Spring boot - Spring security behind Apache reverse proxy












1















I have 3 spring-boot apps :




  • front (angular wrapped in springboot) on :8084

  • resource (spring boot) on :8082

  • authentication (spring-boot spring security) on :8081.


Here my Vhost :



<VirtualHost *:80>

    ServerName www.website.com

    Redirect / https://www.website.com/

    RewriteEngine on

    RewriteCond %{SERVER_NAME} =www.website.com

    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>



<VirtualHost *:443>

    SSLEngine on

    SSLProxyEngine on



    ServerName www.website.com



    ProxyPass /auth https://127.0.0.1:8081

    ProxyPassReverse /auth https://127.0.0.1:8081



    ProxyPass /api https://127.0.0.1:8082

    ProxyPassReverse /api https://127.0.0.1:8082



    ProxyPass / https://127.0.0.1:8084/

    ProxyPassReverse / https://127.0.0.1:8084/





    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem

    Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>


This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
So I have Vhost :



<VirtualHost *:443>

    SSLEngine on

    SSLProxyEngine on

    ProxyPreserveHost On



    ServerName www.website.com



    ProxyPass /auth https://127.0.0.1:8081

    ProxyPassReverse /auth https://127.0.0.1:8081

    RequestHeader set X-Forwarded-Proto https

    RequestHeader set X-Forwarded-Port 443



    ProxyPass /api https://127.0.0.1:8082

    ProxyPassReverse /api https://127.0.0.1:8082



    ProxyPass / https://127.0.0.1:8084/

    ProxyPassReverse / https://127.0.0.1:8084/



    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem

    Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>


And I've added 



server.use-forward-headers=true


in the application.properties.



But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



Not sure about what I should set and where to make this works?






spring-boot spring-security reverse-proxy vhosts mod-proxy







share|improve this question





























    1















    I have 3 spring-boot apps :




    • front (angular wrapped in springboot) on :8084

    • resource (spring boot) on :8082

    • authentication (spring-boot spring security) on :8081.


    Here my Vhost :



    <VirtualHost *:80>
    
    ServerName www.website.com
    
    Redirect / https://www.website.com/
    
    RewriteEngine on
    
    RewriteCond %{SERVER_NAME} =www.website.com
    
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    
</VirtualHost>
    

    
<VirtualHost *:443>
    
    SSLEngine on
    
    SSLProxyEngine on
    

    
    ServerName www.website.com
    

    
    ProxyPass /auth https://127.0.0.1:8081
    
    ProxyPassReverse /auth https://127.0.0.1:8081
    

    
    ProxyPass /api https://127.0.0.1:8082
    
    ProxyPassReverse /api https://127.0.0.1:8082
    

    
    ProxyPass / https://127.0.0.1:8084/
    
    ProxyPassReverse / https://127.0.0.1:8084/
    

    

    
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
    
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
    
    Include /etc/letsencrypt/options-ssl-apache.conf
    
</VirtualHost>


    This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



    Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



    I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
    So I have Vhost :



    <VirtualHost *:443>
    
    SSLEngine on
    
    SSLProxyEngine on
    
    ProxyPreserveHost On
    

    
    ServerName www.website.com
    

    
    ProxyPass /auth https://127.0.0.1:8081
    
    ProxyPassReverse /auth https://127.0.0.1:8081
    
    RequestHeader set X-Forwarded-Proto https
    
    RequestHeader set X-Forwarded-Port 443
    

    
    ProxyPass /api https://127.0.0.1:8082
    
    ProxyPassReverse /api https://127.0.0.1:8082
    

    
    ProxyPass / https://127.0.0.1:8084/
    
    ProxyPassReverse / https://127.0.0.1:8084/
    

    
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
    
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
    
    Include /etc/letsencrypt/options-ssl-apache.conf
    
</VirtualHost>


    And I've added 



    server.use-forward-headers=true


    in the application.properties.



