You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Paul Cocker <pa...@tntpost.co.uk> on 2007/11/23 18:52:26 UTC
[users@httpd] Redirecting to internal server
Hi all, first time on the apache list so have mercy ;)
I have been tasked with setting up a system whereby a Linux server
running apache 2.0.59 in the DMZ takes requests on port 80 and then
passes them through to an internal Windows server running IIS which
actually hosts the HTML.
Such a setup already exists (though it's Linux to Linux) so I thought
this would be relatively easy to do, just copy the existing setup.
People currently connect to http://www.domain.co.uk/folder/login.html
and all is well. Searching the httpd.conf file I can find only one
reference to folder, which is:
<VirtualHost *:80>
ServerAdmin administrator@domain.co.uk
ServerName www.domain.co.uk
DocumentRoot /var/www/html/domain
RewriteEngine on
RewriteRule ^/folder(.+) https://www.domain.co.uk/folder$1 [R,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
So we're using the rewrite module... except having read the
documentation on this feature I cannot fathom it.
I hoped that with the above I could simply add another line:
RewriteRule ^/folder2(.+) https://www.domain.co.uk/folder2$1 [R,L]
I then added a route for the relevant server so the traffic is routed to
the internal network when its name is called. However, without really
understanding the above I'm not in much of a position to progress
further when this invariably fails to work. I don't know whether the
above in any way relates to the name apache calls which then causes the
call to be routed to server X.
Any advice or guidance you can offer would be much appreciated.
Paul Cocker
IT Systems Administrator
TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirecting to internal server
Posted by Davide Bianchi <da...@onlyforfun.net>.
Paul Cocker wrote:
> Such a setup already exists (though it's Linux to Linux) so I thought
> this would be relatively easy to do, just copy the existing setup.
> People currently connect to http://www.domain.co.uk/folder/login.html
> and all is well. Searching the httpd.conf file I can find only one
> reference to folder, which is:
>
> <VirtualHost *:80>
> ServerAdmin administrator@domain.co.uk
> ServerName www.domain.co.uk
> DocumentRoot /var/www/html/domain
> RewriteEngine on
> RewriteRule ^/folder(.+) https://www.domain.co.uk/folder$1 [R,L]
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule .* - [F]
> </VirtualHost>
This is not what you are looking for, I think, the rewrite rule merely
redirect you to an https:// server, so you should have anothere
VirtualHost responding on port 443 (https) that actually does the job.
Davide
--
It's ten o'clock. Do you know where your source code is?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Redirecting to internal server
Posted by Paul Cocker <pa...@tntpost.co.uk>.
The reverse proxy doesn't appear to be working. My block now looks like
the following:
ServerAdmin administrator@domain.co.uk
ServerName www.domain.co.uk
DocumentRoot /var/www/html/domain
ProxyRequests off
ProxyPass /folder http://virtualfolder/
ProxyPassReverse /folder http://virtualfolder/
I've also got the line:
LoadModule proxy_module modules/mod_proxy.so
I've confirmed the file is under the modules directory.
I restarted Apache using apachectl graceful.
Requests going to http://www.domain.co.uk/folder get the message:
Object not found!
The requested URL was not found on this server. If you entered the URL
manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
www.domain.co.uk
Apache/2.0.59 (Unix)
While I can understand not getting the reverse proxy right straight off
the bat, this looks like it isn't redirecting at all. Where am I going
wrong?
error_log just registers the following:
[Tue Nov 27 15:41:08 2007] [error] [client 1.1.1.1] File does not exist:
/var/www/html/domain/folder
[Tue Nov 27 15:41:12 2007] [error] [client 1.1.1.1] File does not exist:
/var/www/html/domain/folder
[Tue Nov 27 15:42:02 2007] [error] [client 1.1.1.1] File does not exist:
/var/www/html/domain/folder
Paul Cocker
IT Systems Administrator
________________________________
From: Victor Trac [mailto:victor.trac@gmail.com]
Sent: 24 November 2007 11:13
To: users@httpd.apache.org
Subject: Re: [users@httpd] Redirecting to internal server
On Nov 23, 2007 6:52 PM, Paul Cocker <pa...@tntpost.co.uk> wrote:
Hi all, first time on the apache list so have mercy ;)
I have been tasked with setting up a system whereby a Linux
server
running apache 2.0.59 in the DMZ takes requests on port 80 and
then
passes them through to an internal Windows server running IIS
which
actually hosts the HTML.
