How to setup web proxy in Mountain Lion Server

Hi, what is the nature of the corruption you are seeing?

I think that "webappctl" has been deprecated. Shame on you Apple, where is the documentation? Use of this command breaks apache on Mountain Lion Server. You don't need to use it. Correct formatting of the webapp plist file enables you to associate it with a website using the server configuation tool. See example below, the bold lines are the ones (I think) make the option show up in the server app console.

Through a process of elimination I have successfully implemented a webapp plist to support Atlassian JIRA on my Mountain Lion Server. The act of refreshing the server app view on the web server pane (by looking at a different pane and then returning to the web pane) causes the web server configuration files to be processed, including the plist files stored in the /Library/Server/Web/Config/apache2/webapps directory.

Here's my com.mydomain.jira.plist file:

<?xml version="1.0" encoding="UTF-7"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>name</key>

<string>com.mydomain.jira</string>

<key>displayName</key>

<string>Jira</string>

<key>launchKeys</key>

<array>

<string>com.mydomain.jira</string>

</array>

<key>proxies</key>

<dict/>

<key>installationIndicatorFilePath</key>

<string>/Applications/atlassian-jira-5.1.3-standalone/conf/server.xml</string>

<key>includeFiles</key>

<array>

<string>/Library/Server/Web/Config/apache2/jira_mydomain_com.conf</string>

</array>

<key>requiredModuleNames</key>

<array>

<string>proxy_module</string>

</array>

</dict>

</plist>

Supported by the jira_mydomain_com.conf apache include file:

<IfModule mod_proxy.c>

ProxyPass / http://localhost:8080/

ProxyPassReverse / http://localhost:8080/

ProxyPreserveHost On

ProxyRequests Off

</IfModule>

Yes, I haven't figured out how to get the webapp to use mod_proxy (from within the plist file). Every time I try it breaks apache and, to be frank, I'm not going to waste any more time figuring it out...

My observation of the system behavior is that it processes the plist files and the slightest error causes the apache configuration to become corrupt. Make changes with caution. If your system console starts spewing apache termination and throttling messages the best course of action is to move all custom files out of the webapps directory as until you do so the system will keep processing them and corrupting the apache configuration.

We have multiple webservers to provide different services to staff. I just wanted to set up a basic reverse proxy just like Snow Leopard Server. No funky ports, but different URL's to forward to the different servers. I'm not a big apache2 guru, but I followed this: http://ubuntuguide.org/wiki/Apache2_reverse_proxies

Here's what I did following documentation in apache2....

I wasn't interested in different ports (although you could modify it as such in the GUI)

I created the initial website in the Server app bobo.myaddress.com... left everything basic

Domain Name: bobo.myaddress.com

IP address: any Port:80

SSL Certificate: none

Store Site files in (doesn't matter - you're going to edit this out)

who can access: anyone

** Note - leave the rest unless you want to add additional domains.

Click Done.

Now time to get a little dirty in Termial......

Navigate to the directory /Library/Server/Web/Config/apache2/sites/ and you'll see a bunch of files like 0000_any_80_.conf. Find the one you created with your recent Server app entry. Mine would look like this:

0000_any_80_bobo.myaddress.com.conf

Edit the file with your favorite editor (like VI or emacs) so it looks like this:: Note - items in bold were added.

<VirtualHost *:80>

ServerName bobo.myaddress.com

ServerAdmin admin@example.com

DocumentRoot "/Library/Server/Web/Data/Sites/bobo.myaddress.com"

DirectoryIndex index.html index.php /wiki/ default.html

CustomLog /var/log/apache2/access_log combinedvhost

ErrorLog /var/log/apache2/error_log

ProxyPreserveHost On

ProxyRequests off

ProxyPass / http://192.168.50.1/

ProxyPassReverse / http://192.168.50.1/

# <IfModule mod_ssl.c>

# SSLEngine Off

# SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"

# SSLProtocol -ALL +SSLv3 +TLSv1

# SSLProxyEngine On

# SSLProxyProtocol -ALL +SSLv3 +TLSv1

# </IfModule>

# <Directory "/Library/Server/Web/Data/Sites/bobo.myaddress.com">

# Options All -Indexes -ExecCGI -Includes +MultiViews

# AllowOverride None

# <IfModule mod_dav.c>

# DAV Off

# </IfModule>

# <IfDefine !WEBSERVICE_ON>

# Deny from all

# ErrorDocument 403 /customerror/websitesoff403.html

# </IfDefine>

# </Directory>

</VirtualHost>

If you want a server alias to also redirect to the same server (a second URL to redirect to the same server) after </Directory> enter:

ServerAlias nugget.myaddress.com

Please note that I put in the ip address of the server that I am directing the URL traffic to. The / after the ip address is critical on both entries.

Also note that I commented out the SSL section (not going to use it on port 80) and I commented out the Directory and Webdav part.

I tried doing multiple entries through the Server App for the different servers, but each time it wants to overwrite the previous entry. Solution: Once I finished with my 0000_any_80_bobo.myaddress.com.conf file, I made a copy in terminal of the file for my next server: bigdaddy with sudo cp 000_any_80_bobo.myaddress.com.conf 000_any_80_bigdaddy.myaddress.com.conf . I then went back and edited the bigdaddy file for the next server and so on. Once finished, I restarted the Webserver (via Server app) or apachectl -k graceful. If you get an error restarting Webserver, check your file to make sure you didn't leave anything out.