    But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



    Not sure about what I should set and where to make this works?






    spring-boot spring-security reverse-proxy vhosts mod-proxy







    share|improve this question



























      1












      1








      1








      I have 3 spring-boot apps :




      • front (angular wrapped in springboot) on :8084

      • resource (spring boot) on :8082

      • authentication (spring-boot spring security) on :8081.


      Here my Vhost :



      <VirtualHost *:80>
      
    ServerName www.website.com
      
    Redirect / https://www.website.com/
      
    RewriteEngine on
      
    RewriteCond %{SERVER_NAME} =www.website.com
      
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
      
</VirtualHost>
      

      
<VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



      Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



      I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
      So I have Vhost :



      <VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      
    ProxyPreserveHost On
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      
    RequestHeader set X-Forwarded-Proto https
      
    RequestHeader set X-Forwarded-Port 443
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      And I've added 



      server.use-forward-headers=true


      in the application.properties.



      But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



      Not sure about what I should set and where to make this works?






      spring-boot spring-security reverse-proxy vhosts mod-proxy







      share|improve this question
















      I have 3 spring-boot apps :




      • front (angular wrapped in springboot) on :8084

      • resource (spring boot) on :8082

      • authentication (spring-boot spring security) on :8081.


      Here my Vhost :



      <VirtualHost *:80>
      
    ServerName www.website.com
      
    Redirect / https://www.website.com/
      
    RewriteEngine on
      
    RewriteCond %{SERVER_NAME} =www.website.com
      
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
      
</VirtualHost>
      

      
<VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.



      Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).



      I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy
      So I have Vhost :



      <VirtualHost *:443>
      
    SSLEngine on
      
    SSLProxyEngine on
      
    ProxyPreserveHost On
      

      
    ServerName www.website.com
      

      
    ProxyPass /auth https://127.0.0.1:8081
      
    ProxyPassReverse /auth https://127.0.0.1:8081
      
    RequestHeader set X-Forwarded-Proto https
      
    RequestHeader set X-Forwarded-Port 443
      

      
    ProxyPass /api https://127.0.0.1:8082
      
    ProxyPassReverse /api https://127.0.0.1:8082
      

      
    ProxyPass / https://127.0.0.1:8084/
      
    ProxyPassReverse / https://127.0.0.1:8084/
      

      
    SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
      
    SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
      
    Include /etc/letsencrypt/options-ssl-apache.conf
      
</VirtualHost>


      And I've added 



      server.use-forward-headers=true


      in the application.properties.



      But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.



      Not sure about what I should set and where to make this works?






      spring-boot spring-security reverse-proxy vhosts mod-proxy




      spring-boot spring-security reverse-proxy vhosts mod-proxy






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 19 at 15:38







      Lempkin

















      asked Jan 19 at 11:44









      LempkinLempkin

      3961720




      3961720
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Actually I found the solution, if it can help someone :



          Vhost must be :



          ProxyPreserveHost On
          
...
          
ProxyPass /auth https://127.0.0.1:8081/auth
          
ProxyPassReverse /auth https://127.0.0.1:8081/auth
          
RequestHeader set X-Forwarded-Proto https
          
RequestHeader set X-Forwarded-Port 443
          
...


          And in application.properties :



          server.servlet.context-path=/auth
          
server.use-forward-headers=true





          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54266716%2fspring-boot-spring-security-behind-apache-reverse-proxy%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Actually I found the solution, if it can help someone :



            Vhost must be :



            ProxyPreserveHost On
            
...
            
ProxyPass /auth https://127.0.0.1:8081/auth
            
ProxyPassReverse /auth https://127.0.0.1:8081/auth
            
RequestHeader set X-Forwarded-Proto https
            
RequestHeader set X-Forwarded-Port 443
            
...


            And in application.properties :



            server.servlet.context-path=/auth
            
server.use-forward-headers=true





            share|improve this answer




























              0














              Actually I found the solution, if it can help someone :



              Vhost must be :



              ProxyPreserveHost On
              
...
              
