Forum
reverse proxy issue / question access lists
Sjir Bagmeijer
17 August 2015, 19:01
Hello,
I have two questions I shall start with the easy one, is there a way to include a access-list from file?
For example like in nginx you can do something like "include /etc/nginx/access-lists/test.conf".
Is there a similar functionality I can use in Hiawatha?
The reason is that we maintain different access-lists currently with some contain 100 different internal ip numbers that can access different vhosts so it makes the config slightly huge with making a big list.
Second question is more a problem I am moving from nginx and previously I had this reverse proxy:
Now in Hiawatha my config looks as following:
But somehow it not works correctly I get to see the backend page but the page gives a error not sure if the reverse proxy is sending all info and I am not sure how to test this.
I do not stop the backend all I do is stop nginx, start hiawatha and it not loads the backend page correctly. If I stop Hiawatha and start Nginx again then it work perfectly fine.
Nothing in the error logs and if I curl it the headers look almost same:
Hiawatha: curl -i -H "Host: loghost.ulyaoth.net" https://127.0.0.1 --insecure
Nginx: curl -i -H "Host: loghost.ulyaoth.net" https://127.0.0.1 --insecure
Do you have any idea what could be going wrong?
I have two questions I shall start with the easy one, is there a way to include a access-list from file?
For example like in nginx you can do something like "include /etc/nginx/access-lists/test.conf".
Is there a similar functionality I can use in Hiawatha?
The reason is that we maintain different access-lists currently with some contain 100 different internal ip numbers that can access different vhosts so it makes the config slightly huge with making a big list.
Second question is more a problem I am moving from nginx and previously I had this reverse proxy:
location / {
proxy_pass http://127.0.0.1:5601
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
}
Now in Hiawatha my config looks as following:
VirtualHost {
Hostname = loghost.ulyaoth.net
ReverseProxy / http://127.0.0.1:5601
WebsiteRoot = /srv/hiawatha/loghost/public
AccessLogfile = /var/log/hiawatha/loghost/access.log
ErrorLogfile = /var/log/hiawatha/loghost/error.log
StartFile = index.php
ExecuteCGI = yes
RequireTLS = yes,2678400
}
But somehow it not works correctly I get to see the backend page but the page gives a error not sure if the reverse proxy is sending all info and I am not sure how to test this.
I do not stop the backend all I do is stop nginx, start hiawatha and it not loads the backend page correctly. If I stop Hiawatha and start Nginx again then it work perfectly fine.
Nothing in the error logs and if I curl it the headers look almost same:
Hiawatha: curl -i -H "Host: loghost.ulyaoth.net" https://127.0.0.1 --insecure
HTTP/1.1 200 OK
X-App-Name: kibana
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 06 Jul 2015 16:58:18 GMT
ETag: W/"6f9-14e644dd010"
Content-Type: text/html; charset=UTF-8
Content-Length: 1785
Vary: Accept-Encoding
Date: Mon, 17 Aug 2015 17:01:11 GMT
Nginx: curl -i -H "Host: loghost.ulyaoth.net" https://127.0.0.1 --insecure
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 17 Aug 2015 17:02:51 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1785
Connection: keep-alive
X-App-Name: kibana
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Mon, 06 Jul 2015 16:58:18 GMT
ETag: W/"6f9-14e644dd010"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Do you have any idea what could be going wrong?
Sjir Bagmeijer
17 August 2015, 19:16
Just to show this is what happens so it could be very well be the backend but the error logs there show nothing either:
Hiawatha:
Nginx:
Hiawatha:
External image via http://s30.postimg.org/gqo6mvi4x/Screen_Shot_2015_08_17_at_19_13_46.png
Nginx:
External image via http://s17.postimg.org/5svm87zsv/Screen_Shot_2015_08_17_at_19_14_46.png
Hugo Leisink
17 August 2015, 19:38
Hiawatha does support the include statement, but the included file must contain valid Hiawatha configuration lines. Not just a list of IP addresses.
About the second question: what request does trigger the error?
About the second question: what request does trigger the error?
Sjir Bagmeijer
17 August 2015, 19:51
I see I was more talking in the lines of "AccessList = /srv/hiawatha/access-lists/test.conf" so instead of ip's I would prove a file but I assume you mean it is only possible as how I would include a vhost?
About the second it is any request even if I just load the main page it won't do anything but the error very strange like something is missing during the reverse proxy. I have also tried the keep alive etc but seems to do nothing.
About the second it is any request even if I just load the main page it won't do anything but the error very strange like something is missing during the reverse proxy. I have also tried the keep alive etc but seems to do nothing.
Sjir Bagmeijer
20 August 2015, 13:25
Been testing some more but cannot get this to work still on Hiawatha,.
Is there a similar way in Hiawatha to sent a header to the back-end something like "proxy_set_header" ?
Is there a similar way in Hiawatha to sent a header to the back-end something like "proxy_set_header" ?
Hugo Leisink
21 August 2015, 08:09
No, the reverse proxy in Hiawatha does not manipulate the request or the response. What header does need to be set?
Sjir Bagmeijer
21 August 2015, 11:29
Seem the below works on nginx and apache:
Below is from nginx, or the apache equivalent works also.
Are those headers sent by default?, do you know of a way for me to test and see what headers Hiawatha sents to Kibana? so I could compare it with what nginx/apache does sent?
Below is from nginx, or the apache equivalent works also.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
Are those headers sent by default?, do you know of a way for me to test and see what headers Hiawatha sents to Kibana? so I could compare it with what nginx/apache does sent?
Hugo Leisink
21 August 2015, 12:06
The X-Forwarded-For header is indeed already sent by Hiawatha. In src/rproxy.c, in function send_request_to_webserver() starting at line 373, you can see what headers Hiawatha sends.
You could try the access logfile at the final webserver or otherwise a tool like tcpdump to see what headers are being send.
You could try the access logfile at the final webserver or otherwise a tool like tcpdump to see what headers are being send.
Sjir Bagmeijer
21 August 2015, 12:47
Would it be okay to sent you a mail with two header dump one from nginx and one from hiawatha?
I am not 100% sure what I should look at.
I am not 100% sure what I should look at.
Hugo Leisink
21 August 2015, 13:12
Sure. Send it to hugo@hiawatha-webserver.org.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
