[users@httpd] Proxy Issues

[Matthew Javelet <ma...@gmail.com>]

Hello Everyone,

I'm having a bit of a struggle figuring out how to apply my _solution_ for
this current issue I'm facing.

I have server A & server B that both need to reach an external service,
server Z.
Server B has access while A does not, so we are wanting to make a proxy to
mediate the requests from B -> Z for A.

I thought the curl command from Server A would be:
curl https://server-z.com --proxy http://server-b

But that gives the following error:
*   Trying x.x.x.x...
* Connected to host.name (X.X.X.X) port 80 (#0)
* Establish HTTP proxy tunnel to server-z:443
> CONNECT server-z:443 HTTP/1.1
> Host: server-z:443
> User-Agent: curl/7.40.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 502 Proxy Error
< Date: Thu, 16 Jul 2015 22:40:16 GMT
< Server: Apache/2.4.12
< Content-Length: 383
< Content-Type: text/html; charset=iso-8859-1
<
* Received HTTP code 502 from proxy after CONNECT
* Closing connection 0
curl: (56) Received HTTP code 502 from proxy after CONNECT

For the current vhost configuration on server B(server-b.proxy), I am using:
ProxyPass / https://server-z
ProxyPassReverse / https://server-z

>From Server B, I can run:
curl http://server-b.proxy

Which works/mediates, but I'm pretty sure this is incorrect as when I try
it from Server A, timeout as per usual occurs. Also, the curl request is
made though a PHP wrapper which disables verification for the ssl
request(not sure if it matters or would be brought up).

>From what I understood I needed a reverse proxy since I wanted this on a
fixed url, but now I'm not so sure. Any clarity on what I'm doing wrong
would be much appreciated.

Thanks,
Matthew

Re: [users@httpd] Proxy Issues

[Marat Khalili <mk...@rqc.ru>]

Hello Matthew,

You can use both forward proxy and reverse proxy configuration for your 
problem. In reverse proxy configuration server B pretends to be server 
Z, therefore the following command should be used from any server:
$ curl http://server-b.proxy
This is what you seem to have configured now. However, there might be 
issues with URLs returned by server Z pointing to server-z.com, not to 
server-b.proxy (and subsequent requests get lost).

The command you specified first (curl --proxy ...) is for normal 
(forward) proxy, which is not your current configuration. Forward proxy 
is preferable if you don't want to deal with incorrect URLs.


--

With Best Regards,
Marat Khalili

On 17/07/15 02:34, Matthew Javelet wrote:
> Hello Everyone,
>
> I'm having a bit of a struggle figuring out how to apply my _solution_ 
> for this current issue I'm facing.
>
> I have server A & server B that both need to reach an external 
> service, server Z.
> Server B has access while A does not, so we are wanting to make a 
> proxy to mediate the requests from B -> Z for A.
>
> I thought the curl command from Server A would be:
> curl https://server-z.com --proxy http://server-b
>
> But that gives the following error:
> *   Trying x.x.x.x...
> * Connected to host.name <http://host.name> (X.X.X.X) port 80 (#0)
> * Establish HTTP proxy tunnel to server-z:443
> > CONNECT server-z:443 HTTP/1.1
> > Host: server-z:443
> > User-Agent: curl/7.40.0
> > Proxy-Connection: Keep-Alive
> >
> < HTTP/1.1 502 Proxy Error
> < Date: Thu, 16 Jul 2015 22:40:16 GMT
> < Server: Apache/2.4.12
> < Content-Length: 383
> < Content-Type: text/html; charset=iso-8859-1
> <
> * Received HTTP code 502 from proxy after CONNECT
> * Closing connection 0
> curl: (56) Received HTTP code 502 from proxy after CONNECT
>
> For the current vhost configuration on server B(server-b.proxy), I am 
> using:
> ProxyPass / https://server-z
> ProxyPassReverse / https://server-z
>
> From Server B, I can run:
> curl http://server-b.proxy
>
> Which works/mediates, but I'm pretty sure this is incorrect as when I 
> try it from Server A, timeout as per usual occurs. Also, the curl 
> request is made though a PHP wrapper which disables verification for 
> the ssl request(not sure if it matters or would be brought up).
>
> From what I understood I needed a reverse proxy since I wanted this on 
> a fixed url, but now I'm not so sure. Any clarity on what I'm doing 
> wrong would be much appreciated.
>
> Thanks,
> Matthew
>
>