You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by André Warnier <aw...@ice-sa.com> on 2008/07/24 18:02:57 UTC
[users@httpd] Orientation request on proxies, rewrite etc..
Hi.
This is a general question, for my preliminary enlightenment and
orientation. I'm hoping to get some pointers as to how to start
designing a solution.
The case :
We are a small web software development company. We are using
internally several servers (Unix, Linux, Windows), each one of them
containing a rather messy mixture of web applications under Apache +
mod_jk + Tomcat, static documents in various hierarchies, and generally
speaking what one could expect accumulates over some 15+ years of
developing web applications for customers.
This is connected to the Internet via a good but rather rigid firewall.
Each of these internal systems of course has a name, some of them have
several (VirtualHosts), and various applications that we have developed,
are developing, or support are spread over these systems and virtual
hosts in an ad-hoc fashion that depends as much on the software versions
and disk space available, as on unexpected past incidents having forced
emergency relocations.
You get the picture; I won't name the company of course, and our
customers are very happy anyway. So there.
We have decided to re-organise this, and at the same time make this more
accessible both from inside and from outside (to our external
developers). At the moment for instance, accessing a given application
(whether to edit it's files or to test it via the web), requires the
external user to
a) know on which server the application resides
b) create an SSH tunnel from his workstation to that server's port 80
through the firewall
c) defining a local "alias" for the virtual or real server name he wants
to access (e.g. in the local "hosts" file)
d) then accessing the web application via this alias
and that kind of stuff. Of course if he wants now to acces another
server, the whole thing has to be repeated.
I would like to re-organise this as follows :
- choosing and setting up one of the internal servers as a "front-end"
for itself and all the others.
- allow internals and externals to connect to the front-end system (if
from outside, through an SSH tunnel)
- have this front-end system "proxy" the requests to whichever internal
system contains the stuff of interest, in function of either the alias
hostname of the target system, or some URI scheme that uses a prefix to
designate which server in the background contains the stuff
Now, given all the above, does anyone have any good tips as to what kind
of general setup we would need for this ?
Based on previous messages on this list, I have a tendency to think of
mod_proxy and mod_rewrite, but in what general shape or form is what I
hope to get from this explanation.
Thanks in advance,
André
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Orientation request on proxies, rewrite etc..
Posted by André Warnier <aw...@ice-sa.com>.
Krist van Besien wrote:
> On Thu, Jul 24, 2008 at 18:02, André Warnier <aw...@ice-sa.com> wrote:
>
[...]
>
> You need a reverse proxy, this allows to consolidate several
> webservers in to one "webspace" on one server. You could even make
> this server available from outside using https and authentication so
> you don't need to build ssl tunnels. (I work at a place with
> requirements not unlike yours.)
>
> This is a good place to start reading:
>
> http://www.apachetutor.org/admin/reverseproxies
>
> Krist
>
By the way, thanks.
I haven't yet got around it because I'm swamped with other emergencies
this week, but I will get to it.
André
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Orientation request on proxies, rewrite etc..
Posted by Krist van Besien <kr...@gmail.com>.
On Thu, Jul 24, 2008 at 18:02, André Warnier <aw...@ice-sa.com> wrote:
> I would like to re-organise this as follows :
> - choosing and setting up one of the internal servers as a "front-end" for
> itself and all the others.
> - allow internals and externals to connect to the front-end system (if from
> outside, through an SSH tunnel)
> - have this front-end system "proxy" the requests to whichever internal
> system contains the stuff of interest, in function of either the alias
> hostname of the target system, or some URI scheme that uses a prefix to
> designate which server in the background contains the stuff
>
> Now, given all the above, does anyone have any good tips as to what kind of
> general setup we would need for this ?
> Based on previous messages on this list, I have a tendency to think of
> mod_proxy and mod_rewrite, but in what general shape or form is what I hope
> to get from this explanation.
You need a reverse proxy, this allows to consolidate several
webservers in to one "webspace" on one server. You could even make
this server available from outside using https and authentication so
you don't need to build ssl tunnels. (I work at a place with
requirements not unlike yours.)
This is a good place to start reading:
http://www.apachetutor.org/admin/reverseproxies
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org