+2

[2.0.2] reverse proxy for admin page

Jim Howe 7 years ago updated by byeuji mod 12 months ago 16

Hello, I am having a similar issue as here.  I have just started playing with 2.0.2 and use Apache/2.4.18 (Ubuntu) for reverse proxy.  I have no problem navigating the normal library and admin pages on the local network on ports 2202 and 2203 respectively.  On the Advanced tab in the Admin section I have configured Ubooquity to use the reverseproxy prefix "newsstand"  From then on, I could still connect to both library and admin pages through their respective ports with the prefix "newsstand" and "newsstand/admin" respectively:

http://IPAddress:2202/newsstand = library pages

http://IPAddress:2203/newsstand/admin = admin pages 


However, with this new scheme where the admin pages must be accessed by a different port than the library pages while they both share the same reverseproxy prefix, it appears to throw either apache or my understanding out of whack.


If I set apache to handle it like this:

ProxyPass /newsstand http://localhost:2202/newsstand
ProxyPassReverse /newsstand http://localhost:2202/newsstand
ProxyPass /newsstand/admin http://localhost:2203/newsstand/admin
ProxyPassReverse /newsstand/admin http://localhost:2203/newsstand/admin

I can successfully navigate the library pages fine from https://mydomain.net/newsstand.  However, when I hit https://mydomain.net/newsstand/admin, it simply shoots me into the library pages and will not open the admin pages.


If I try to make a change to another prefix in apache for the admin pages with something like this:


ProxyPass /admin http://localhost:2203/newsstand/admin
ProxyPassReverse /admin http://localhost:2203/newsstand/admin

The I go to https://mydomain.net/admin, I get a text page like this:


Administrator authentication
Password                        Remember me

Log in


I can type in my password and hit enter but nothing happens.  I think this is due to the reverseproxy Ubooquity config mismatching what I have for it in Apache.


I know I am probably missing something here, but this wasn't an issue when both the site and admin pages were configured on the same port.  With them split apart it seems to me they should each have their own reverseproxy prefix to keep them from stepping on each other.  Otherwise, I hope someone can tell me what I am doing wrong with my apache configuration.


Thanks for your time!

I had the same problem using nginx - two ports means two location clauses, but one base URL forces you to one location clause. There might be some magic possible with rewrite, but I haven't found a way to make it work yet...

Yeah, I tried some ham-fisted rewrite rule and couldn't get it to go.  Thanks for confirming my suspicions about two ports requiring two location clauses (prefixes).

I am able to do it with nginx and my rules are 

location /comic {
proxy_pass http://localhost:2202/comic;
}
location /comic/admin {
proxy_pass http://localhost:2203/comic/admin;
}


What did you use for your reverse proxy prefix?


Using what you posted above makes everything go to the library UI, but can't get to the admin page.

my reverse proxy prefix setting:


  "reverseProxyPrefix" : "comic"

Hi Jack, Unfortunately that looks to be essentially what I am doing in Apache above with the result of never hitting the admin page, just directed to the library.  I also tried taking out the ProxyPassReverse directives as your ngnix rule doesn't have anything like that to no avail.  I've no idea what the hold up is.

I'm not familiar with apache but the text page issue is due to the resource like css got wrong address after been passed,you can open access log or use browser's web debug tools to see what's the problem with your rule.


and another workaround is if you can't work out with reverse proxy rules, maybe you can work on something inside that jar file like change the directory in admin/admin.html and other files.

Thank you Jack, this fixed the issue I was having here.

I've done a new installation of Ubooquity 2.1.0 and still can't get a working Apache configuration for the reverse proxy.  It seems nginx users are able to get this to work.  Is there anyone using Apache able to get to both the library and admin UIs successfully?

+1

It seems to work for me now with this configuration file (ubooquity.conf in /etc/apache2/sites-enabled/ ) :


ProxyRequests Off                                                                                                                                                          
                                                                                                                                                                           
<Location "/ubooquity">                                                                                                                                                   
ProxyPass http://localhost:2202/ubooquity                                                                                                                                
ProxyPassReverse http://localhost:2202/ubooquity                                                                                                                         
AuthType Digest                                                                                                                                                            
AuthName "you shall not pass"                                                                                                                                                       
AuthUserFile '/etc/htpasswd'                                                                                                                                               
Require user gandalf                                                                                                                                                     
</Location>                                                                                                                                                                
                                                                                                                                                                           
<Location "/ubooquity/admin">                                                                                                                                              
ProxyPass http://localhost:2203/ubooquity/admin                                                                                                                           
ProxyPassReverse http://localhost:2203/ubooquity/admin                                                                                                                
AuthType Digest                                                                                                                                                            
AuthName "you shall not pass"                                                                                                                                                 
AuthUserFile '/etc/htpasswd'                                                                                                                                               
Require user gandalf                                                                                                                                                    
</Location>                                                                                                                                                                
                                                                                                                                                                           
<Location "/ubooquity/admin-res">                                                                                                                                          
ProxyPass http://localhost:2203/ubooquity/admin-res                                                                                                                        
ProxyPassReverse http://localhost:2203/ubooquity/admin-res                                                                                                                 
Allow From All                                                                                                                                                             
Satisfy Any                                                                                                                                                                
</Location>                                                                                                                                                                
                                                                                                                                                                           
<Location "/ubooquity/admin-api">                                                                                                                                          
ProxyPass http://localhost:2203/ubooquity/admin-api                                                                                                                        
ProxyPassReverse http://localhost:2203/ubooquity/admin-api                                                                                                                 
Allow From All                                                                                                                                                             
Satisfy Any                                                                                                                                                                
</Location>     


Hope that helps !

