Question posted in
Some documentation to get you started can be found here.

Apache Reverse Proxy Config?

can someone tell me what is wrong with my reverse proxy setup? I can successfully auth with ldap but I just get the Apache2 Default Page

I tried putting the ProxyPass and ProxyPassReverse setting into the Location block but I get the following error on starting Apache

ProxyPass|ProxyPassMatch can not have a path when defined in a
location

I was following the Arkime guide https://arkime.com/faq#how-do-i-proxy-arkime-using-apache

<VirtualHost *:443>
  ServerName test-arkime.domain.com
  SSLEngine on
  SSLCertificateFile "/opt/arkime/etc/test-arkime.crt"
  SSLCertificateKeyFile "/opt/arkime/etc/test-arkime.key"
  ProxyPass        /arkime/ http://localhost:8005/ retry=0
  ProxyPassReverse /arkime/ http://localhost:8005/
  RequestHeader set ARKIME_USER %{REMOTE_USER}e
 <Directory />
  Order allow,deny
  Allow from all
  AuthType Basic
  AuthName "Enter account credentials"
  Require valid-user
  AuthBasicProvider ldap
  AuthLDAPGroupAttribute member
  AuthLDAPSubGroupClass group
  AuthLDAPGroupAttributeIsDN On
  AuthLDAPURL ldap://ldap.domain.com:389/OU=USERS,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
  AuthLDAPBindDN [email protected]
  AuthLDAPBindPassword password123

  require ldap-group "CN=Users,OU=IT Users,OU=Security,OU=Groups,OU=CORP,DC=domain,DC=com"
 </Directory>
 ProxyPreserveHost On
</VirtualHost>

I just get the Apache2 Default Page

Apache2 Default Page

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Figured it out for the most part, I can now hit Arkime, I now just need to figure out why it's not recognising or maybe not passing the arkime_user through

    {"success":false,"text":"User not found"}

    <VirtualHost *:443>
  ServerName test-arkime.domain.com
  SSLEngine on
  SSLCertificateFile "/opt/arkime/etc/test-arkime.crt"
  SSLCertificateKeyFile "/opt/arkime/etc/test-arkime.key"
  # redirect from root to subdirectory
  RedirectMatch ^/$ /arkime/
<Location /arkime/>
  Order allow,deny
  Allow from all
  AuthType Basic
  AuthName "Enter account credentials"
  Require valid-user
  ProxyPass        "http://localhost:8005/" retry=0
  ProxyPassReverse "http://localhost:8005/"
  RequestHeader set ARKIME_USER %{REMOTE_USER}e
  ProxyPreserveHost On
  AuthBasicProvider ldap
  AuthLDAPGroupAttribute member
  AuthLDAPSubGroupClass group
  AuthLDAPGroupAttributeIsDN On
  AuthLDAPURL ldap://ldap.domain.com:389/OU=com,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)
  AuthLDAPBindDN [email protected]
  AuthLDAPBindPassword Password123
  require ldap-group "CN=Users,OU=IT Users,OU=Security,OU=Groups,OU=com,DC=domain,DC=com"
</Location>
</VirtualHost>

  2. 0

    I am trying to configure a reverse proxy for Arkime to use LDAP authentication: I configured the following in httpd.conf:

    <VirtualHost *:80>

<LocationMatch /arkime/>
  #reverse proxy config
  ProxyPass http://localhost:8005/ retry=0
  ProxyPassReverse http://localhost:8005/
  Order allow,deny
  Allow from all
  AuthType Basic
  AuthName "Enter account credentials"
  #ldap config
  AuthBasicProvider ldap
  AuthLDAPBindDN "cn=Manager,dc=pepito,dc=es"
  AuthLDAPBindPassword "password"
  AuthLDAPURL "ldap://x.x.x.x:389/DC=pepito,DC=es?uid?sub?(objectClass=*)"
  AuthLDAPBindAuthoritative On
  LDAPReferrals Off
  require ldap-group "ou=Users,dc=pepito,dc=es"
  #set info returned from LDAP
  RequestHeader set ARKIME_USER %{REMOTE_USER}e
 #RequestHeader set ARKIME_GROUP %{AUTHENTICATE_MEMBEROF}e
  Require valid-user

</LocationMatch>
  CustomLog /etc/httpd/logs/headers.log "%h %l %u %t "%r" %>s %b "%{ARKIME_USER}i""
 # CustomLog /etc/httpd/logs/arkime_user.log "%{ARKIME_USER}e"
  #CustomLog /etc/httpd/logs/remote_user.log "%{ARKIME_GROUP}e"

</VirtualHost>

    I can authenticate with ldap but then i got {"success":false,"text":"Missing authorization header"}

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search