0
Answered

Ajenti behind Apache 2.2 reverse proxy

AirOnSkin 10 years ago updated by Eugene Pankov (Project coordinator) 10 years ago 3
The documentation is not complete on how to configure Ajenti to run behind an Apache 2.2 reverse proxy.

The 'Ajenti behind Apache' KB entry only works for HTTPD 2.4 since HTTPD 2.2 has natively no mod_proxy_wstunnel.

The following - which I have put together from various support entries - works 90%:

SSLProxyEngine On
ProxyRequests Off
ProxyPass /ajenti https://localhost:8000
ProxyPassMatch ^/(ajenti.*)$ https://localhost:8000/$1
ProxyPassReverse /ajenti:static/ https://localhost:8000/ajenti:static/
ProxyPassReverse /ajenti:auth https://localhost:8000/ajenti:auth
ProxyPassReverse /ajenti https://localhost:8000

The problem with this configuration is, that after logging in and out, Ajenti issues a redirect to /

This was already mentioned here:
http://support.ajenti.org/topic/227663-ajenti-apac...
https://bugs.launchpad.net/ajenti/+bug/1249425

Thanks for looking into this.

Answer

Answer
Answered
Thank you for the input! I've simplified your config a bit, fixed the ProxyPassReverse directive, and now everything works, including the login redirects: http://support.ajenti.org/topic/472359-ajenti-behind-apache/
Answer
Answered
Thank you for the input! I've simplified your config a bit, fixed the ProxyPassReverse directive, and now everything works, including the login redirects: http://support.ajenti.org/topic/472359-ajenti-behind-apache/
Dear Eugene

First of all, I believe you got the greater than & smaller than signs confused in the support article: http://support.ajenti.org/topic/472359-ajenti-behi...
It should be: Apache <= 2.2 (since >= would also include 2.4)

Second, the proxy_wstunnel module is not available in Apache 2.2. It's still there in the article for Apache 2.2.

Third, I've never seen the use of RequestHeader set Origin in Apache 2.2.

Then, I'm afraid I can't confirm that the config works like that. I believe it would be correct like that (notice the small differences):

SSLProxyEngine On
ProxyRequests Off
ProxyPass /ajenti https://localhost:8000/
ProxyPassMatch ^/(ajenti:.*)$ https://localhost:8000/$1
ProxyPassReverse /ajenti /

I will further test the current config and get back to you if I find anything else.

Cheers
Actually I messed up the plugin list, not the versions. proxy_wstunnel should only be used with 2.4+.
I see that you use HTTPS between Apache and Ajenti, but that just doesn't make sense (unless Ajenti is also available directly from outside, which doesn't make sense as well with Apache). I would suggest to make Ajenti listen on 127.0.0.1:8000 instead, without SSL.