Thanks for your help, foudre!  Unfortunately I've played with this for a while and still can't get it to go for me and must be something I am missing due to my ignorance.  This worked fine before the port split, now I just can't make a go of it.  Maybe your file will help others, though! 

You should be able to make it work ;) 

Backup your orginal ubooquity apache configuration file somewhere (or remove the symbolic link with a2dissite if you setup it with a2ensite).


Create a new one "ubooquity.conf" in /etc/apache2/sites-enabled and copy paste this configuration below (I replace my settings by yours) :


ProxyRequests Off                                                                                                                                                          
                                                                                                                                                                           
<Location "/newsstand">                                                                                                                                                   
ProxyPass http://localhost:2202/newsstand
ProxyPassReverse http://localhost:2202/newsstand
Allow From All                                                                                                                                                             
Satisfy Any                                                                                                                                                   
</Location>                                                                                                                                                                
                                                                                                                                                                           
<Location "/newsstand/admin">                                                                                                                                              
ProxyPass http://localhost:2203/newsstand/admin                                                                                                                           
ProxyPassReverse http://localhost:2203/newsstand/admin                                                                                                                
Allow From All                                                                                                                                                             
Satisfy Any                                                                                                                                                 
</Location>                                                                                                                                                                
                                                                                                                                                                           
<Location "/newsstand/admin-res">                                                                                                                                          
ProxyPass http://localhost:2203/newsstand/admin-res                                                                                                                        
ProxyPassReverse http://localhost:2203/newsstand/admin-res                                                                                                                 
Allow From All                                                                                                                                                             
Satisfy Any                                                                                                                                                                
</Location>                                                                                                                                                                
                                                                                                                                                                           
<Location "/newsstand/admin-api">                                                                                                                                          
ProxyPass http://localhost:2203/newsstand/admin-api                                                                                                                        
ProxyPassReverse http://localhost:2203/newsstand/admin-api                                                                                                                 
Allow From All                                                                                                                                                             
Satisfy Any                                                                                                                                                        
</Location>     


Don't forget to restart apache with : 


sudo service apache2 restart


Go to the ubooquity URL and refresh (clear the cache if no data appears).


If this does not work, delete the file created above and reactive your old configuration file. 


PS : we may use Apache mod_rewrite to simplify but i'm not an Apache expert :/

Wow!  You are really helpful and it is very much appreciated!  It may be a few days before I have time to play around with this again, but I didn't want to leave you hanging in the meantime.  It may not be as simple a process as my apache knowledge is extremely limited and to begin with, and I never had a ubooquity.conf file in my setup.  Briefly, I have a single conf file (/etc/apache2/sites-available/000-default-le-ssl.conf )for ubooquity and calibre reverse proxy directives on an https (letsencrypt) configured virtual host.  I notice my file doesn't have <location> tags in it, only a single <proxy> tag.  The proxy directives stand alone.


When I played around with this the first time you posted, I did pretty much what you have taken the trouble to do for me here!  I created a new ubooquity.conf file and remarked out all the newsstand directives in the 000-default conf file.  It didn't work either.  I saw in another apache file it does include all *.conf files from the directory but I wasn't able to reach it.  Maybe I need to create another virtualhost? Then I am not sure how to get the letsencrypt business going there too..


I suppose I could post the conf file if it would help to make sense of this.

Again, your assistance here is greatly appreciated, just bear with me if I can't get back real soon with any results.

After many months, a well-deserved hat's off to cestdelafoudre!  Once I stopped overthinking everything and just did as told, it worked.  I thought I would have to clean other things out, would have conflicts, but none of that.  There is no impact to the other websites, either.  Simply introducing this file as named and with the exact text did the trick.


Many thanks again!

Adding that the fix for this is adding additional sub-locations for `/yourprefix/admin-res` and `/yourprefix/admin-api`. 

With only a reverse proxy for `/yourprefix/` and `/yourprefix/admin/`, you get a bad login screen because it's not able to load a bunch of files and interact with the service on these other paths.

