Spring boot - Spring security behind Apache reverse proxy












1















I have 3 spring-boot apps :




  • front (angular wrapped in springboot) on :8084

  • resource (spring boot) on :8082

  • authentication (spring-boot spring security) on :8081.


Here my Vhost :



<VirtualHost *:80>

    ServerName www.website.com

    Redirect / https://www.website.com/

    RewriteEngine on

    RewriteCond %{SERVER_NAME} =www.website.com

    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>



<VirtualHost *:443>

    SSLEngine on

    SSLProxyEngine on



    ServerName www.website.com



    ProxyPass /auth https://127.0.0.1:8081

    ProxyPassReverse /auth https://127.0.0.1:8081



    ProxyPass /api https://127.0.0.1:8082

    ProxyPassReverse /api https://127.0.0.1:8082



    ProxyPass / https://127.0.0.1:8084/

    ProxyPassReverse / https://127.0.0.1:8084/





    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem

    Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>


This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
So I have Vhost :



<VirtualHost *:443>

    SSLEngine on

    SSLProxyEngine on

    ProxyPreserveHost On



    ServerName www.website.com



    ProxyPass /auth https://127.0.0.1:8081

    ProxyPassReverse /auth https://127.0.0.1:8081

    RequestHeader set X-Forwarded-Proto https

    RequestHeader set X-Forwarded-Port 443



    ProxyPass /api https://127.0.0.1:8082

    ProxyPassReverse /api https://127.0.0.1:8082



    ProxyPass / https://127.0.0.1:8084/

    ProxyPassReverse / https://127.0.0.1:8084/



    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem

    Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>


And I've added 



server.use-forward-headers=true


in the application.properties.



But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



Not sure about what I should set and where to make this works?






spring-boot spring-security reverse-proxy vhosts mod-proxy







share|improve this question





























    1















    I have 3 spring-boot apps :




    • front (angular wrapped in springboot) on :8084

    • resource (spring boot) on :8082

    • authentication (spring-boot spring security) on :8081.


    Here my Vhost :



    <VirtualHost *:80>
    
    ServerName www.website.com
    
    Redirect / https://www.website.com/
    
    RewriteEngine on
    
    RewriteCond %{SERVER_NAME} =www.website.com
    
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    
</VirtualHost>
    

    
<VirtualHost *:443>
    
    SSLEngine on
    
    SSLProxyEngine on
    

    
    ServerName www.website.com
    

    
    ProxyPass /auth https://127.0.0.1:8081
    
    ProxyPassReverse /auth https://127.0.0.1:8081
    

    
    ProxyPass /api https://127.0.0.1:8082
    
    ProxyPassReverse /api https://127.0.0.1:8082
    

    
    ProxyPass / https://127.0.0.1:8084/
    
    ProxyPassReverse / https://127.0.0.1:8084/
    

    

    
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
    
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
    
    Include /etc/letsencrypt/options-ssl-apache.conf
    
</VirtualHost>


    This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



    Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



    I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
    So I have Vhost :



    <VirtualHost *:443>
    
    SSLEngine on
    
    SSLProxyEngine on
    
    ProxyPreserveHost On
    

    
    ServerName www.website.com
    

    
    ProxyPass /auth https://127.0.0.1:8081
    
    ProxyPassReverse /auth https://127.0.0.1:8081
    
    RequestHeader set X-Forwarded-Proto https
    
    RequestHeader set X-Forwarded-Port 443
    

    
    ProxyPass /api https://127.0.0.1:8082
    
    ProxyPassReverse /api https://127.0.0.1:8082
    

    
    ProxyPass / https://127.0.0.1:8084/
    
    ProxyPassReverse / https://127.0.0.1:8084/
    

    
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
    
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
    
    Include /etc/letsencrypt/options-ssl-apache.conf
    
</VirtualHost>


    And I've added 



    server.use-forward-headers=true


    in the application.properties.



