Saturday, October 30, 2021

[SOLVED] HTTPD with two different services in the same computer

Issue

I have a CentOS 6.9 server that is running a DokuWiki under HTTPD 2.2. This wiki is installed in /var/www/html/dokuwiki. Therefore, when you type myserver.com/dokuwiki, it enters the wiki. If you type myserver.com, a simple index.html file (/var/www/html/index.html) is shown with links to the Wiki and GitLab.

Now I have installed GitLab and configured it to also use HTTPD (by default it comes with NGINX integrated). Both GitLab and DokuWiki are working correctly if I launch them by themselves, but I cannot find the way to make them visible at the same time.

What I would like is: if the user types myserver.com, show the index.html with two links: one to the wiki (myserver.com/dokuwiki) and the other link to the GitLab server (myserver.com/gitlab). By clicking on each, the user can access the desired service.

What happens is that if put the configuration of gitlab with precedence over the other (by changing the name to 00-gitlab.conf, for example), the configuration of the wiki doesn't work and when you type either myserver.com or myserver.com/dokuwiki, it doesn't find anything ( Not found "/" is shown) because it uses the other rules and there is no match (due to the Location directive of GitLab, I guess). GitLab works OK in this case.

If I put the configuration of the Wiki with precedence, I get a 404 error when I try to access myserver.com/gitlab because this rule is more general and therefore it ignores the other with the Location directive. The Index and the Wiki work OK in this case.

Here are the Virtual Hosts configurations for both, stored in /etc/httpd/conf.d. Everything is SSL and it is working OK. The configuration for HTTP (port 80) is virtually the same but I did not include it here. I also have NameVirtualHost *:443 in httpd.conf.

Wiki/Root:

<VirtualHost *:443>
    ServerName myserver.com
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/myserver.com.crt
    SSLCertificateKeyFile /etc/httpd/ssl/myserver.com.key
</VirtualHost>

GitLab

<VirtualHost *:443>
  ServerName myserver.com
  ServerSignature Off
  ProxyPreserveHost On
  AllowEncodedSlashes NoDecode

  SSLEngine on
  SSLCertificateFile /etc/httpd/ssl/myserver.com.crt
  SSLCertificateKeyFile /etc/httpd/ssl/myserver.com.key

  SSLProtocol all -SSLv2
  SSLHonorCipherOrder on
  SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
  Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"

  <Location /gitlab>
    Order deny,allow
    Allow from all

    ProxyPassReverse http://127.0.0.1:8181
    ProxyPassReverse http://myserver.com/gitlab
  </Location>
  RewriteEngine on

  #Forward all requests to gitlab-workhorse except existing files like error documents
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
  RewriteCond %{REQUEST_URI} ^/uploads/.*
  RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
  # needed for downloading attachments
  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public/

  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 502 /502.html
  ErrorDocument 503 /503.html

  # It is assumed that the log directory is in /var/log/httpd.
  # For Debian distributions you might want to change this to
  # /var/log/apache2.
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog /var/log/httpd/logs/myserver_error.log
  CustomLog /var/log/httpd/logs/myserver_forwarded.log common_forwarded
  CustomLog /var/log/httpd/logs/myserver_access.log combined env=!dontlog
  CustomLog /var/log/httpd/logs/myserver.log combined
</VirtualHost>

Thanks.


Solution

I found the solution. I only need one VirtualHost and to correctly define my proxypass.

Here's the working file:

<VirtualHost *:443>
    ServerName myserver.com
    DocumentRoot /var/www/html
    SSLEngine on

    SSLProtocol all -SSLv2
    SSLHonorCipherOrder on
    SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
    Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
    ServerSignature Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode

    SSLCertificateFile /etc/httpd/ssl/myserver.com.crt
    SSLCertificateKeyFile /etc/httpd/ssl/myserver.com.key

    Alias /gitlab  /opt/gitlab/embedded/service/gitlab-rails/public
    <Location /gitlab>
        Order deny,allow
        Allow from all

        ProxyPass http://127.0.0.1:8181
        ProxyPassReverse http://127.0.0.1:8181
        ProxyPassReverse http://myserver.com/gitlab
        RewriteEngine on

        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
        RewriteCond %{REQUEST_URI} ^/uploads/.*
        RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
        ErrorDocument 404 /404.html
        ErrorDocument 422 /422.html
        ErrorDocument 500 /500.html
        ErrorDocument 502 /502.html
        ErrorDocument 503 /503.html
  </Location>

  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog /var/log/httpd/logs/myserver_error.log
  CustomLog /var/log/httpd/logs/myserver_forwarded.log common_forwarded
  CustomLog /var/log/httpd/logs/myserver_access.log combined env=!dontlog
  CustomLog /var/log/httpd/logs/myserver.log combined

</VirtualHost>


Answered By - fern17
at