Such a setup already exists (though it's Linux to Linux) so I
thought
this would be relatively easy to do, just copy the existing
setup.
People currently connect to
http://www.domain.co.uk/folder/login.html
and all is well. Searching the httpd.conf file I can find only
one
reference to folder, which is:
<VirtualHost *:80>
ServerAdmin administrator@domain.co.uk
ServerName www.domain.co.uk
DocumentRoot /var/www/html/domain
RewriteEngine on
RewriteRule ^/folder(.+)
https://www.domain.co.uk/folder$1 [R,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
So we're using the rewrite module... except having read the
documentation on this feature I cannot fathom it.
I hoped that with the above I could simply add another line:
RewriteRule ^/folder2(.+) https://www.domain.co.uk/folder2$1
[R,L]
I then added a route for the relevant server so the traffic is
routed to
the internal network when its name is called. However, without
really
understanding the above I'm not in much of a position to
progress
further when this invariably fails to work. I don't know whether
the
above in any way relates to the name apache calls which then
causes the
call to be routed to server X.
Any advice or guidance you can offer would be much appreciated.
Paul Cocker
IT Systems Administrator <ma...@httpd.apache.org>
Your example is not rewriting to an internal server. You want to use
mod_proxy. Let's say your windows box is 192.168.1.100, then you want
something like this inside your VirtualHost directive:
ProxyRequests off
ProxyPass /folder2 http://192.168.1.100
ProxyPassReverse /folder2 http://192.168.1.100
With this, anytime someone visits your externally accessible site at
http://www.domain.co.uk/folder2, they'll see the html output by your
windows server at http://192.168.1.100 and your internal IIS host is
never directly accessible from the internet.
cheers,
Victor
--
http://www.victortrac.com
TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Redirecting to internal server
Posted by Paul Cocker <pa...@tntpost.co.uk>.
Thanks for that, I'll give it a try. Looks a lot easier :)
Out of interest, what is the example below doing? The document
referenced doesn't exist on the box in question, it is on an internal
box, and the external facing box has a route in its routing table
specifically for the internal box.
So, in some way it's deciding to pass requests in, and the below is the
only uncommented reference to that box in all of httpd.conf. So either:
a) I'm looking in the wrong file for the relevant interaction.
b) Uh... something else :)
All I know is that http://www.domain.co.uk/folder/page.html must be
passed through somehow (indeed, the DMZ/Internal router has a whole NAT
config for it), since page.html exists only on the internal server, not
the external facing www one.
Paul Cocker
IT Systems Administrator
IT Security Officer
01628 81(6647)
TNT Post
1 Globeside Business Park
Fieldhouse Lane
Marlow
Bucks
SL7 1HY
________________________________
From: Victor Trac [mailto:victor.trac@gmail.com]
Sent: 24 November 2007 11:13
To: users@httpd.apache.org
Subject: Re: [users@httpd] Redirecting to internal server
On Nov 23, 2007 6:52 PM, Paul Cocker <pa...@tntpost.co.uk> wrote:
Hi all, first time on the apache list so have mercy ;)
I have been tasked with setting up a system whereby a Linux
server
running apache 2.0.59 in the DMZ takes requests on port 80 and
then
passes them through to an internal Windows server running IIS
which
actually hosts the HTML.
Such a setup already exists (though it's Linux to Linux) so I
thought
this would be relatively easy to do, just copy the existing
setup.