    But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



    Not sure about what I should set and where to make this works?






    spring-boot spring-security reverse-proxy vhosts mod-proxy







    share|improve this question



























      1












      1








      1








      I have 3 spring-boot apps :




      • front (angular wrapped in springboot) on :8084

      • resource (spring boot) on :8082

      • authentication (spring-boot spring security) on :8081.


      Here my Vhost :



      <VirtualHost *:80>
      
    ServerName www.website.com
      
    Redirect / https://www.website.com/
      
    RewriteEngine on
      
    RewriteCond %{SERVER_NAME} =www.website.com
      
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
      
</VirtualHost>
      

      
<VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



      Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



      I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
      So I have Vhost :



      <VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      
    ProxyPreserveHost On
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      
    RequestHeader set X-Forwarded-Proto https
      
    RequestHeader set X-Forwarded-Port 443
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      And I've added 



      server.use-forward-headers=true


      in the application.properties.



      But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



      Not sure about what I should set and where to make this works?






      spring-boot spring-security reverse-proxy vhosts mod-proxy







      share|improve this question
















      I have 3 spring-boot apps :




      • front (angular wrapped in springboot) on :8084

      • resource (spring boot) on :8082

      • authentication (spring-boot spring security) on :8081.


      Here my Vhost :



      <VirtualHost *:80>
      
    ServerName www.website.com
      
    Redirect / https://www.website.com/
      
    RewriteEngine on
      
    RewriteCond %{SERVER_NAME} =www.website.com
      
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
      
</VirtualHost>
      

      
<VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



      Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



      I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
      So I have Vhost :



      <VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      
    ProxyPreserveHost On
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      
    RequestHeader set X-Forwarded-Proto https
      
    RequestHeader set X-Forwarded-Port 443
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      And I've added 



      server.use-forward-headers=true


      in the application.properties.



      But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



      Not sure about what I should set and where to make this works?






      spring-boot spring-security reverse-proxy vhosts mod-proxy




      spring-boot spring-security reverse-proxy vhosts mod-proxy






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 19 at 15:38







      Lempkin

















      asked Jan 19 at 11:44









      LempkinLempkin

      3961720




      3961720
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Actually I found the solution, if it can help someone :



          Vhost must be :



          ProxyPreserveHost On
          
...
          
ProxyPass /auth https://127.0.0.1:8081/auth
          
ProxyPassReverse /auth https://127.0.0.1:8081/auth
          
RequestHeader set X-Forwarded-Proto https
          
RequestHeader set X-Forwarded-Port 443
          
...


          And in application.properties :



          server.servlet.context-path=/auth
          
server.use-forward-headers=true





          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54266716%2fspring-boot-spring-security-behind-apache-reverse-proxy%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Actually I found the solution, if it can help someone :



            Vhost must be :



            ProxyPreserveHost On
            
...
            
ProxyPass /auth https://127.0.0.1:8081/auth
            
ProxyPassReverse /auth https://127.0.0.1:8081/auth
            
RequestHeader set X-Forwarded-Proto https
            
RequestHeader set X-Forwarded-Port 443
            
...


            And in application.properties :



            server.servlet.context-path=/auth
            
server.use-forward-headers=true





            share|improve this answer




























              0














              Actually I found the solution, if it can help someone :



              Vhost must be :



              ProxyPreserveHost On
              
...
              
ProxyPass /auth https://127.0.0.1:8081/auth
              
ProxyPassReverse /auth https://127.0.0.1:8081/auth
              
RequestHeader set X-Forwarded-Proto https
              
RequestHeader set X-Forwarded-Port 443
              
...


              And in application.properties :



              server.servlet.context-path=/auth
              
server.use-forward-headers=true





              share|improve this answer


























                0












                0








                0







                Actually I found the solution, if it can help someone :



                Vhost must be :



                ProxyPreserveHost On
                
...
                
