Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Catalyst>
  3. Dev
Trouble with ProxyPass
jir2004 at qatar-med
Jun 17, 2013, 4:44 AM
Post #1 of 5 (6550 views)
Permalink
Hello,

I'm having trouble getting my application running under ProxyPass using
Apache. I'm not entirely sure if it my worries lie in catalyst or
apache. I do have another application (not catalyst) which uses
proxypass with the exact same SSL config and its fine.

It will display pages fine, but when I go to submit a form I get the
following:

"Although this page is encrypted, the information you have entered is to
be sent over an unencrypted connection and could easily be read by a
third party.

Are you sure you want to continue sending this information?"


This is what my apache config looks like:


ProxyRequests On
ProxyVia On
ProxyReceiveBufferSize 16384
<Location />
ProxyPass http://127.0.0.1:3000/
ProxyPassReverse http://127.0.0.1:3000/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

SSLRequireSSL
SetHandler perl-script
RequestHeader set X-URL-SCHEME https
Order allow,deny
Allow from all
</Location>

I have $c->config->{using_frontend_proxy} = 1.

My application works fine if I just do localhost:3000, and it also works
fine when I run it as a fastcgi application. I do not get the security
warning when running either under development or fastcgi.

I am looking into using the proxypass option solely for development. I
am working on an application that uses very big data and log into a
virtualbox for it. I have several file locations that are references to
urls.

Alias /bigdata /data/share/web_public/bigdata
<Directory /data/share/web_public/bigdata>
AllowOverride All
Options Indexes MultiViews FollowSymLinks
order Allow,Deny
Allow from all
</Directory>

So I need something happening with apache I think. Is there anyway to
get Catalyst to alias those paths for me?

I have really been making my head explode over this, and help would be
very appreciated!!!

Best,
Jillian
Re: Trouble with ProxyPass [ In reply to ]
omega at palle
Jun 17, 2013, 9:16 PM
Post #2 of 5 (6403 views)
Permalink
On Jun 17, 2013, at 6:44 PM, Jillian Rowe <jir2004@qatar-med.cornell.edu> wrote:

> Hello,
>
> I'm having trouble getting my application running under ProxyPass using
> Apache. I'm not entirely sure if it my worries lie in catalyst or
> apache. I do have another application (not catalyst) which uses
> proxypass with the exact same SSL config and its fine.
>
> It will display pages fine, but when I go to submit a form I get the
> following:
>
> "Although this page is encrypted, the information you have entered is to
> be sent over an unencrypted connection and could easily be read by a
> third party.
>
> Are you sure you want to continue sending this information?"
>
>
> This is what my apache config looks like:
>
>
> ProxyRequests On
> ProxyVia On
> ProxyReceiveBufferSize 16384
> <Location />
> ProxyPass http://127.0.0.1:3000/
> ProxyPassReverse http://127.0.0.1:3000/
> SetEnv force-proxy-request-1.0 1
> SetEnv proxy-nokeepalive 1
>
> SSLRequireSSL
> SetHandler perl-script
> RequestHeader set X-URL-SCHEME https
> Order allow,deny
> Allow from all
> </Location>
>
> I have $c->config->{using_frontend_proxy} = 1.
>
> My application works fine if I just do localhost:3000, and it also works
> fine when I run it as a fastcgi application. I do not get the security
> warning when running either under development or fastcgi.

I assume what happens is that you use $c->uri_for (or c.uri_for in the
template toolkit world) to generate the action for your form, and this
generates http:// instead of https://?

Have you read trough
https://metacpan.org/module/Catalyst#PROXY-SUPPORT and
tried to set the X-Forwarded-Port to 443?

>
> I am looking into using the proxypass option solely for development. I
> am working on an application that uses very big data and log into a
> virtualbox for it. I have several file locations that are references to
> urls.
>
> Alias /bigdata /data/share/web_public/bigdata
> <Directory /data/share/web_public/bigdata>
> AllowOverride All
> Options Indexes MultiViews FollowSymLinks
> order Allow,Deny
> Allow from all
> </Directory>
>
> So I need something happening with apache I think. Is there anyway to
> get Catalyst to alias those paths for me?
>

You could perhaps have a controller Bigdata that reponds to /bigdata and
looks for files for you, or use a Plack middleware to wrap your application
in to provide it.

