Re: Problem with ProxyPass

[Michelle Konzack <linux4michelle@xxxxxxxxxxxxxxx>]

Hello Tom Evans,

Am 2010-10-07 10:55:59, hacktest Du folgendes herunter:
> On Thu, Oct 7, 2010 at 6:51 AM, Michelle Konzack
> <linux4michelle@xxxxxxxxxxxxxxx> wrote:
> > ----[ '/etc/apache2/conf.d/apache_proxy' ]------------------------------
> > NameVirtualHost         192.168.0.69:80
> >
> > <VirtualHost 192.168.0.69:80>
> >    ServerName          www.tdipmedia.net
> >    ProxyPass           / http://192.168.0.208:80/
> >    ProxyPassReverse    / http://192.168.0.208:80/
> >    <Directory proxy:http://192.168.0.208:80/*>
> >        Order           deny,allow
> >        Allow           from all
> >    </Directory>
> > </VirtualHost>
> > ------------------------------------------------------------------------
> Your config doesn't look right to me:

Hmmm, since my three pootle instances where confliction with  Apache,  I
have setup last year the following config which is working:

----[ '/VServer_10/APACHE_available/pootle.tdwave.net' ]----------------
<VirtualHost 192.168.0.69:80>
    ServerAdmin         linux4michelle@xxxxxxxxxxxxxxx
    ServerName          pootle.tdwave.net

    ProxyPass          /images !
    ProxyPass          /js !
    ProxyPass          /pootle.css !
    ProxyPass          /favicon.ico !
    ProxyPass          / http://localhost:8888/
    ProxyPassReverse   / http://localhost:8888/
    <Directory proxy:http://localhost:8888/*>
        Order          deny,allow
        Allow          from all
    </Directory>

    DocumentRoot        /usr/share/pootle/html/
    <Directory /usr/share/pootle/html/>
        Order           deny,allow
        Allow           from all
    </Directory>

    <Directory />
        Options         FollowSymLinks Indexes
        AllowOverride   None
        Order           deny,allow
        Allow           from all
    </Directory>

    # debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel            warn
    ErrorLog            /VServer_10/CONFIG_pootle.tdwave.net/log/apache/error.log

    LogFormat           "%{[%Y-%m-%d %H:%M:%S %z]}t %h [%V] %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost
    CustomLog           /VServer_10/CONFIG_pootle.tdwave.net/log/apache/access.log vhost

    ServerSignature     On
</VirtualHost>
------------------------------------------------------------------------

and now modified it.  the only difference is, that the newServer is  NOT
on <localhost> but on IP <192.168.0.208>

>     NameVirtualHost         192.168.0.69:80
> 
> This says 'When a request comes in on the socket listening on IP
> 192.168.0.69, port 80, use the Host header from the request to infer
> the virtualhost to use'.

Right

> <VirtualHost 192.168.0.69:80>
>    ServerName          www.tdipmedia.net
> 
> </VirtualHost>
> 
> This says: 'When a request comes in on 192.168.0.69:80, with Host
> header 'www.tdipmedia.net', use this virtualhost to serve the request'

Right too.

>    ProxyPass           / http://192.168.0.208:80/
>    ProxyPassReverse    / http://192.168.0.208:80/
> 
> This says: 'Proxy / to the website on http://192.168.0.208:80/'

Right too.

>    <Directory proxy:http://192.168.0.208:80/*>
>        Order           deny,allow
>        Allow           from all
>    </Directory>
> 
> This is nonsense. A <Directory> refers to a disk location, nothing
> else. If you wish to restrict who can access a reverse proxy, use a
> <Proxy> directive or a <Location> directive.

Hmmm...

> Well, you haven't specified anything in your config that would result
> in a redirect, you have configured a proxy. Apart from that...
> 
> So there are a couple of things you can check.
> 
> 1) When you connect to the webserver, are you connecting to 192.168.0.69:80 ?

Yes, and I get:

----[ command 'wget -S -O /dev/null http://www.tdipmedia.net/' ]--------

--2010-10-07 14:26:26--  http://www.tdipmedia.net/
Resolving www.tdipmedia.net... 88.168.69.36
Connecting to www.tdipmedia.net|88.168.69.36|:80... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 403 Forbidden
  Date: Thu, 07 Oct 2010 12:26:26 GMT
  Content-Length: 390
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: text/html; charset=iso-8859-1
2010-10-07 14:26:26 ERROR 403: Forbidden.

------------------------------------------------------------------------

<88.168.69.36> is my fixed PUBLIC IP address  and  all  :80  traffic  is
redirected to my DMZ on <192.168.0.69> and some of the servers should be
proxyied to Servers behind it like the <192.168.0.208>.

> 2) What Host header are you sending to the server? Typically a browser
> will send the host portion of the URL you type in the address bar -
> does that match 'www.tdipmedia.net'?
> 3) Where are your logs? What 'does not work' - explain what you've
> tried, what the server does when you try that, and what error/info
> messages are printed in the access and error logs.

[Thu Oct 07 14:16:45 2010] [error] [client 192.168.0.65] client denied by server configuration: proxy:http://192.168.0.208:80/

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL       itsystems@tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz                 Kinzigstraße 17
67100 Strasbourg/France           77694 Kehl/Germany
Tel: +33-6-61925193 mobil         Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4michelle@xxxxxxxxxxxxx
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/

Attachment: signature.pgp
Description: Digital signature