Call of HTTP layer for my HTTPS website

I installed my HTTPS certficate on my website.
I'm using Geoserver on my port 8080 with Tomcat.

My website: https://dmhlao.la/joomla/index.php

My geoserver portal: http://dmhlao.la:8080/geoserver/web/

I'm calling HTTP Geoserver layer on my website but there are blocked because of Mix-Content:

featureloader.js:123 Mixed Content: The page at 'https://dmhlao.la/joomla/index.php/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://dmhlao.la:8080/geoserver/WebPortal/ows?service=WFS&version=1.0.0&request=GetFeature&typeName=WebPortal%3AAlert_province_boundary&maxFeatures=50&outputFormat=application%2Fjson'. This request has been blocked; the content must be served over HTTPS.

How can I cover my geoserver web portal under my HTTPS certificate ?

Personally I wouldn't use Geoserver on port 8080 directly. I'd rather have a reverse proxy on your Apache webserver which is serving HTTP on port 80 and HTTPS on port 443 to redirect e.g. requests for https://dmhlao.la/geoserver/ to internal server port 8080, e.g. http://127.0.0.1:8080/geoserver/ or the actual internal IP address if it's not running on the same machine.

That way you can use the HTTPS certificate from Apache and don't need to have port 8080 exposed to the global internet.

You can learn more about reverse proxies on Apache (an introduction) here: Reverse Proxy Guide - Apache HTTP Server Version 2.4

6 Likes

Thank you for you reply @Osiris.

I had a proxy on my apache configuration, and restart it but there is no changement.

My file /etc/apache2/sites-available/000-default.conf:

<VirtualHost *:80>
ServerName dmhlao.la
ServerAlias www.dmhlao.la

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

ProxyPreserveHost On
ProxyPass "/geoserver" "http://127.0.0.1:8080/geoserver"
ProxyPassReverse "/geoserver"  "http://127.0.0.1:8080/geoserver"

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.dmhlao.la [OR]
RewriteCond %{SERVER_NAME} =dmhlao.la
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

My geoserver is still available on http://dmhlao.la:8080/geoserver/web/ but not on https://dmhlao.la/geoserver/web/. What can be the reason ?

Edit: I try to modify my Let's Encrypt configuration file: /etc/apache2/sites-available/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName dmhlao.la
ServerAlias www.dmhlao.la

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

ProxyPreserveHost On
ProxyPass "/geoserver/web/" "http://127.0.0.1:8080/geoserver/web/"
ProxyPassReverse "/geoserver/web/"  "http://127.0.0.1:8080/geoserver/web/"
... file keys 
</VirtualHost>
</IfModule>

When I reach the https://dmhlao.la/geoserver/web/, I have an error:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4.41 (Ubuntu) Server at dmhlao.la Port 443

I don't have much experience with reverse proxies myself, but your Apache error logs should provide more info about it.

5 Likes

Can the server reach?:

Please show:
netstat -pant | grep -i listen | grep 8080

6 Likes

The command netstat -pant | grep -i listen | grep 8080 gives that output:

(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 :::8080 :::* LISTEN -

My error log of apache give me that output:

[Sat Jan 07 00:00:21.977837 2023] [mpm_prefork:notice] [pid 1649685] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Sat Jan 07 00:00:21.977871 2023] [core:notice] [pid 1649685] AH00094: Command line: '/usr/sbin/apache2'
[Sat Jan 07 03:46:56.542688 2023] [proxy:warn] [pid 1670706] [client 5.255.253.150:42342] AH01144: No protocol handler was valid for the URL /geoserver/web/ (scheme 'http'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sat Jan 07 07:50:58.970898 2023] [php7:error] [pid 1670825] [client 35.216.248.122:46722] script '/var/www/html/info.php' not found or unable to stat
[Sat Jan 07 07:51:00.657713 2023] [authz_core:error] [pid 1670704] [client 35.216.248.122:46750] AH01630: client denied by server configuration: /var/www/html/server-status

I guess it's that error that is important: No protocol handler was valid for the URL /geoserver/web/ (scheme 'http'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

Solution: I need to activate module:
This command solve my problem: sudo a2enmod proxy proxy_http proxy_ajp

As proxy and proxy_http was already activated, I guess it's the module proxy_ajp who was not activated and needed :slight_smile:

Thank for the help

2 Likes

Hmm, looking at mod_proxy_ajp - Apache HTTP Server Version 2.4 it's a very specific module, not sure how that would fit in a http:// protocol reverse proxy? But at least it's fixed now :stuck_out_tongue:

6 Likes

I spoke too fast :frowning:

Only the home page /geoserver/web works.
If I want to log in or to preview layer, it's not working ... I have "The requested URL was not found on this server."

If I try to log in, it's go to '/geoserver/j_spring_security_check'

That is just a problem with the setup of your geoserver application. Best to ask about that on a geoserver forum

One thing I see is your proxy is for the path /geoserver/web/ but when signing in the URL that is not found is https://dmhlao.la/geoserver/j_spring_security_check

Note it just has geoserver and not geoserver/web/

If I manually change the URL to include the /web/ I still get a 404 but the error message says Tomcat.

In any event, it looks like you have work to do to setup geoserver properly

5 Likes

Should probably be:

ProxyPass "/geoserver/"

6 Likes

yes thank you @MikeMcQ and @rg305 for your help :slight_smile:

I had as well in my web.xml of my geoserver folder:

> <context-param>
> <param-name>PROXY_BASE_URL</param-name>
> <param-value>https://domainname/geoserver</param-value>
> </context-param>
4 Likes