| Author |
|
alexsec
Joined: 09 Feb 2021
Posts: 3
Location: Serbia
|
 Posted: Tue 09 Feb '21 16:03 Post subject: Apache as reverse proxy for two janus webrtc servers |
 |
|
Dear Apache friends,
I have two apache servers running janus webrtc servers . I have forwarded ports 80, wss 8189, ws 8188, 8088, 8989 and 443 and they have two public domains with two public IPs and that is working.
Now as my company want to save public addresses se we want to use third apache server as reverse proxy.
I have forwarded all ports mention above to proxy server. I made proxy to listen on : 80, wss 8189, ws 8188, 8088, 8989 and 443.
I tried to create conf file with vhost for every port required but without luck
I also tried to use WS directive
<VirtualHost *:80>
ServerName janus.example.com
ServerAlias janus.example.com
ServerAdmin webmaster@example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost Off
#LogLevel debug
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* "ws://janus.example.com:8188/$1" [P,L]
ProxyPass / http://10.x.x.x:80/
ProxyPassReverse / http://10.x.x.x:80/
ProxyPassReverse / http://janus.example.com:80/
ProxyPass / ws://10.x.x.x:8188/
ProxyPassReverse / ws://10.x.x.x:8188/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
I also tried with 443 and wss 8189
I dont know what am I doing wrong. Also where should I install my certificates on proxy server or leave them on janus servers?[/img] |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 09 Feb '21 20:17 Post subject: |
|
|
| Code: | Order deny,allow
Allow from all |
Is no longer working.
it is this for 2.4
| Code: |
require all granted
|
As for the backend servers I assume there is the same application running on all of them? If yes see https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html
If you still have a question please ask again. |
|
| Back to top |
|
alexsec
Joined: 09 Feb 2021
Posts: 3
Location: Serbia
|
| Posted: Tue 09 Feb '21 20:56 Post subject: |
|
|
Sorry my bad, I forgot to write version. It is 2.4.41
For load balancing we have special script which contacts both janus servers and check how many participants are on both servers. Than it shows to user and user can create room on less equipped server |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 09 Feb '21 21:05 Post subject: |
|
|
| What I meant is that there should be only one of each ProxyPass and ProxyPassReverse in one vhost. |
|
| Back to top |
|
alexsec
Joined: 09 Feb 2021
Posts: 3
Location: Serbia
|
| Posted: Wed 10 Feb '21 17:00 Post subject: |
|
|
I managed to make ws working. But I now need to configure https apache reverse proxy which is also listening on 443 to forward 443 to web server running https.
I tried :
| Code: |
<VirtualHost *:443>
ServerName server1.example.com
ServerAlias j
ServerAdmin webmaster@example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#ProxyHTMLInterp On
# ProxyHTMLExtended On
# ProxyHTMLURLMap (.*)10.x.x.3x(.*) https://erver1.example.com$2 [Rin]
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
#LogLevel debug
SSLCertificateFile /etc/letsencrypt/live/server1.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/server1.example.com/privkey.pem
#Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPreserveHost on
ProxyRequests Off
#ProxyVia Off
ProxyPass / https://10.x.x.x/
ProxyPassReverse / https://10.x.x.x/
</VirtualHost>
|
|
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 348
Location: UK
|
| Posted: Wed 10 Feb '21 18:59 Post subject: |
|
|
Can you provide some more details into what's failing with this virtual host SSL proxy connection?
Until you've got it working, I'd definitely set the following:
| Code: | SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off |
Also turn up the proxy and ssl log levels to trace:
| Code: | | LogLevel warn proxy:trace6 ssl:trace6 |
Paste larger log entry clues (anonymized) to http://apaste.info and post the link here. |
|
| Back to top |
|
