You say “you need to proxy to it”.
How can I do it?
Just use the proxy option in virtualmin to setup the proxy
Just looked your server is loading a settings file so there may also be a setting in that file to start in ssl mode … never used django
Work it out … you know what you have to proxy from and to just fill the form out with the correct data
Sorry, I’ve been looking for documentation or a manual on this, but I can’t find it. I’m quite lost, I have never installed a proxy. Do you have any example that can guide me?
You are not installing a proxy! You already have one. (Apache is a proxy, as long as the right module, mod_proxy
, is loaded, as it will be on a Virtualmin system.)
You don’t need the complicated form! That’s for quite advanced stuff, and not the stuff you’re trying to do.
Just use Proxy Paths.
Ignore Balancer name
(the default is fine)
Fill in the path you want your app to appear on in the URL of your users browsers (e.g. /myapp
)
Fill in the destination URL, which is wherever your app server is running: http://127.0.0.1:8000
Save it.
I don’t have that option. Is it from Virtualmin PRO?
It is not. It arrived in Virtualmin GPL in version 7.9.0.
Ok, I had to update the theme. Now the option appears.
…although it still doesn’t work .
I have rebooted the system, of course.
You should stop rebooting, it isn’t Windows 3.11!
Local URL path isn’t directory path. The value has to be set to /
in your case.
Ok, that’s what I did, but it still doesn’t work.
Local URL path: /
Destination URLs: http://127.0.0.1:8000
It doesn’t work in what way? What does the browser say? What is there in the logs?
Trying to connect to https://162.19.89.212:8000
The browser says (Firefox and Chrome):
The connection has expired
An error occurred while connecting to 162.19.89.212:8000.
The site may be temporarily unavailable or too busy. Please try again in a few moments.
If you cannot load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure Firefox has permission to access the web.
Virtualmin → Logs and Reports:
- Apache Access Log and Apache Error Log are empty.
httpd.conf, port 80:
<VirtualHost 162.19.89.212:80 [2001:41d0:306:2cd4::]:80>
ServerName winforyou.oclockdt.com
ServerAlias www.winforyou.oclockdt.com
ServerAlias mail.winforyou.oclockdt.com
ServerAlias webmail.winforyou.oclockdt.com
ServerAlias admin.winforyou.oclockdt.com
DocumentRoot /home/winforyou/public_html
ErrorLog /var/log/virtualmin/winforyou.oclockdt.com_error_log
CustomLog /var/log/virtualmin/winforyou.oclockdt.com_access_log combined
ScriptAlias /cgi-bin/ /home/winforyou/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/winforyou/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>
<Directory /home/winforyou/cgi-bin>
Require all granted
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
SetHandler proxy:unix:/var/fcgiwrap/1234567890123456.sock/socket|fcgi://localhost
ProxyFCGISetEnvIf true SCRIPT_FILENAME "/home/winforyou%{reqenv:SCRIPT_NAME}"
</Directory>
ProxyPass /.well-known !
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.winforyou.oclockdt.com
RewriteRule ^(?!/.well-known)(.*) https://winforyou.oclockdt.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.winforyou.oclockdt.com
RewriteRule ^(?!/.well-known)(.*) https://winforyou.oclockdt.com:10000/ [R]
#RewriteCond %{SERVER_PORT} !^443$
#RewriteRule ^/(.*) https://192.168.2.100/index.php
RemoveHandler .php
RemoveHandler .php7.2
RemoveHandler .php8.0
RemoveHandler .php8.1
<FilesMatch \.php$>
SetHandler proxy:unix:/var/php-fpm/1234567890123456.sock|fcgi://127.0.0.1
</FilesMatch>
<Proxy balancer://root>
BalancerMember http://127.0.0.1:8000
</Proxy>
ProxyPass / balancer://root/
ProxyPassReverse / balancer://root/
</VirtualHost>
journalctl -xe:
Apr 21 20:07:21 ns3226653.ip-162-19-89.eu postfix/smtpd[344295]: warning: unknown[45.129.14.173]: SASL LOGIN authentication failed: authentication failure