This work great for me. Hope this helps🙂

This absolutely solved my problem...with some modifications:

I wanted to proxy to a Gollum wiki on the server. Gollum runs by default of port 4567 so I just added the port to the proxy statement and of course tailored it to my IP and domain name.

The quirks are however that with Server 3.0 XCode got in on the job and didn't like this solution and complained in the terminal about the lack of the SSL statement. So I uncommented the SSL statement and then XCode informed me it had moved the relevant sites file aside. When I went to have a look it _had_ moved it aside and written a new one, however the new proxy statement is retained. This new form works!!

My question is how do I password protect Gollum though? Even though I've limited access in the website entry and that is not commented out, password is not required to access the site.

Any suggestions about how to make the site password protected would be gratefully received.

newtron45 wrote:

We have multiple webservers to provide different services to staff. I just wanted to set up a basic reverse proxy just like Snow Leopard Server. No funky ports, but different URL's to forward to the different servers. I'm not a big apache2 guru, but I followed this: http://ubuntuguide.org/wiki/Apache2_reverse_proxies

Here's what I did following documentation in apache2....

I wasn't interested in different ports (although you could modify it as such in the GUI)

I created the initial website in the Server app bobo.myaddress.com... left everything basic

Domain Name: bobo.myaddress.com

IP address: any Port:80

SSL Certificate: none

Store Site files in (doesn't matter - you're going to edit this out)

who can access: anyone

** Note - leave the rest unless you want to add additional domains.

Click Done.

Now time to get a little dirty in Termial......

Navigate to the directory /Library/Server/Web/Config/apache2/sites/ and you'll see a bunch of files like 0000_any_80_.conf. Find the one you created with your recent Server app entry. Mine would look like this:

0000_any_80_bobo.myaddress.com.conf

Edit the file with your favorite editor (like VI or emacs) so it looks like this:: Note - items in bold were added.

<VirtualHost *:80>

ServerName bobo.myaddress.com

ServerAdmin admin@example.com

DocumentRoot "/Library/Server/Web/Data/Sites/bobo.myaddress.com"

DirectoryIndex index.html index.php /wiki/ default.html

CustomLog /var/log/apache2/access_log combinedvhost

ErrorLog /var/log/apache2/error_log

ProxyPreserveHost On

ProxyRequests off

ProxyPass / http://192.168.50.1/

ProxyPassReverse / http://192.168.50.1/

# <IfModule mod_ssl.c>

# SSLEngine Off

# SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"

# SSLProtocol -ALL +SSLv3 +TLSv1

# SSLProxyEngine On

# SSLProxyProtocol -ALL +SSLv3 +TLSv1

# </IfModule>

# <Directory "/Library/Server/Web/Data/Sites/bobo.myaddress.com">

# Options All -Indexes -ExecCGI -Includes +MultiViews

# AllowOverride None

# <IfModule mod_dav.c>

# DAV Off

# </IfModule>

# <IfDefine !WEBSERVICE_ON>

# Deny from all

# ErrorDocument 403 /customerror/websitesoff403.html

# </IfDefine>

# </Directory>

</VirtualHost>

If you want a server alias to also redirect to the same server (a second URL to redirect to the same server) after </Directory> enter:

ServerAlias nugget.myaddress.com

Please note that I put in the ip address of the server that I am directing the URL traffic to. The / after the ip address is critical on both entries.

Also note that I commented out the SSL section (not going to use it on port 80) and I commented out the Directory and Webdav part.

I tried doing multiple entries through the Server App for the different servers, but each time it wants to overwrite the previous entry. Solution: Once I finished with my 0000_any_80_bobo.myaddress.com.conf file, I made a copy in terminal of the file for my next server: bigdaddy with sudo cp 000_any_80_bobo.myaddress.com.conf 000_any_80_bigdaddy.myaddress.com.conf . I then went back and edited the bigdaddy file for the next server and so on. Once finished, I restarted the Webserver (via Server app) or apachectl -k graceful. If you get an error restarting Webserver, check your file to make sure you didn't leave anything out.

This work great for me. Hope this helps🙂

Hello, I know this was ages ago for you but I'm trying to setup a tomcat instance and I'm curious about your configuration.

Specifically:

Si Cruse wrote:

Here's my com.mydomain.jira.plist file:

<key>launchKeys</key>

<array>

<string>com.mydomain.jira</string>

</array>

I see that you've specified a launchKey. From the sample webapp plist a comment reads "Launchd plists in /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons are loaded when webapp is started" which I interpret to mean if you specify a key here webappctl will attempt to load the launchd config specified by the key from a file located in the /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons directory.

For example, in your case, I would expect there to be a file:

/Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.mydomain.jira.plist

which, upon starting your webapp, webappctl would do the equivalent of:

launchctl load /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.mydomain.jira.plist

and similarly on a stop command would do the equivalent of:

launchctl unload /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.mydomain.jira.plist

However, in my personal experience, when I use webappctl to start my service, I do not see my process, which is managed by the launchd plist, startup.

I'm wondering what your com.mydomain.jira.plist looks like, where it is located, and if indeed it gets interpreted by launchd as I've indicated?

Many thanks.

Levi