I've included a scrubbed version of my final nginx config below:


server {
	server_name mydomain.net;

	listen 80;
	listen [::]:80;
	listen 443 ssl http2;
    ssl_certificate /certificate/path.pem;
    ssl_certificate_key /private/key/path.pem;

	location / {
		try_files $uri $uri/ =404;
		root /var/www/html/;
		index index.html index.htm index.nginx-debian.html;


		location /curator/ {
			rewrite ^/route/?(.*)$ /$1 break;  
			proxy_pass				https://127.0.0.1:2202;
			proxy_set_header        Host $host;
			proxy_set_header        X-Real-IP $remote_addr;
			proxy_set_header        X-Forwarded-For $remote_addr;
			proxy_set_header		X-Forwarded-Proto $scheme;


			location /curator/admin/ {
				rewrite ^/route/?(.*)$ /$1 break;  
				proxy_pass				https://127.0.0.1:2203/curator/admin/;
				proxy_set_header        Host $host;
				proxy_set_header        X-Real-IP $remote_addr;
				proxy_set_header        X-Forwarded-For $remote_addr;
				proxy_set_header		X-Forwarded-Proto $scheme;
			}
			location /curator/admin-res/ {
				rewrite ^/route/?(.*)$ /$1 break;  
				proxy_pass				https://127.0.0.1:2203/curator/admin-res/;
				proxy_set_header        Host $host;
				proxy_set_header        X-Real-IP $remote_addr;
				proxy_set_header        X-Forwarded-For $remote_addr;
				proxy_set_header		X-Forwarded-Proto $scheme;
			}
			location /curator/admin-api/ {
				rewrite ^/route/?(.*)$ /$1 break;  
				proxy_pass				https://127.0.0.1:2203/curator/admin-api/;
				proxy_set_header        Host $host;
				proxy_set_header        X-Real-IP $remote_addr;
				proxy_set_header        X-Forwarded-For $remote_addr;
				proxy_set_header		X-Forwarded-Proto $scheme;
			}
		}
	}
}



By adding those sub-locations for admin-res and admin-api BOOM everything started working. Thanks to this 5-years-old conversation. Paying the solution forward. 

Ope, I found one last piece -- there's definitely an issue with references in the Admin console -- after adding these two extra sub-locations, I had an issue where some calls were now going to /myprefix/admin/admin-res and /myprefix/admin/admin-api, but needed to be going to /myprefix/admin-res, and /myprefix/admin-api

To fix this, I added two more sub-sub locations to the /myprefix/admin location, making my final nginx virtual server conf look like this:

server {
        server_name mydomain.net;

	listen 80;
	listen [::]:80;
	listen 443 ssl http2;
        ssl_certificate /certificate/path.pem;
        ssl_certificate_key /private/key/path.pem;

	location / {
		try_files $uri $uri/ =404;
		root /var/www/html/;
		index index.html index.htm index.nginx-debian.html;


		location /curator/ {
			rewrite ^/route/?(.*)$ /$1 break;  
			proxy_pass            https://127.0.0.1:2202;
			proxy_set_header        Host $host;
			proxy_set_header        X-Real-IP $remote_addr;
			proxy_set_header        X-Forwarded-For $remote_addr;
			proxy_set_header	X-Forwarded-Proto $scheme;


			location /curator/admin/ {
				rewrite ^/route/?(.*)$ /$1 break;  
				proxy_pass				https://127.0.0.1:2203/curator/admin/;
                                proxy_set_header        Host $host;
                                proxy_set_header        X-Real-IP $remote_addr;
                                proxy_set_header        X-Forwarded-For $remote_addr;
                                proxy_set_header        X-Forwarded-Proto $scheme;
			
				location /curator/admin-res/ {
					rewrite ^/route/?(.*)$ /$1 break;  
					proxy_pass				https://127.0.0.1:2203/curator/admin-res/;
                                        proxy_set_header        Host $host;
                                        proxy_set_header        X-Real-IP $remote_addr;
                                        proxy_set_header        X-Forwarded-For $remote_addr;
                                        proxy_set_header        X-Forwarded-Proto $scheme;
				}
				location /curator/admin-api/ {
					rewrite ^/route/?(.*)$ /$1 break;  
					proxy_pass				https://127.0.0.1:2203/curator/admin-api/;
                                        proxy_set_header        Host $host;
                                        proxy_set_header        X-Real-IP $remote_addr;
                                        proxy_set_header        X-Forwarded-For $remote_addr;
                                        proxy_set_header        X-Forwarded-Proto $scheme;
				}
			}
			location /curator/admin-res/ {
				rewrite ^/route/?(.*)$ /$1 break;  
				proxy_pass				https://127.0.0.1:2203/curator/admin-res/;
                                proxy_set_header        Host $host;
                                proxy_set_header        X-Real-IP $remote_addr;
                                proxy_set_header        X-Forwarded-For $remote_addr;
                                proxy_set_header        X-Forwarded-Proto $scheme;
			}
			location /curator/admin-api/ {
				rewrite ^/route/?(.*)$ /$1 break;  
				proxy_pass				https://127.0.0.1:2203/curator/admin-api/;
                                proxy_set_header        Host $host;
                                proxy_set_header        X-Real-IP $remote_addr;
                                proxy_set_header        X-Forwarded-For $remote_addr;
                                proxy_set_header        X-Forwarded-Proto $scheme;			}
		}
	}
}