You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by DJ Lucas <dj...@lucasit.com> on 2007/04/22 16:13:16 UTC
[users@httpd] hide alternate service ports using mod_proxy
Hmm...gmane is really taking it's time or just doesn't like me. :-) My
apologies in advance if this message comes twice.
Currently I have 4 separate services running for web services on one
machine, Apache-2.2.4, Tomcat-5.5.23, and webmail and webmail admin
(vendor provided). All are using two ports, close in proximity to the
original. My primary goal is to remove the port numbers from the URLs,
however, I'd also like to only have open 80 and 443 on the firewall. I
believe this is the correct method, however, the results are not exactly
as expected.
In httpd.conf I have:
=================================================================
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<snip>
# Reverse Proxy (hide port number for other web services)
Include conf/extra/httpd-reverse-proxy.conf
=================================================================
I have in conf/extra/httpd-reverse-proxy.conf:
=================================================================
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /webmail http://www.example.com:81
ProxyPassReverse /webmail http://www.example.com:81
=================================================================
When going to 'http://www.example.com/webmail' I get the text, but not
the pictures. When I add the trailing slash and it seems to work as
expected. As it is now, I need only 80/443 open. However, upon logging
in, I receive a "Not Found" error:
=================================================================
Not Found
The requested URL /webmail.dll was not found on this server.
Additionally, a 403 Forbidden error was encountered while trying to use
an ErrorDocument to handle the request.
Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.1.6
mod_perl/2.0.3 Perl/v5.8.8 Server at www.example.com Port 80
=================================================================
http or https doesn't make a difference. The 403 is probably related,
but I am unsure. Am I going about this in the correct way? Remember
that this is a separate, vendor supplied httpd of some sort, so
integration into the main webroot is not likely possible. Of course,
using the www.example.com:81 or 444 works as expected. If anyone has an
idea, either to fix this or for another solution, It'd be much appreciated.
-- DJ Lucas
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] hide alternate service ports using mod_proxy
Posted by DJ Lucas <dj...@lucasit.com>.
DJ Lucas wrote:
> When going to 'http://www.example.com/webmail' I get the text, but not
> the pictures. When I add the trailing slash and it seems to work as
> expected. As it is now, I need only 80/443 open. However, upon
> logging in, I receive a "Not Found" error:
> =================================================================
> Not Found
>
> The requested URL /webmail.dll was not found on this server.
>
> Additionally, a 403 Forbidden error was encountered while trying to
> use an ErrorDocument to handle the request.
>
> Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8e PHP/5.1.6
> mod_perl/2.0.3 Perl/v5.8.8 Server at www.example.com Port 80
> =================================================================
Okay...I still don't completely understand the final peice, so I worked
around it with a rewrite. However, I did correct other link problems
using mod_proxy_html, and later found a very easy work around using a
rewrite. The revised module list and extra config is below. I only
listed the relevant modules as are used for the proxy/rewrites and is
shown inline for simplicity. Hope this can be used by somebody else in
the future (or maybe a solution with less overhead ).
=====================================================================
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadFile modules/mod_proxy_html/libxml2.dll
LoadModule proxy_html_module modules/mod_proxy_html/mod_proxy_html.so
LoadModule rewrite_module modules/mod_rewrite.so
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /webmail/ http://www.example.com:81/
ProxyHTMLURLMap http://www.example.com:81 /webmail
<Location /webmail/>
SetOutputFilter proxy-html
ProxyPassReverse /
ProxyHTMLURLMap / /webmail/
ProxyHTMLURLMap /webmail /webmail
RequestHeader unset Accept-Encoding
</Location>
# Can't see any standard way to deal with the proprietary server, so
just brute force it with a rewrite
RewriteEngine on
# Not using EOL ($ at the end of pattern) is dangerous, but should be
okay in this very specific case
# This is required as the complete URL will be extended well beyond the
rewrite.
RewriteRule ^/webmail.dll /webmail/webmail.dll [R]
# Now fix the trailing slash problem
RewriteRule ^/webmail$ /webmail/ [R]
=====================================================================
Again, I don't understand why webmail.dll is not getting put into the
correct path given the proxy rules above, but this has worked for me.
I'd still like to complete the proxy without using the rewrite,
unfortunately, it looks like mod_rewrite will be required anyway to fix
the trailing slash.
Thanks.
-- DJ Lucas
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org