starred/ambar
1
0
Fork 0
mirror of https://github.com/RD17/ambar.git synced 2026-04-25 23:45:50 +03:00
Code Issues 2 Projects Releases 3 Packages Wiki Activity

[GH-ISSUE #226] Can't run Ambar behind reverese proxy with SSL #220

New issue
Closed
opened 2026-02-27 15:55:42 +03:00 by kerem · 1 comment
kerem commented 2026-02-27 15:55:42 +03:00
Owner
Copy link

Originally created by @olegbliaher on GitHub (Apr 3, 2019).
Original GitHub issue: https://github.com/RD17/ambar/issues/226

Hi all, I'm trying to run Ambar behind a reverse proxy on the same machine, as I want all traffic and searches to be discreet. I do get the following error:

Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.

This is my docker-compose.yml

version: "2.1"
networks:
  internal_network:
services:
  db:
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-mongodb:latest
    environment:
      - cacheSizeGB=2
    volumes:
      - /opt/ambar/db:/data/db
    expose:
      - "27017"
  es:
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-es:latest
    expose:
      - "9200"
    environment:
      - cluster.name=ambar-es
      - ES_JAVA_OPTS=-Xms2g -Xmx2g
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    cap_add:
      - IPC_LOCK
    volumes:
      - /opt/ambar/es:/usr/share/elasticsearch/data
  rabbit:
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-rabbit:latest
    hostname: rabbit
    expose:
      - "15672"
      - "5672"
    volumes:
      - /opt/ambar/rabbit:/var/lib/rabbitmq
  redis:
    restart: always
    sysctls:
      - net.core.somaxconn=1024
    networks:
      - internal_network
    image: ambar/ambar-redis:latest
    expose:
      - "6379"
  serviceapi:
    depends_on:
      redis:
        condition: service_healthy
      rabbit:
        condition: service_healthy
      es:
        condition: service_healthy
      db:
        condition: service_healthy
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-serviceapi:latest
    expose:
      - "8081"
    environment:
      - mongoDbUrl=mongodb://db:27017/ambar_data
      - elasticSearchUrl=http://es:9200
      - redisHost=redis
      - redisPort=6379
      - rabbitHost=amqp://rabbit
      - langAnalyzer=ambar_en
  webapi:
    depends_on:
      serviceapi:
        condition: service_healthy
    restart: always
    networks:
      - internal_network
    image: ambar/ambar-webapi:latest
    expose:
      - "8080"
    ports:
      - "8080:8080"
    environment:
      - uiLang=en
      - mongoDbUrl=mongodb://db:27017/ambar_data
      - elasticSearchUrl=http://es:9200
      - redisHost=redis
      - redisPort=6379
      - serviceApiUrl=http://serviceapi:8081
      - rabbitHost=amqp://rabbit
  frontend:
    depends_on:
      webapi:
        condition: service_healthy
    image: ambar/ambar-frontend:latest
    restart: always
    networks:
      - internal_network
    ports:
      - "1000:80"
    expose:
      - "1000"
    environment:
      - api=http://192.168.123.123:8080
  pipeline0:
    depends_on:
      serviceapi:
        condition: service_healthy
    image: ambar/ambar-pipeline:latest
    restart: always
    networks:
      - internal_network
    environment:
      - id=0
      - apiUrl=http://serviceapi:8081
      - rabbit_host=amqp://rabbit
  documentation:
    depends_on:
      serviceapi:
        condition: service_healthy
    image: ambar/ambar-local-crawler
    restart: always
    networks:
      - internal_network
    expose:
      - "8082"
    environment:
      - name=documentation
      - ignoreExtensions=.{exe,dll,rar,s,so}
      - apiUrl=http://serviceapi:8081
    volumes:
      - /media/Documentation:/usr/data

My Apache config:

LoadModule ssl_module modules/mod_ssl.so


<VirtualHost *:443>
    ServerName ambar.internal

    ProxyPreserveHost On
    ProxyPass / http://ambar.internal:1000/
    ProxyPassReverse / http://ambar.internal:1000/

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/ambar.crt
    SSLCertificateKeyFile /etc/ssl/private/ambar.pem
</VirtualHost>

I can also add that I tried modifying frontend's Nginx conf, that didn't help either.

