Forum OpenACS Q&A: Apache as reverse proxy

Posted by David Kuczek on 06/10/03 03:35 PM

I just installed Apache to serve as a reverse proxy for different AOLservers. Everything *seems* to work like a charm. I have never touched Apache before, so I have no clue about detailed configuration and administration... My questions:

1. I manually started Apache with "apachectl start"... How do I keep Apache alive + start on boot? Is there anything similar to my aolserver inittab entry? I am not using daemontools...

2. Do I have to turn off any Apache services that are not being used for reverse proxying and that might evoke security issues?

3. These are my lines from httpd.conf for reverse proxying:

<VirtualHost *>
ServerName www.myserver.com
proxypass / http://myip:8000/
proxypassreverse / http://myip:8000/
</VirtualHost>

<VirtualHost *>
ServerName mysubdomain.myserver.com
proxypass / http://myip:8000/
proxypassreverse / http://myip:8000/
</VirtualHost>

How can I redirect all other subdomains like novalidsubdomain.myserver.com and myserver.com to www.myserver.com?

Thanks

2: Re: Apache as reverse proxy (response to 1)

Posted by David Kuczek on 06/10/03 04:22 PM

I encountered another problem... Whenever I use Apache as a reverse proxy, my site (oacs 3.2.5) is not subsite aware anymore.

[ns_set iget [ns_conn headers] Host] always displays the value of proxypass that I defined in the httpd.conf file, no matter what subdomain is being shown in the URL field of the browser.

3: Re: Apache as reverse proxy (response to 1)

Posted by David Walker on 06/10/03 04:36 PM

I actually went to far as to recompile Apache to support no modules except what I needed and I commented out all the http commands I am not using.

How can I redirect all other subdomains like novalidsubdomain.myserver.com and myserver.com to www.myserver.com? Set up the <VirtualHost _default_:*> section to be the redirector. I'm not sure what exact commands to use but if you can't do it in Apache you can always have the default site go to an aolserver page that does the redirection.

If you want to remain subsite-aware you'll need the target of your proxypass to be distinct for each subsite. Apache sends the Host header you specify in the proxypass line instead of the user-supplied host header.

4: Re: Apache as reverse proxy (response to 1)

Posted by Alfred Werner on 06/10/03 04:46 PM

You don't mention what OS you are running, but for #1 on many linux boxes you just type
% chkconfig
to see what is set to start at boot.
To turn apache on, you say
% chkconfig apache on

Similar method on SGI/IRIX. Not sure about Sun/Solaris - been a while.

As for the rest - I used apache once to proxy / reverse proxy a single site when I needed SSL and the only certificate I had was for apache and time was short, etc. in a manner similar to what you are describing, but no details remain in my head :)

Not sure at all about the Virtual Hosting issue, but it does show that you are using myip.com in the example - why not mydomain.com ??

Subdomains - can you just use DNS treachery, er configuration, to get them to all point to the same IP?

5: Re: Apache as reverse proxy (response to 1)

Posted by David Kuczek on 06/10/03 05:29 PM

Alfred, I am running RH 8.0... forgot to mention that.

David, I changed my config file, but it still doesn't work properly:

<VirtualHost *>
ServerName www.myserver.de
proxypass / http://www.myserver.de:8000/
proxypassreverse / http://www.myserver.de:8000/
</VirtualHost>

<VirtualHost *>
ServerName sd1.myserver.de
proxypass / http://sd1.myserver.de:8000/
proxypassreverse / http://sd1.myserver.de:8000/
</VirtualHost>

<VirtualHost *>
ServerName sd2.arasis.de
proxypass / http://sd2.myserver.de:8000/
proxypassreverse / http://sd2.myserver.de:8000/
</VirtualHost>

Now ad_host always shows me the value of proxypass of the *top* VirtualHost tag... In this example www.myserver.de

6: Re: Apache as reverse proxy (response to 1)

Posted by James Harris on 06/11/03 04:28 AM

chkconfig --level 2345 httpd on

will start Apache at boot on run levels 2, 3, 4 and 5.

You can also start and stop it manually using

service httpd start / stop / restart

7: Re: Apache as reverse proxy (response to 1)

Posted by David Kuczek on 06/12/03 09:51 AM

I found out about the subdomain problem:

I had to put a "NameVirtualHost MyIP" on top of the three VirtualHost tags and replace the three "*" with MyIP...

I am still searching for a solution to redirect i.e. myserver.com to www.myserver.com... Any more detailed suggestions?

What about the error.log? Is AOLserver still logging regularly when being reverse proxied?

8: Re: Apache as reverse proxy (response to 7)

Posted by John Sequeira on 06/12/03 03:06 PM

Redirecting myserver.com to www.myserver.com sounds like a job for mod_rewrite. Have you looked at that yet?

9: Re: Apache as reverse proxy (response to 1)

Posted by David Kuczek on 06/12/03 03:16 PM

Hello John,

nope, I have never looked at mod_rewrite... could you make an example?

10: Re: Apache as reverse proxy (response to 9)

Posted by Malte Sussdorff on 06/12/03 03:29 PM

If I extrapolate correctly:

RewriteEngine on
RewriteRule ^myserver.com http://www.myserver.com

11: Re: Apache as reverse proxy (response to 1)

Posted by Patrick Giagnocavo on 06/12/03 07:06 PM

Use "ServerAlias" on its own line after ServerName. e.g. if ServerName is www.zill.net, set ServerAlias to zill.net . All the other settings in that VirtualHost container will apply regardless of which hostname is used by the person accessing your site.

12: Re: Apache as reverse proxy (response to 1)

Posted by David Kuczek on 06/12/03 07:23 PM

Patrick, do you want me to use ServerAlias in all three containers?

What is the effect of ServerAlias?

13: Re: Apache as reverse proxy (response to 1)

Posted by Patrick Giagnocavo on 06/12/03 07:29 PM

David, the docs at httpd.apache.org will give you all the details. However, for my purposes I use ServerAlias for those cases where I want both www.mydomain.com and mydomain.com to be handled the same.