute is the attribute in the LDAP/ Active Directory server which is used to check for group membership.
  • Require when set to ldap-group indicates to Apache that the user must be in the specified group to allow access.

Reverse Proxy Subsonic with Apache

Get Social!

SubsonicLogoSubsonic is a web-based media player for playing audio and video files through a web browser. You can reverse proxy Subsonic using Apache

See my blog post on using Apache as a reverse proxy for more detailed information on Apache configuration files.

The below configuration expects the backend Subsonic port to be non-ssl as the encryption will be offloaded to the Apache reverse proxy server. The reverse proxy URL will be encrypted and available on the default SSL port 443. This has the advantage of not using any CPU on the Subsonic server for encrypting traffic allowing it to concentrate on transcoding.

Add the below text to a new sites-available Apache configuration file.
vi /etc/apache2/sites-available/subsonic

<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /ssl-certs/cert.cer
    SSLCertificateKeyFile /ssl-certs/key.key
    SSLProxyEngine on
    ServerAdmin [email protected]
    DocumentRoot /var/www
    ServerName subsonic.jamescoyle.net
    # Possible values include: debug, info, notice, warn, error, crit ,alert, emerg.
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/subsonic-access.log combined
    ErrorLog ${APACHE_LOG_DIR}/subsonic-error.logProxyHTMLStripComments on
    <Location />
        ProxyRequests off
        RequestHeader unset Accept-Encoding
        ProxyPass http://192.168.1.22:4040/
        ProxyPassReverse http://192.168.1.22:4040/
        Order allow,deny
        Allow from all
    </Location>
<VirtualHost>

 

Enable the new site in Apache and reload the configuration.
a2ensite subsonic
service apache2 reload


Apache – redirect traffic to a different url

Get Social!

Some web applications I work with are only available on a URL similar to http://hostname/application. This causes problems when giving the URL to users as they sometimes forget the /application part and receive an unhelpful page they are not looking for or worse, an error.

Using mod_rewrite in Apache2 we can force any traffic matching a specific URL to another URL of our choosing. For this example, we want to direct users landing on / to /application. Notice these URL strings only need to include the path.

Make sure mod_rewrite is enabled in you Apache2 configuration. On Debian flavour distributions you can use

a2enmod rewrite

For Red Hat type distributions, you need to uncomment the line containing mod_rewrite.so in /etc/httpd/conf/httpd.conf.

A basic redirect matching rule has two components. What URL to look for when redirecting, and where to send the traffic.

Edit the vhost file which you would like to include the redirect. For example:

/etc/apache2/sites-available/default

And add the following inside the <VirtualHost> tags.

RewriteEngine  on
RewriteRule ^[FROM]$ [TO] [R=301,L]

You will need to replace [FROM] with the url you would like to direct and [TO] should be the URL of where to send the user. For example, the below rule redirects users going to / to /myapplication

RewriteEngine  on
RewriteRule ^/$ /myapplication [R=301,L]

 


Simple Apache reverse proxy example

Get Social!

Background

Apache can be used as a reverse proxy to relay HTTP/ HTTPS requests to other machines. This is common practice and comes with two main benefits:

  • Security – Your Apache instance can be put in a DMZ and exposed to the world while the web servers can sit behind it with no access to the outside world.
  • Reduce load – You can reduce the load on the web servers with various methods such as web caching at the proxy, load balancing and deflecting traffic for invalid requests.

The interesting stuff – ProxyPass

To set up Apache as a reverse proxy server you will need to enable mod_proxy. Some other common mods you may need are below.

  • mod_proxy
  • mod_http
  • mod_headers
  • mod_html

To enable mods in Ubuntu/ Debian you need to make sure they are installed, then enabled. For example, installing and enabling mod_proxy would look like this:

apt-get install libapache2-mod-proxy-html a2enmod mod_proxy

Once these mods are enabled, we can begin editing the Apache config. The locations of these vary depending on your Linux distribution. For RHEL based distributions, this will be your httpd.conf; for Debian based, sites-available/default.

