Re: Interesting Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Igor Cicimov" <icicimov@xxxxxxxxx>
To: "users" <users@xxxxxxxxxxxxxxxx>
Sent: Monday, November 26, 2012 5:49:19 PM
Subject: Re: Interesting Problem



On Tue, Nov 27, 2012 at 6:03 AM, Chris Arnold <carnold@xxxxxxxxxxxxxxxxxxx> wrote:
<VirtualHost *:443>
    #This will be the default vhost because the name starts with 000

    #  General setup for the virtual host
    DocumentRoot "/srv/www/htdocs"
    ServerName domain.net:443
    ServerAlias www.domain.net:443
    
    #ServerAdmin webmaster@xxxxxxxxxxx
    ErrorLog /var/log/apache2/error_log
    TransferLog /var/log/apache2/access_log

    SSLProxyEngine On
    ProxyPass /ifolder https://192.168.123.4/ifolder
    ProxyPassReverse /ifolder https://192.168.123.4/ifolder
    ProxyPass /admin https://192.168.123.4/admin
    ProxyPassReverse /admin https://192.168.123.4/admin
    ProxyPass /nps https://192.168.123.4/nps
    ProxyPassReverse /nps https://192.168.123.4/nps
-->ProxyPass / https://192.168.124.3/
-->ProxyPassReverse / https://192.168.124.3/
    <Proxy *>
        Order allow,deny
        Allow from all
    </Proxy>

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

>So you have put the proxy for https://mail.domain.com inside domain.net virtual host. You realize they are different domains right?
>You need to set a separate vhost for that subdomain mail.domain.com and put the Proxy there. Or you can set a _default_ vhost as I >mentioned before. Default one is the one that is defined first in the list of vhosts no matter if its name starts with 000 or not.

># Catch all VHost, traffic that is NOT going to domain.net
><VirtualHost _default_:443>
 >   ServerName localhost_name.domain.net

>-->ProxyPass / https://192.168.124.3/
->->ProxyPassReverse / https://192.168.124.3/
  >  <Proxy *>
   >     Order allow,deny
 >       Allow from all
  >  </Proxy>
>.# SSL stuff here
.
.

></VirtualHost >

This works fine but proxies all 192.168.124.3 traffic which is not the expected result. The expected result is to proxy only https://mail.domain.com traffic.

><VirtualHost *:443>
 >   DocumentRoot "/srv/www/htdocs"
  >  ServerName domain.net
   > ServerAlias www.domain.net
   >
    >#ServerAdmin webmaster@xxxxxxxxxxx
    >ErrorLog /var/log/apache2/error_log
    >TransferLog /var/log/apache2/access_log>
>
  >  SSLProxyEngine On
   > ProxyPass /ifolder https://192.168.123.4/ifolder
    >ProxyPassReverse /ifolder https://192.168.123.4/ifolder
    >ProxyPass /admin https://192.168.123.4/admin
    >ProxyPassReverse /admin https://192.168.123.4/admin
    >ProxyPass /nps https://192.168.123.4/nps
    >ProxyPassReverse /nps https://192.168.123.4/nps
    ><Proxy *>
     >   Order allow,deny
      >  Allow from all
    ></Proxy>
>
 >   #   SSL Engine Switch:
  >  #   Enable/Disable SSL for this virtual host.
   > SSLEngine on
></VirtualHost>

>>Another solution would be to use mod_rewrite instead and keep the one VHost you have as default one. You might put something >>like this then:

><VirtualHost *:443>
 >   DocumentRoot "/srv/www/htdocs"
  >  ServerName domain.net
   > ServerAlias www.domain.net
   >
    >#ServerAdmin webmaster@xxxxxxxxxxx
    >ErrorLog /var/log/apache2/error_log
    >TransferLog /var/log/apache2/access_log
>
># Catch the mail.domain.com traffic and Proxy to 192.168.123.4
>RewriteEngine On
>RewriteCond %{HTTP_HOST} ^(www\.)?mail\.domain\.com [NC]
>RewriteRule .* https://192.168.124.3/ [P,L]
>
   > SSLProxyEngine On
    >ProxyPass /ifolder https://192.168.123.4/ifolder
    >ProxyPassReverse /ifolder https://192.168.123.4/ifolder
   > ProxyPass /admin https://192.168.123.4/admin
   > ProxyPassReverse /admin https://192.168.123.4/admin
    >>ProxyPass /nps https://192.168.123.4/nps
   > ProxyPassReverse /nps https://192.168.123.4/nps
    ><Proxy *>
        >Order allow,deny
        >Allow from all
    ></Proxy>
></VirtualHost>

This one does not appear to work. When i access https://mail.domain.net, i get access is forbidden.

I am pounding my head against the wall with this...
We've got a mail server, 192.168.124.3, that runs on port 443. Our web server, 192.168.123.3, uses port 443 for web services. We have 1 (real) public ip address and our firewall/router points ports (443 is my concern now) to the web server. So, when customers type their webmail address, https://mail.theirdomain.tld, that points to our public ip and the firewall directs that port 443 connection to the web server, 192.168.123.3. I need the web server, using apache, to deliver content from the mail server, 192.168.124.3. Can apache does this and am i trying the right things (like those suggested, proxy and rewrite)? Again, the goal is to have apache proxy/rewrite https://mail.domain.tld traffic only, not all (/) traffic
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux