(from github.com/mprzytulski)
It is possible to setup fess behind a reverse proxy so it can be virtually placed under a subdirectory of the main domain, like: http://example.com/search ?
I’m able to setup it under / path but if I configure reverse proxy to use /search I’ll get redirects from /search/admin/ to /admin/dashboard
(from github.com/marevol)
It depends on a reverse proxy setting.
Fess works with a reverse proxy.
ProxyPassReverse directive is needed if using apache.
(from github.com/micakovic)
For Fess behind HAProxy, whereby both Tomcat (Fess) and HAProxy sit on the same host,
you could try this.
Edit the HAProxy config file which usually sits here /etc/haproxy/haproxy.conf like so,
preserving other settings that come out of the box with it:
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
frontend fess
bind *:80
bind *:443 ssl crt /etc/ssl/certs/haproxy/your_combined_certificate.pem
redirect scheme https code 301 if !{ ssl_fc }
mode http
timeout http-request 5s # Slowloris protection
rspirep ^(set-cookie:.*) \1;\ Secure
# HSTS (15768000 seconds = 6 months)
http-response set-header Strict-Transport-Security max-age=15768000;\ preload;
default_backend fess
backend fess
mode http
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
# CORS clients
acl cors_allowed src 10.10.10.10 # IP address of your web application server
rspadd Access-Control-Allow-Origin:\ * if cors_allowed
balance roundrobin
server static 127.0.0.1:8080 check
If Tomcat (Fess) sits on another machine, replace the server ip address in the backend
configuration with that IP. For example:
backend fess
...
server static 10.10.10.20:8080 check
This server must permit tcp/80 from your HAProxy IP address. Tomcat must be started to
listen on 10.10.10.20 in this case. Its default behaviour is to listen on 127.0.0.1 if
I am not mistaken.
The CORS clients directive allows you to query Fess programatically from a particular
IP address if you utilise JSON calls and JS APIs.
If Tomcat (Fess) and HAProxy sit on the same machine, permit only tcp/80 and tcp/443
to that machine.
If Tomcat (Fess) sits on another machine in LAN, a different one from the one where
HAProxy sits, on the one where you have Tomcat (Fess) permit tcp/8080 only from the
HAProxy machine.
(from github.com/micakovic)
For Tomcat (Fess) sitting behind nginx, try these.
10.10.10.20 is the IP address of the machine where Tomcat (Fess) runs. Allow your reverse proxy IP address to this machine on tcp/8080, and make sure that Tomcat starts on IP 10.10.10.20, then to serve a subdirectory do:
location ~ ^/fess/(.*)$ {
rewrite ^/fess/(.*)$ /$1 break;
proxy_pass http://10.10.10.20:8080/$1$is_args$args;
}
In this example, requests would go to https://exapmle.com/fess/json?q=…
nginx should accept tcp/80, tcp/443, and do 301 redirects from http to https.
(from marevol (Shinsuke Sugaya) · GitHub)
proxy_pass https://10.10.10.20/$1$is_args$args;
Are the protocol and port correct?