Ambar only says try to reload the page, and docker logs show that Redis thinks someone is attacking the service.

Originally created by @olegbliaher on GitHub (Apr 3, 2019). Original GitHub issue: https://github.com/RD17/ambar/issues/226 Hi all, I'm trying to run Ambar behind a reverse proxy on the same machine, as I want all traffic and searches to be discreet. I do get the following error: `Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.` This is my docker-compose.yml ``` version: "2.1" networks: internal_network: services: db: restart: always networks: - internal_network image: ambar/ambar-mongodb:latest environment: - cacheSizeGB=2 volumes: - /opt/ambar/db:/data/db expose: - "27017" es: restart: always networks: - internal_network image: ambar/ambar-es:latest expose: - "9200" environment: - cluster.name=ambar-es - ES_JAVA_OPTS=-Xms2g -Xmx2g ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 cap_add: - IPC_LOCK volumes: - /opt/ambar/es:/usr/share/elasticsearch/data rabbit: restart: always networks: - internal_network image: ambar/ambar-rabbit:latest hostname: rabbit expose: - "15672" - "5672" volumes: - /opt/ambar/rabbit:/var/lib/rabbitmq redis: restart: always sysctls: - net.core.somaxconn=1024 networks: - internal_network image: ambar/ambar-redis:latest expose: - "6379" serviceapi: depends_on: redis: condition: service_healthy rabbit: condition: service_healthy es: condition: service_healthy db: condition: service_healthy restart: always networks: - internal_network image: ambar/ambar-serviceapi:latest expose: - "8081" environment: - mongoDbUrl=mongodb://db:27017/ambar_data - elasticSearchUrl=http://es:9200 - redisHost=redis - redisPort=6379 - rabbitHost=amqp://rabbit - langAnalyzer=ambar_en webapi: depends_on: serviceapi: condition: service_healthy restart: always networks: - internal_network image: ambar/ambar-webapi:latest expose: - "8080" ports: - "8080:8080" environment: - uiLang=en - mongoDbUrl=mongodb://db:27017/ambar_data - elasticSearchUrl=http://es:9200 - redisHost=redis - redisPort=6379 - serviceApiUrl=http://serviceapi:8081 - rabbitHost=amqp://rabbit frontend: depends_on: webapi: condition: service_healthy image: ambar/ambar-frontend:latest restart: always networks: - internal_network ports: - "1000:80" expose: - "1000" environment: - api=http://192.168.123.123:8080 pipeline0: depends_on: serviceapi: condition: service_healthy image: ambar/ambar-pipeline:latest restart: always networks: - internal_network environment: - id=0 - apiUrl=http://serviceapi:8081 - rabbit_host=amqp://rabbit documentation: depends_on: serviceapi: condition: service_healthy image: ambar/ambar-local-crawler restart: always networks: - internal_network expose: - "8082" environment: - name=documentation - ignoreExtensions=.{exe,dll,rar,s,so} - apiUrl=http://serviceapi:8081 volumes: - /media/Documentation:/usr/data ``` My Apache config: ``` LoadModule ssl_module modules/mod_ssl.so <VirtualHost *:443> ServerName ambar.internal ProxyPreserveHost On ProxyPass / http://ambar.internal:1000/ ProxyPassReverse / http://ambar.internal:1000/ SSLEngine on SSLCertificateFile /etc/ssl/certs/ambar.crt SSLCertificateKeyFile /etc/ssl/private/ambar.pem </VirtualHost> ``` I can also add that I tried modifying frontend's Nginx conf, that didn't help either. Ambar only says `try to reload the page`, and docker logs show that Redis thinks someone is attacking the service.
kerem 2026-02-27 15:55:42 +03:00
  • closed this issue
  • added the
    wontfix
         label
kerem commented 2026-02-27 15:55:42 +03:00
Author
Owner
Copy link

@stale[bot] commented on GitHub (Apr 18, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

<!-- gh-comment-id:484537976 --> @stale[bot] commented on GitHub (Apr 18, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v2.1.18
v2.1.8
v2.0.0rc
Labels
Clear labels   
$$ Paid Support

   
bug

   
bug

   
enhancement

   
help wanted

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
wontfix
No labels
$$ Paid Support
bug
bug
enhancement
help wanted
invalid
pull-request
question
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ambar#220
No description provided.