You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by André Warnier <aw...@ice-sa.com> on 2008/07/24 18:02:57 UTC

[users@httpd] Orientation request on proxies, rewrite etc..

Hi.

This is a general question, for my preliminary enlightenment and 
orientation.  I'm hoping to get some pointers as to how to start 
designing a solution.

The case :
We are a small web software development company.  We are using 
internally several servers (Unix, Linux, Windows), each one of them 
containing a rather messy mixture of web applications under Apache + 
mod_jk + Tomcat, static documents in various hierarchies, and generally 
speaking what one could expect accumulates over some 15+ years of 
developing web applications for customers.
This is connected to the Internet via a good but rather rigid firewall.
Each of these internal systems of course has a name, some of them have 
several (VirtualHosts), and various applications that we have developed, 
are developing, or support are spread over these systems and virtual 
hosts in an ad-hoc fashion that depends as much on the software versions 
and disk space available, as on unexpected past incidents having forced 
  emergency relocations.
You get the picture; I won't name the company of course, and our 
customers are very happy anyway. So there.

We have decided to re-organise this, and at the same time make this more 
accessible both from inside and from outside (to our external 
developers). At the moment for instance, accessing a given application 
(whether to edit it's files or to test it via the web), requires the 
external user to
a) know on which server the application resides
b) create an SSH tunnel from his workstation to that server's port 80 
through the firewall
c) defining a local "alias" for the virtual or real server name he wants 
to access (e.g. in the local "hosts" file)
d) then accessing the web application via this alias
and that kind of stuff. Of course if he wants now to acces another 
server, the whole thing has to be repeated.

I would like to re-organise this as follows :
- choosing and setting up one of the internal servers as a "front-end" 
for itself and all the others.
- allow internals and externals to connect to the front-end system (if 
from outside, through an SSH tunnel)
- have this front-end system "proxy" the requests to whichever internal 
system contains the stuff of interest, in function of either the alias 
hostname of the target system, or some URI scheme that uses a prefix to 
designate which server in the background contains the stuff

Now, given all the above, does anyone have any good tips as to what kind 
of general setup we would need for this ?
Based on previous messages on this list, I have a tendency to think of 
mod_proxy and mod_rewrite, but in what general shape or form is what I 
hope to get from this explanation.

Thanks in advance,
André


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Orientation request on proxies, rewrite etc..

Posted by André Warnier <aw...@ice-sa.com>.

Krist van Besien wrote:
> On Thu, Jul 24, 2008 at 18:02, André Warnier <aw...@ice-sa.com> wrote:
> 
[...]

> 
> You need a reverse proxy, this allows to consolidate several
> webservers in to one "webspace" on one server. You could even make
> this server available from outside using https and authentication so
> you don't need to build ssl tunnels. (I work at a place with
> requirements not unlike yours.)
> 
> This is a good place to start reading:
> 
> http://www.apachetutor.org/admin/reverseproxies
> 
> Krist
> 
By the way, thanks.
I haven't yet got around it because I'm swamped with other emergencies 
this week, but I will get to it.
André


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Orientation request on proxies, rewrite etc..

Posted by Krist van Besien <kr...@gmail.com>.

On Thu, Jul 24, 2008 at 18:02, André Warnier <aw...@ice-sa.com> wrote:

> I would like to re-organise this as follows :
> - choosing and setting up one of the internal servers as a "front-end" for
> itself and all the others.
> - allow internals and externals to connect to the front-end system (if from
> outside, through an SSH tunnel)
> - have this front-end system "proxy" the requests to whichever internal
> system contains the stuff of interest, in function of either the alias
> hostname of the target system, or some URI scheme that uses a prefix to
> designate which server in the background contains the stuff
>
> Now, given all the above, does anyone have any good tips as to what kind of
> general setup we would need for this ?
> Based on previous messages on this list, I have a tendency to think of
> mod_proxy and mod_rewrite, but in what general shape or form is what I hope
> to get from this explanation.

You need a reverse proxy, this allows to consolidate several
webservers in to one "webspace" on one server. You could even make
this server available from outside using https and authentication so
you don't need to build ssl tunnels. (I work at a place with
requirements not unlike yours.)

This is a good place to start reading:

http://www.apachetutor.org/admin/reverseproxies

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org