Vincent,
You say your configuration does not work, but you do not specify WHAT does not work.
>From your configuration I understand you are trying to use the front-end Apache as a combined proxy and reverse proxy.
Try setting the LogLevel to debug. The output to your error log file may give you a clue.
Otherwise the article http://www.apacheweek.com/features/reverseproxies is a good source of information.
-ascs
-----Message d'origine-----
De : Vincent Blondel [mailto:vincent@xxxxxxxxxxxx]
Envoyé : mardi 15 mars 2005 11:30
À : users@xxxxxxxxxxxxxxxx
Objet : [users@httpd] reverse proxy configuration.
Hi all,
We recently decided to set up a dmz in our infrastructure and I have chosen to use openbsd 3.6 with built in apache 1.3.29 ( compiled and hardened by the OpenBSD team ) with mod_proxy / mod_security and mod_rewrite.
So before setting up all this in a real life world, I currently spend my time to let this configuration work in our developement lan.
So let's immagine I get next infrastructure :
reverse proxy real internal web server
rproxy1.example.net -----> iweb1.example.net ( example.org )
192.168.1.25:80 192.168.1.19:80
So, as you can see it, we just would like to forward all internet incoming traffic ( port 80 ) from our external web server ( rproxy1.example.net ) to our internal web server ( iweb1.example.net ).
iweb1.example.net hosts example.net and example.org ( configured by VirtualHost ). iweb1 runs with FreeBSD 4.10 and apache 1.3.33. A last detail, we do not use any firewall in this configuration. This is just to make the configuration more easy.
So I am trying a configuration but it doesn't work. Please find below the configuration
### Begin httpd.conf ########################################
# $Id$
#
### Section 1: Global Environment
ServerType standalone
# Do NOT add a slash at the end of the directory path.
ServerRoot "/var/www"
#LockFile logs/accept.lock
PidFile logs/httpd.pid
ScoreBoardFile logs/apache_runtime_status
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
BindAddress rproxy1
# Dynamic Shared Object (DSO) Support
# Note: The order is which modules are loaded is important. Don't change # the order below without expert advice.
LoadModule proxy_module /usr/lib/apache/modules/libproxy.so
#ExtendedStatus On
### Section 2: 'Main' server configuration Port 80
## SSL Support
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
# If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch.
User www
Group www
ServerAdmin webmaster@xxxxxxxxxxx
ServerName rproxy1.example.net
DocumentRoot "/var/www/htdocs"
# First, we configure the "default" to be a very restrictive set of # permissions.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#CacheNegotiatedDocs
UseCanonicalName On
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User- Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent
#CustomLog logs/access_log common
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
CustomLog logs/access_log combined
ServerSignature Off
###
# Proxy Server directives. Uncomment the following lines to # enable the proxy server:
#
<IfModule mod_proxy.c>
ProxyRequests On
<Directory proxy:*>
Order deny,allow
Deny from all
# Allow from .your_domain.com
</Directory>
<Directory proxy:http://www.example.net/>
Order deny,allow
Allow from all
</Directory>
<Directory proxy:http://www.example.org/>
Order deny,allow
Allow from all
</Directory>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing
Via:headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
#
# To enable the cache as well, edit and uncomment the following lines:
# (no cacheing without CacheRoot)
#
#CacheRoot "/var/www/proxy/cache"
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a_domain.com another_domain.edu joes.garage_sale.com </IfModule> # End of proxy directives.
###
# IndexIgnore is a set of filenames which directory indexing should ignore # and not include in the listing. Shell-style wildcarding is permitted.
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t #
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress # information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing # to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress Z
AddEncoding x-gzip gz
#
# Customizable error response (Apache style) # these come in three flavors # # 1) plain text #ErrorDocument 500 "The server made a boo boo.
# n.b. the (") marks it as text, it does not get output # # 2) local redirects #ErrorDocument 404 /missing.html # to redirect to local URL /missing.html #ErrorDocument 404 /cgi-bin/missing_handler.pl # N.B.: You can redirect to a script or a document using server-sideincludes.
#
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
# N.B.: Many of the environment variables associated with the original # request will *not* be available to such a script.
# Built-in Broken Browser Tweaks
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0
### Section 3: Virtual Hosts
# If you want to use name-based virtual hosts you need to define at # least one IP address (and port number) for them.
NameVirtualHost rproxy1
<VirtualHost rproxy1>
ServerName www.example.net
ProxyPass / http://iweb1/
ProxyPassReverse / http://iweb1/
# CustomLog logs/iweb1.access_log combined
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
<VirtualHost rproxy1>
ServerName www.example.org
ProxyPass / http://iweb1/
ProxyPassReverse / http://iweb1/
# CustomLog logs/iweb1.access_log combined
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
## SSL Global Context
## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts.
# Some MIME-types for downloading Certificates and CRLs <IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex sem
# Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
SSLRandomSeed startup file:/dev/arandom 512
# Logging:
SSLLog logs/ssl_engine_log
SSLLogLevel info
</IfModule>
### End httpd.conf ########################################
Thanks to help me.
Vincent.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|