People currently connect to
http://www.domain.co.uk/folder/login.html
and all is well. Searching the httpd.conf file I can find only
one
reference to folder, which is:
<VirtualHost *:80>
ServerAdmin administrator@domain.co.uk
ServerName www.domain.co.uk
DocumentRoot /var/www/html/domain
RewriteEngine on
RewriteRule ^/folder(.+)
https://www.domain.co.uk/folder$1 [R,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
So we're using the rewrite module... except having read the
documentation on this feature I cannot fathom it.
I hoped that with the above I could simply add another line:
RewriteRule ^/folder2(.+) https://www.domain.co.uk/folder2$1
[R,L]
I then added a route for the relevant server so the traffic is
routed to
the internal network when its name is called. However, without
really
understanding the above I'm not in much of a position to
progress
further when this invariably fails to work. I don't know whether
the
above in any way relates to the name apache calls which then
causes the
call to be routed to server X.
Any advice or guidance you can offer would be much appreciated.
Paul Cocker
IT Systems Administrator <ma...@httpd.apache.org>
Your example is not rewriting to an internal server. You want to use
mod_proxy. Let's say your windows box is 192.168.1.100, then you want
something like this inside your VirtualHost directive:
ProxyRequests off
ProxyPass /folder2 http://192.168.1.100
ProxyPassReverse /folder2 http://192.168.1.100
With this, anytime someone visits your externally accessible site at
http://www.domain.co.uk/folder2, they'll see the html output by your
windows server at http://192.168.1.100 and your internal IIS host is
never directly accessible from the internet.
cheers,
Victor
--
http://www.victortrac.com
TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirecting to internal server
Posted by Victor Trac <vi...@gmail.com>.
On Nov 23, 2007 6:52 PM, Paul Cocker <pa...@tntpost.co.uk> wrote:
> Hi all, first time on the apache list so have mercy ;)
>
> I have been tasked with setting up a system whereby a Linux server
> running apache 2.0.59 in the DMZ takes requests on port 80 and then
> passes them through to an internal Windows server running IIS which
> actually hosts the HTML.
>
> Such a setup already exists (though it's Linux to Linux) so I thought
> this would be relatively easy to do, just copy the existing setup.
> People currently connect to http://www.domain.co.uk/folder/login.html
> and all is well. Searching the httpd.conf file I can find only one
> reference to folder, which is:
>
> <VirtualHost *:80>
> ServerAdmin administrator@domain.co.uk
> ServerName www.domain.co.uk
> DocumentRoot /var/www/html/domain
> RewriteEngine on
> RewriteRule ^/folder(.+) https://www.domain.co.uk/folder$1 [R,L]
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule .* - [F]
> </VirtualHost>
>
> So we're using the rewrite module... except having read the
> documentation on this feature I cannot fathom it.
>
> I hoped that with the above I could simply add another line:
>
> RewriteRule ^/folder2(.+) https://www.domain.co.uk/folder2$1 [R,L]
>
> I then added a route for the relevant server so the traffic is routed to
> the internal network when its name is called. However, without really
> understanding the above I'm not in much of a position to progress
> further when this invariably fails to work. I don't know whether the
> above in any way relates to the name apache calls which then causes the
> call to be routed to server X.
>
> Any advice or guidance you can offer would be much appreciated.
>
> Paul Cocker
> IT Systems Administrator <us...@httpd.apache.org>
Your example is not rewriting to an internal server. You want to use
mod_proxy. Let's say your windows box is 192.168.1.100, then you want
something like this inside your VirtualHost directive:
ProxyRequests off
ProxyPass /folder2 http://192.168.1.100
ProxyPassReverse /folder2 http://192.168.1.100
With this, anytime someone visits your externally accessible site at
http://www.domain.co.uk/folder2, they'll see the html output by your windows
server at http://192.168.1.100 and your internal IIS host is never directly
accessible from the internet.
cheers,
Victor
--
http://www.victortrac.com