ProxyPass /auth https://127.0.0.1:8081/auth
                
ProxyPassReverse /auth https://127.0.0.1:8081/auth
                
RequestHeader set X-Forwarded-Proto https
                
RequestHeader set X-Forwarded-Port 443
                
...


                And in application.properties :



                server.servlet.context-path=/auth
                
server.use-forward-headers=true





                share|improve this answer













                Actually I found the solution, if it can help someone :



                Vhost must be :



                ProxyPreserveHost On
                
...
                
ProxyPass /auth https://127.0.0.1:8081/auth
                
ProxyPassReverse /auth https://127.0.0.1:8081/auth
                
RequestHeader set X-Forwarded-Proto https
                
RequestHeader set X-Forwarded-Port 443
                
...


                And in application.properties :



                server.servlet.context-path=/auth
                
server.use-forward-headers=true






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 19 at 23:53









                LempkinLempkin

                3961720




                3961720






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54266716%2fspring-boot-spring-security-behind-apache-reverse-proxy%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Liquibase includeAll doesn't find base path

                    Image
                    0 while migrating a project from maven to gradle I ran in the following problem. My file structure looks like this: The changelog-master.xml includes the changelog-v1-0.xml, which then should include the directory v1-0 with following line: <includeAll path="src/main/resources/liquibase/changelogs/v1-0/" errorIfMissingOrEmpty="true" /> . This works just fine. This: <includeAll path="/liquibase/changelogs/v1-0/" errorIfMissingOrEmpty="true" relativeToChangelogFile="true" /> doesn't. I get following errormessage: Cannot find base path 'src/main/resources/liquibase/changelogs/changelog-v1-0.xml' with liquibase in version 3.6.2. I also tried the versions 3.6.0, 3.6.1 and 3.5.5. I am using gradle to build my project in version 4.9
                    Read more

                    How to use setInterval in EJS file?

                    Image
                    0 I have a problem with using setInterval in my EJS file, which is part of my nodejs app (with Express). I have created function getRandomSubarray , which chooses randomly subset of images from array. I want to change this subset every three seconds. This is problematic piece of my code: <%setInterval(function(){%> <%RandomSubrecipesImg=tools.getRandomSubarray(recipesImg,4)%> <div class="navbar-image-box col-sm-3 d-none d-sm-block"><img class="navbar-image" src="<%=RandomSubrecipesImg[0].replace('public',"")%>"></div> <div class="navbar-image-box col-sm-3 d-none d-sm-block"><img class="navbar-image" src="<%=RandomSubrecipesImg[1].replace('public',"")%>">&
                    Read more

                    Petrus Granier-Deferre

                    Image
                    Petrus Granier-Deferre (Lutetiae die 27 Iulii 1927 natus; ibidem die 16 Novembris 2007 mortuus) fuit moderator cinematographicus et dux scaenarum Francicus. Pelliculae selectae | 1961 : Le Petit Garçon de l'ascenseur 1962 : Les Aventures de Salavin (sous-titré Confession de minuit) 1965 : La Métamorphose des cloportes 1965 : Paris au mois d'août 1967 : Le Grand Dadais 1970 : La Horse 1971 : Le Chat 1971 : La Veuve Couderc 1973 : Le Fils 1973 : Le Train 1974 : La Race des seigneurs 1975 : La Cage 1975 : Adieu poulet 1976 : Une femme à sa fenêtre 1976 : Le Toubib 1981 : Une étrange affaire 1982 : L'Étoile du Nord 1983 : L'Ami de Vincent 1985 : L'Homme aux yeux d'argent 1986 : Cours privé 1987 : Noyade interdite 1988 : La Couleur du vent 1990 : L'Autrichienne 1995 : Le Petit Garçon 1992 : La Voix 1993 : Archipel 1995 : Maigret et la vente à la bougie (TV) 1996 : La Dernière Fête (TV) 1997 : Maigret et l'enfant de c
                    Read more