Apache Proxy/Rewrite question (yes, I'm doing odd stuff as usual)

Forum: LinuxTotal Replies: 14
Author Content
techiem2

Dec 11, 2011
10:57 PM EST
The other night I finally registered a domain for the church/school network to make my life easier. I have been working on setting up subdomains and using apache vhosts/proxying/redirects on the main internal webserver to redirect to/proxy to other internal services from outside to make things easier and more organized. I am trying to get proxying setup to the Zarafa webmail system and am having an issue and I'm trying to figure out if it's fixable or not.

The external address would be https://webmail.fbcdnet.org The internal address for the webmail system would be https://pdc/webaccess

My ssl vhost currently has:

Quoting: # This does the actual proxying

SSLProxyEngine On

ProxyPass / https://pdc/webaccess/

ProxyPassReverse / https://pdc/webaccess/

# Allow access to the proxy

<Directory proxy:https://pdc/* >

Order deny,allow

Allow from all

</Directory>



This ALMOST works (I get the main webmail page and can sign in), but the framework does not generate fully. When I look at the apache logs I see:

[11/Dec/2011:22:46:26 -0500] "POST /webaccess/zarafa.php?subsystem=webclient HTTP/1.1" 404 240 "https://webmail.fbcdnet.org/ " "Mozilla/5.0 (X11; Linux x86_64; rv: 8.0) Gecko/20100101 Firefox/8.0"

So the POST it sends is using the full "normal" address for the script. So the question is, do I need some sort of rewrite rule in my vhost config to fix that? Or is it not fixable to make it fully seamless this way?

Thanks all as usual.
gus3

Dec 11, 2011
11:48 PM EST
The proxy request results in 404? Does an internal fetch succeed or fail?

If it succeeds it would seen to be a proxy issue. However, if it fails, the resource would indeed seem to be missing.

Divide and conquer.
techiem2

Dec 11, 2011
11:51 PM EST
The resource works fine. I can use the "full" outside address https://pdc.fbcdnet.org/webaccess and it all works fine, so it would seem to be something with trying to proxy / to /webaccess isn't working right with some of the pages (like that POST that is apparently written to use the /webaccess/ url), so I'm thinking maybe I need a rewrite rule somewhere to fix it.
techiem2

Dec 11, 2011
11:52 PM EST
If it's not doable, I can just redirect webmail.fbcdnet.org to pdc.fbcdnet.org/webaccess, but I'm hoping to do the full pretty proxy route to get away from that /webaccess url lol.
tracyanne

Dec 12, 2011
12:13 AM EST
@Techiem

I'm running Apache on Linux Mint 9, so the actual file details may be different.

But in the proxy.conf file I have the following

ProxyRequests Off

<Proxy *>

AddDefaultCharset off

Order Deny,Allow

Deny from none

#Allow from

</Proxy>

and in the enabled website config file I have the following

ProxyPass /healthypeople http://tab0001/healthypeople

ProxyPassReverse /healthypeople http://tab0001/healthypeople

The only real difference is I'm using the proxy object rather than the Directory object

I tried using the Directory object but got similar results to what you describe
techiem2

Dec 12, 2011
12:21 AM EST
That's pretty close to my setup. I removed the Directory object and it works the same, so I guess it isn't really needed if you have the proxypass directives.

The main difference is that I'm trying to proxy / to /webaccess, so files in the webmail system that are specifically calling /webaccess are failing since it doesn't exist through the proxied connection.

tracyanne

Dec 12, 2011
12:21 AM EST
@Techiem

tab0001 is a Windows machine running in a VM serving up an ASP.NET website via IIS. I wanted to make it available to a client rather than upload everything to a beta server first, so I set up a Reverse proxy server on the Linux Mint 9 host, then made the reverse proxy available via pagekite.
techiem2

Dec 12, 2011
12:56 AM EST
I'm messing with a rewrite rule a bit and it is closer, but still not going.

RewriteEngine On RewriteRule ^/webaccess/(.*)$ /$1 [R,L]

Now instead of 404 I get 302 error when it tries to access the URL. I have a suspicion that maybe it has something to do with the fact that it's doing a POST to that url?
tracyanne

Dec 12, 2011
1:02 AM EST
I haven't had any issues with posting via the reverseproxy, but I didn't fiddle with the Rewite Engine either. I've alwasy found that the proxypass and proxypassReverse directive were all i ever needed to make it work.

I take it the site you are accessin g is an external site.
techiem2

Dec 12, 2011
1:03 AM EST
Got it!

Quoting:

RewriteEngine On

RewriteRule ^/webaccess/(.*)$ https://pdc/webaccess/$1 [P,L]

SSLProxyEngine On

ProxyPass / https://pdc/webaccess/

ProxyPassReverse / https://pdc/webaccess

# Allow access to the proxy

<Directory proxy:https://pdc/* >

Order deny,allow

Allow from all

</Directory>



So basically anything it's specifically using the /webaccess URL for I rewrite and proxy specifically to the proper url.
techiem2

Dec 12, 2011
1:05 AM EST
Actually I'm accessing an internal site from outside the network. 80 and 443 forward to the main web server inside the network. I'm using vhosts in it to redirect and proxy to the other internal servers so I can close off some firewall ports and make things cleaner and easier to remember.
tracyanne

Dec 12, 2011
1:13 AM EST
nice
techiem2

Dec 12, 2011
1:25 AM EST
Now I just have to finish activating the users for the mail system...and eventually get my internal DNS reconfigured and tweaked out so internal and external urls are the same as much as possible. :P
techiem2

Dec 12, 2011
2:29 AM EST
Ok next glitch:

I'm working on getting internal requests the same as external requests. For most this is just a matter of setting dns to point to my vhost apache instance since it is proxying most requests.

But now I'm trying to get the icecast server set. the icecast.fbcdnet.org vhost does a redirect to http://fbcdnet.org:8000 (so clients outside that hit the subdomain are directed to the proper address/port for the icecast server - I actually tried proxying this but streaming audio doesn't proxy well. :P).

Obviously this redirect doesn't work for internal clients, so is there a way to have the vhost redirect to that address for outside requests (or requests coming from the router since it's forwarding the port ...) and redirect to the proper internal address (http://router:8000) for lan clients (client of ip 10.10.42.*)?
techiem2

Dec 12, 2011
2:37 AM EST
Ok... DNS hacked that issue. I just set fbcdnet.org. to point to 10.10.42.1 so the vhost redirect works internally now just fine lol.

You cannot post until you login.