But I don't think letting Apache (or other frontend web servers like nginx)
handle serving of files like that is a bad thing. The deployment documentation
for mod_perl on Apache even specifies this as a good thing:
https://metacpan.org/module/ETHER/Catalyst-Manual-5.9007/lib/Catalyst/Manual/Deployment/Apache/mod_perl.pod#Static-file-handling


Hope this might be helpful


- andreas / omega




_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
Re: Trouble with ProxyPass [ In reply to ]
bobtfish at bobtfish
Jun 17, 2013, 11:15 PM
Post #3 of 5 (6398 views)
Permalink
Moved from dev list to normal list..

On 18 Jun 2013, at 05:16, Andreas Marienborg <omega@palle.net> wrote:

>
> On Jun 17, 2013, at 6:44 PM, Jillian Rowe <jir2004@qatar-med.cornell.edu> wrote:
>>
>> I am looking into using the proxypass option solely for development. I
>
> But I don't think letting Apache (or other frontend web servers like nginx)
> handle serving of files like that is a bad thing.

I think it's a bad thing _for development_, as it's a pain in the ass :)

Cheers
t0m
_______________________________________________
Catalyst-dev mailing list
Catalyst-dev@lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev
Re: Trouble with ProxyPass [ In reply to ]
jir2004 at qatar-med
Jun 18, 2013, 12:57 AM
Post #4 of 5 (6399 views)
Permalink
Thank you so much Andreas, Tomas, and Moritz! I got it figured out this
morning with your help!

It turns out that having the X-Forwarded-Port in my MyApp.yml was not
sufficient. It needed to be in lib/MyApp.pm

__MyApp__->config->{"X-Forwarded-Port"} = 443

This solved my problem with getting the security message out and form
data passed.

As for serving my static content this is what I did. Hope it helps
someone.

ProxyRequests On
ProxyVia On
ProxyReceiveBufferSize 16384
ProxyPass /static !
ProxyPass /favicon.ico !
ProxyPass /bigdata1 !
ProxyPass /gbigdata2 !
Alias /static /var/www/MyApp/root/static
Alias /bigdata1 /data/share/web_public/bigdata1
Alias /bigdata2 /data/share/web_public/bigdata2

<Location />
ProxyPass http://127.0.0.1:3000/
ProxyPassReverse http://127.0.0.1:3000/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

SSLRequireSSL
SetHandler perl-script
RequestHeader set X-URL-SCHEME https
Order allow,deny
Allow from all
</Location>

I believe in the Catalyst documentation the Alias was first, followed by
the ProxyPass. But when I sought the help of Google I found a post
saying it was the other way around.

Thanks for the tips about serving the static data from the controller! I
will keep that in mind.

Now I have a production environment that very closely matches my
production and I am quite happy!

Thanks again!

Best,
Jillian
Re: Trouble with ProxyPass [ In reply to ]
jir2004 at qatar-med
Jun 18, 2013, 3:13 AM
Post #5 of 5 (6397 views)
Permalink
I also got it to work with the prefix /myapp in front of the urls using
Catalyst::TraitFor::Request::ProxyBase.

Per the documentation in lib/MyApp.pm

use Catalyst;
use CatalystX::RoleApplicator;

extends 'Catalyst';

__PACKAGE__->apply_request_class_roles(qw/
Catalyst::TraitFor::Request::ProxyBase
/);

__PACKAGE__->setup;

Apache config

ProxyRequests On
ProxyVia On
ProxyReceiveBufferSize 16384
ProxyPass /static !
ProxyPass /favicon.ico !
ProxyPass /bigdata1 !
ProxyPass /bigdata2 !
Alias /static /var/www/JBrowse/root/static
Alias /bigdata1 /data/share/web_public/bigdata1
Alias /bigdata2 /data/share/web_public/bigdata2

<Location /myapp>
# You must have mod_headers enabled for that
# RequestHeader set X-Request-Base /preview
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

SSLRequireSSL
SetHandler perl-script
RequestHeader set X-URL-SCHEME https
RequestHeader set X-Request-Base
https://myservername/myapp
</Location>

ProxyPass /myapp http://localhost:3000
ProxyPassReverse /myapp http://localhost:3000

Hope this helps someone!

Best,
Jillian

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal