Help with Apache/Vhosts/mod_proxy
|
| Author | Content |
|---|---|
| techiem2 Jun 07, 2010 2:07 PM EDT |
Ok, a friend and I recently setup a nice Debian Lenny VPS (fosslib.net), and have several services up and running (such as apache/irc/jabber/etc). We also have a couple things running like QWebirc and Etherpad that run alone. We would like to use subdomains with apache along with mod_proxy and such to allow access to these directly through the running apache session on 80/443 so that 1. we can close off the direct access ports and 2. anyone can get to them through the normal apache install instead of having to use weird ports. So far I am not having much success getting things to work. I assume there is something really simple I am missing in my vhost setup or some such, but don't know enough about vhosts and mod_proxy to know where to go next. A sample setup would be: fosslib.net/www.fosslib.net is the general site of course (this works). pad.fosslib.net would be a vhost that proxies everything to the local etherpad server (localhost:9000). I already have the dns entry created, so pad.fosslib.net is valid and points to the server ip. I just can't figure out where to go from there. I tried a few things, such as proxying /pad to the etherpad server, but the examples I found don't work fully. I will get the initial etherpad page (without the graphics), and then nothing after that (i.e. the links are invalid as they point outside the proxy setup) Could someone with some actual experience with such things give me some suggestions? The virtualhost and mod_proxy documentation and the few examples I've found aren't helping much (the mod_proxy examples all seem to be assuming that etherpad is the ONLY thing the apache server is serving). Thanks as usual! Mark II |
| Sander_Marechal Jun 07, 2010 4:37 PM EDT |
Easy. I have a similar setup running on Officeshots.org where lang.offficeshots.org is proxying to a Pootle server on port 8080. Here's my config snippet: Please replace the [ with the proper angle brackets. LXer is eating my configuration otherwise.
# This is www.officeshots.org, a normal
# PHP app running in Apache
[VirtualHost *:80>
DocumentRoot /path/to/officeshots
ServerName www.officeshots.org
# Etcetera...
[/VirtualHost>This isn't some tutorial configuration. This is my actual tested and working configuration. |
| techiem2 Jun 07, 2010 4:47 PM EDT |
Thanks! I'll give that a try this evening and see if that gives me better success than the 500 examples I found that didn't. :) Now I assume I just create another vhost file to put the second vhost in, like the default and default ssl vhosts? Then change the default ones to add the ServerName field? (I don't think they have it). |
| techiem2 Jun 07, 2010 6:28 PM EDT |
Ok, I added a vhost file for etherpad and copied your setup, except I have the extras commented out (the static stuff)
[VirtualHost *:80> ServerName pad.fosslib.net ErrorLog /var/log/apache2/etherpad.fosslib.net/error.log LogLevel warn CustomLog /var/log/apache2/etherpad.fosslib.net/access.log combined # Don't proxy these. Apache serves them directly # from DocumentRoot, so it's caching # them for optimisation. This is just a bonus # and can be skipped # ProxyPass /images ! # ProxyPass /js ! # ProxyPass /pootle.css ! # ProxyPass /favicon.ico ! # This does the actual proxying ProxyPass / http://localhost:9000/ ProxyPassReverse / http://localhost:9000/ # Allow access to the proxy [Directory proxy:http://localhost:9000/*> Order deny,allow Allow from all [/Directory> # Allow direct access to the static files. This. # is for the optimisation mentioned above # DocumentRoot "/usr/share/pootle/html/" # [Directory "/usr/share/pootle/html"> # Order deny,allow # Allow from all # [/Directory> [/VirtualHost> When I do it this way, I get a 403 forbidden error when I try to access http://pad.fosslib.net If I modify mod_proxy.conf and change it from deny from all to allow from all, I get the same results as before: / is loaded through the proxy, but only partially. the text is there but all formatting/images/etc. are gone. All links are pointing to http://localhost:9000/..... I have it setup that way at the moment, so if you http://pad.fosslib.net you'll see what I mean. The normal server is running at http://fosslib.net:9000 so you can see what it's supposed to look like. |
| Sander_Marechal Jun 08, 2010 3:16 AM EDT |
The problem seems to be your EtherPad configuration. It writes out all links with full domainname and port. E.g: Your CSS file isn't referred to as /static/compressed/id.css but as http://localhost:9000/static/compressed/id.css. You need to tune your EtherPad configuration so that it doesn not use domainnames and port numbers in it's URLs. Then it will work. |
| techiem2 Jun 08, 2010 8:21 AM EDT |
Aha! Thanks! There was a line in the html template with a "base href=" tag. Fixing that (i.e. commenting out the tag) fixed it. |
| techiem2 Jun 08, 2010 10:37 AM EDT |
Ok, next questions, now that I have a handle on proxying. :) 1. SVN We have svn setup of course, so you can do like svn co https://fosslib.net/svn/blah /svn is configured in dave_svn.conf (as are /websvn and /trac - though those should really probably be elsewhere) We would like to do svn co https://svn.fosslib.net/blah I'm guessing this needs a vhost with some sort of rewrite rule setup? (I really need to write all this up once it's all configured, for future reference) Along with this (and I don't know if this is even possible), have https://svn.fosslib.net in a browser use the /websvn location for it's root (I don't know if you can handle web clients separately from dav clients like this, if not it doesn't really matter, it would just be a bonus). 2. Email We have webmail on /horde3 (an alias to the actual horde dir) Obviously we would like webmail.fosslib.net to go directly to there I'm guessing this could just be a simple vhost with a different docroot (set / to the actual horde dir)? Thanks! VPSs are fun! |
| techiem2 Jun 08, 2010 12:06 PM EDT |
Ok, mail was easy. Just a simple vhost with a different docroot and a couple config files to change in horde. |
| Sander_Marechal Jun 09, 2010 7:59 AM EDT |
SVN is also a easy as a separate vhost. What I did on my moe server is terribly easy. I made a vhost on port svn.jejik.com, port 80 that points to websvn (or in my case, ViewVC) and another vhost, also on svn.jejik.com but this time on port 443 that serves dav_svn. So, it's the same URL. If you ask on port 80 you get a pretty page. If you use HTTPS on port 443 you get DAV access. An alternative is Trac, which you already mentioned. Here's my Trac and SVN setup for Officeshots. It does have one down-side: I need to add all repositories manually because there needs to be a Location directive for each, but on the plus side, this allows me to use different .htpasswd files for each repository (which I need anyway). [VirtualHost *:80> # This points to an empty directory DocumentRoot /var/www/code.officeshots.org/htdocs ServerName code.officeshots.org |
| techiem2 Jun 09, 2010 10:32 AM EDT |
Thanks! http://svn.fosslib.net is now the websvn and https://svn.fosslib.net is now the DAV SVN server. trac.fosslib.net is now Trac. I tweaked the proxying setup for EtherPad to use the bypass proxy option so I can server a local directory as well. So now pad.fosslib.net/pads loads my PHP script that lists the existing pads. :) One more question (for now...my current todo list is almost done): Can a port 80 proxy vhost setup be configured to force redirection over to the ssl vhost like you can with normal 80/443 vhosts (on mail I have "Redirect permanent / https://mail.fosslib.net/" in the port 80 config to force over to 443)? |
| Sander_Marechal Jun 09, 2010 7:07 PM EDT |
Quoting:Can a port 80 proxy vhost setup be configured to force redirection over to the ssl vhost like you can with normal 80/443 vhosts No idea, but you don't need to. Simply make the vhost on port 80 a permanent 301 redirect to the same URL on port 443. Then proxy only port 443 through to your application. There are plenty of tutorials that show you how you can redirect a port 80 vhost to a port 443 vhost. Because the redirect is a 301 redirect, the user's browser will simply re-request the page on the new address. No need to mess with proxy configurations! |
| techiem2 Jun 09, 2010 7:47 PM EDT |
aaah. So simply forgo the proxy altogether on 80 and just do the redirect. I'll have to test that. The server is coming together nicely. I'll have to write up a blog article about all this config type stuff when it's all settled, and put it in the wiki too. |
You cannot post until you login.