Apr 21 20:07:22 ns3226653.ip-162-19-89.eu postfix/smtpd[344295]: disconnect from unknown[45.129.14.173] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Apr 21 20:07:25 ns3226653.ip-162-19-89.eu postfix/smtpd[344257]: connect from unknown[45.129.14.128]
Apr 21 20:07:27 ns3226653.ip-162-19-89.eu postfix/smtpd[344257]: discarding EHLO keywords: CHUNKING
Apr 21 20:07:32 ns3226653.ip-162-19-89.eu postfix/smtpd[344295]: connect from unknown[45.129.14.173]
Apr 21 20:07:33 ns3226653.ip-162-19-89.eu postfix/smtpd[344295]: discarding EHLO keywords: CHUNKING
Apr 21 20:07:35 ns3226653.ip-162-19-89.eu saslauthd[997]: pam_unix(smtp:auth): check pass; user unknown
Apr 21 20:07:35 ns3226653.ip-162-19-89.eu saslauthd[997]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Apr 21 20:07:37 ns3226653.ip-162-19-89.eu saslauthd[995]: pam_unix(smtp:auth): check pass; user unknown
Apr 21 20:07:37 ns3226653.ip-162-19-89.eu saslauthd[995]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Apr 21 20:07:37 ns3226653.ip-162-19-89.eu saslauthd[997]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Apr 21 20:07:37 ns3226653.ip-162-19-89.eu saslauthd[997]: : auth failure: [user=ujjwala@ip-162-19-89.eu] [service=smtp] [realm=ip-162-19-89.e>
Apr 21 20:07:37 ns3226653.ip-162-19-89.eu postfix/smtpd[344257]: warning: unknown[45.129.14.128]: SASL LOGIN authentication failed: authentication failure
Apr 21 20:07:38 ns3226653.ip-162-19-89.eu postfix/smtpd[344257]: disconnect from unknown[45.129.14.128] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Apr 21 20:07:39 ns3226653.ip-162-19-89.eu saslauthd[995]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Apr 21 20:07:39 ns3226653.ip-162-19-89.eu saslauthd[995]: : auth failure: [user=sales@ip-162-19-89.eu] [service=smtp] [realm=ip-162-19-89.eu]>
Apr 21 20:07:39 ns3226653.ip-162-19-89.eu postfix/smtpd[344295]: warning: unknown[45.129.14.173]: SASL LOGIN authentication failed: authentication failure
Apr 21 20:07:39 ns3226653.ip-162-19-89.eu postfix/smtpd[344295]: disconnect from unknown[45.129.14.173] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
15 lon-thw-sbb1-nc5.uk.eu (192.99.146.126) 128.918 ms 127.307 ms 121.792 ms
16 be103.gra-g1-nc5.fr.eu (91.121.215.178) 279.478 ms 214.833 ms 210.191 ms
17 * * *
18 * * *
19 * * *
20 * * *
21 ns3226653.ip-162-19-89.eu (162.19.89.212) 121.968 ms !X 121.833 ms !X 120.938 ms !X
!X (communication adminis‐
tratively prohibited)
What are you doing? You’re still very confused.
You run an app server on a local port (8000 or whatever), and you proxy to that port in Apache (as we showed you above), and then your browser connects to the usual HTTP/HTTPS ports. The outside world should never talk directly to your application server (on port 8000 or whatever).
I don’t understand what you want to tell me.
This is what I put in the first post
You were trying to put Apache on another port in another post. I have no idea what you’re actually trying to do. We have a major XY problem here.
You want to run an application, right? It needs an application server to run, correct?
If so, then you need to start your application server on that port. I believe you were starting gunicorn in another post, so this is a Python application. And, I believe you had it working via http but couldn’t get it working with https (which is fine for a local application).
If that’s so, you should have it listen only on the localhost address (127.0.0.1) on the port of your choosing (8000, to match the proxy config in Apache) and not on a public address or 0.0.0.0.
Then, Apache will provide the https connection on the usual port of 443 and proxy to the local port of 8000.
Your browser does not connect to port 8000 in this scenario. For one thing, it’s not https (and it doesn’t need to be for local connections), for another, it’s problematic to require your users connect to a weird port…they may be blocked by firewalls on their network. Ports 80 and 443 will probably not be blocked.
Thanks to these explanations I have managed to solve the problem.
The key was to redirect port 443 to 8000 with a proxy.
Thank you very much for your patience.