ProxyPass /auth https://127.0.0.1:8081/auth
              
ProxyPassReverse /auth https://127.0.0.1:8081/auth
              
RequestHeader set X-Forwarded-Proto https
              
RequestHeader set X-Forwarded-Port 443
              
...


              And in application.properties :



              server.servlet.context-path=/auth
              
server.use-forward-headers=true





              share|improve this answer


























                0












                0








                0







                Actually I found the solution, if it can help someone :



                Vhost must be :



                ProxyPreserveHost On
                
...
                
ProxyPass /auth https://127.0.0.1:8081/auth
                
ProxyPassReverse /auth https://127.0.0.1:8081/auth
                
RequestHeader set X-Forwarded-Proto https
                
RequestHeader set X-Forwarded-Port 443
                
...


                And in application.properties :



                server.servlet.context-path=/auth
                
server.use-forward-headers=true





                share|improve this answer













                Actually I found the solution, if it can help someone :



                Vhost must be :



                ProxyPreserveHost On
                
...
                
ProxyPass /auth https://127.0.0.1:8081/auth
                
ProxyPassReverse /auth https://127.0.0.1:8081/auth
                
RequestHeader set X-Forwarded-Proto https
                
RequestHeader set X-Forwarded-Port 443
                
...


                And in application.properties :



                server.servlet.context-path=/auth
                
server.use-forward-headers=true






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 19 at 23:53









                LempkinLempkin

                3961720




                3961720






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54266716%2fspring-boot-spring-security-behind-apache-reverse-proxy%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Homophylophilia

                    Image
                    Haec pagina ad tempus protecta est ob maleficia perpetua. Quaesemus, emendationes suggere in pagina disputationis vel magistratum ad hanc deprotegendam pete. Homophylophilia Hyacinthus complexus ab amante suo Apolline, in pictura Mors Hyacinthi quam Jean Broc pinxit. Homophylophilia est sui sexus vel generis amor vel mores romantici vel sexuales, res venerea masculina in masculos, aut mulier in mulieres appetentes. Hoc ingenium sexuale est "exemplar permanens vel inclinatio ad experiendam sexualem, adfectionalem, vel romanticam vim attrahendi," praecipue vel solum ex hominibus eiusdem sexús; notio "etiam ad hominis iudicium identitatis privatae socialisque in illis attractionibus conditum refert, in moribus quoque qui illos exprimant, et in societate communitatis aliorum qui illos communicent." [1] [2] Per aevos alii aliter rem definiverunt, sed Occidentali nostrae aetatis cultu civili non tantum ad ipsa acta erotica spectat, sed etiam igitur
                    Read more

                    Updating UILabel text programmatically using a function

                    Image
                    0 so I am trying to update the UIlabel text using a func. I have seen few other questions like mine and I tried their method but it doesn't work. fun returns no value when used in the UIlabel. I have shown my code below.It has to be noted that when I use the function in viewdidload I can retrieve the data. lazy var name: UILabel = { let lb = UILabel() lb.text? = getthename() lb.lineBreakMode = NSLineBreakMode.byWordWrapping lb.textColor = .mainGreen lb.textAlignment = .left lb.font = UIFont.boldSystemFont(ofSize:12.0) return lb }() func getthename() -> String { var wins : String = "" let ud = (Auth.auth().currentUser?.uid) self.ref = Database.database().reference() self.ref.child("Users").child(ud!).observeSingleEvent(of: .value, with: {(snapshot) in
                    Read more

                    Cloud Functions - OpenCV Videocapture Read method fails for larger files from cloud storage

                    Image
                    0 I created a cloud function to read a video file from cloud storage and read frames and create an image for each frame. This function works for small files which is 1-2 MB, However, this method fails while reading larger file 130 MB. import cv2 from google.cloud import storage vidcap = cv2.VideoCapture("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") if vidcap.isOpened(): vidcap.open("https://storage.googleapis.com/[bucker_name]/[filename.mp4]") success,image = vidcap.read() print(success) Expected the print will return true and an image will hold an image of a first frame. python-3.x function opencv cloud share | improve this question
                    Read more