Inside your VirtualHost tag create a Location tag which matches the external path you wish to use. For this example we will use /.

<Location />
    # commands go here
</Location>

Inside the Location tag add the proxy options ProxyPass and ProxyPassReverse followed by the site address which will be the target of the proxy. You will also need a couple of lines to allow access.

    ProxyPass http://mywebsite.jamescoyle.net/
    ProxyPassReverse http://mywebsite.jamescoyle.net/
    Order allow,deny
    Allow from all

Outside of the location tags, towards the top of the virtual host add a few extras:

    ProxyHTMLStripComments on
    ProxyRequests off
    SetOutputFilter proxy-html
    ProxyHTMLDoctype XHTML

If you will be proxying SSL traffic, you will also need to add:

    SSLProxyEngine on

Restart apache or reload the settings for the changes to take effect:

    service apache2 reload

You will now have a working proxy – all requests sent to / will be fetched from http://mywebsite.jamescoyle.net.

Example Apache reverse proxy VirtualHost

The below example shows an Apache VirtualHost which is listening on port 80. The confiiguration accepts requests on which match the www.jamescoyle.net hostname and proxys the requests to the backend server mywebsite.jamescoyle.net.

<VirtualHost *:80>
    ServerAdmin [email protected]
    ProxyRequests off
    DocumentRoot /var/www
    SSLProxyEngine on
    ProxyPreserveHost On

    ServerName www.jamescoyle.net

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel error

    <Location />
        ProxyPass http://mywebsite.jamescoyle.net/
        ProxyPassReverse http://mywebsite.jamescoyle.net/
        Order allow,deny
        Allow from all
    </Location>

</VirtualHost>

Apache 2 catch all virtualhost

Tags :

Category : How-to

Get Social!

Background

Apache VirtualHosts are something of a must for running multiple sites with different web address, all under the same physical server. Using VirtualHost tags you can easily direct traffic for www.domain1.com to one location, and www.domain2.com to another even when both domains point to the same IP address.

I am not going to detail VirtualHost directives here, however I will tell you about the recent issue I had with subdomains and this very blog. A long time ago I had a subdomain redirect.jamescoyle.net which is no longer in use. At the time, Google got hold of this and kindly indexed it for search. The trouble was that redirect.jamescoyle.net points to the same IP address as www.jamescoyle.net even though it is no longer in use. Apache used to be set up to handle the two sub-domains differently but the VirtualHost entry for redirect has since been removed. This means that Google now has an index of this blog on both www.jamescoyle.net and redirect.jamescoyle.net – not ideal to say the least.

What I needed was something which took users of www.jamescoyle.net to this blog, and redirect all other sub-domains to it. After trying numerous directives and ServerName/ ServerAlias options I stumbled upon the answer.

The Interesting Stuff

Apache will respect any ServerName or ServerAlias option until a domain is used which doesn’t match any VirtualHost. When this happens, the very first VirtualHost for that port (usually port 80 for http) is used as a ‘catch all’.

For RHEL based flavours of Linux, it would make sense to add the ‘catch all’ as the first VirtualHost entry in httpd.conf. For Debian based distributions, the default and default-ssl would be the place as these files have a symlink starting with 000 meaning it will likely be loaded first.

To illustrate the resulting configuration, see the below (albeit simplified) files in sites-available/

NameVirtualHost *:80 
<VirtualHost *:80>
 DocumentRoot /var/www
 Redirect permanent / http://www.jamescoyle.net/ 
</VirtualHost>
<VirtualHost *:80>
 ServerName www.jamescoyle.net
 DocumentRoot /var/www
 <Directory /var/www/>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride None
 Order allow,deny
 allow from all
 </Directory>
</VirtualHost>

All requests for www.jamescoyle.net will be managed by the second entry and all other domains will be managed by the first and redirected to www.jamescoyle.net. Give it a go: abcdefg.jamescoyle.net


Visit our advertisers

Quick Poll

Are you using Docker.io?

Visit our advertisers