I have got some google cloud run service endpoints that are secured by HTTPS. I want to set up my apache webserver to reverse proxy into the services so that people using my defined URL get back the service response. I have tried to use mod_proxy and mod_rewrite to proxy the service endpoint but it gives me 500 internal server error. How can it be done? Worst case please share an nginx solution for this. Config I tried:
<VirtualHost *:80>
ServerName hello.world.com
ServerAlias hello.world.com
RewriteEngine On
RewriteRule ^ https://helloworld-zxtb3wfs2a-de.a.run.app [P]
</VirtualHost>
BTW the endpoint is a website and not just a simple JSON response. Though even JSON responses are not working for me either.
While rewriting the query back to the Cloud Run endpoint (*.run.app), you need to make sure you update Host
header to match to that.run.app domain name as well. Otherwise, Cloud Run's frontend IP won't know where to send that.
Check this question this question on how to do this with mod_rewrite, and make sure you use ProxyPreserveHost Off
.
Also since you're getting HTTP 500, make sure you check the application logs to see if there's something wrong with how the app handles this request.
I assume that you have already deployed your cloud run service with --ingress internal option, so that no one can access Cloud Run without the reverse proxy.
Follow the below steps to create a reverse proxy in front of the cloud run service. You can skip Steps 2 - 5 if you are not installing self-signed SSL and you have your own SSL configured
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo apache2ctl configtest
sudo systemctl restart apache2
<VirtualHost *:80>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyPass / https://CLOUD-RUN-URL-as.a.run.app/
ProxyPassReverse / https:///CLOUD-RUN-URL-as.a.run.app/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLProxyEngine On
ProxyPass / https://CLOUD-RUN-URL-as.a.run.app/
ProxyPassReverse / https://CLOUD-RUN-URL-as.a.run.app/
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod ssl
sudo apache2ctl configtest
sudo systemctl restart apache2
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.