User Tools

Site Tools


Sidebar

js#vista.png msort nsort

project-open:apache_proxy

Apache mod_proxy with ]project-open[

Running AOL server on a port other than port 80 is a good way to have multiple versions/installs of ]po[ available for differing needs. the problem is remembering which port is for which install.

By making use of Apache with mod_proxy and mod_proxy_html you can create subdomain virtualhosts in Apache that are proxied to and from the differing AOLserver/]po[ backends.

mod_proxy_html

Setting up a vhost in apache is a simple matter, so I won't go into it in depth and will only explain certain config options that are more to do with the proxy settings. I am working almost entirely on Debian servers so installation of mod_proxy_html is quite easy:

apt-get install libapache2-mod-proxy-html

mod_proxy is in the core Apache install on Debian systems so there is no need to install it. Once mod-proxy-html is installed make sure mod_proxy and mod_proxy_html are enabled in /etc/apache2/mods-enabled.

Apache subdomain VHost

Now we can start getting down to business.

below you will see a sample vhost entry that I use to redirect ALL http requests to the subdomain po.itadmins.net to a secured HTTPS connection and from there it's proxied to the ]po[ install on port 8444.

root@etch:/etc/apache2/sites-enabled# cat www.itadmins.net
NameVirtualHost 195.98.208.135:80

<VirtualHost po.itadmins.net:80>
        AssignUserID itadmins itadmins
        ServerAdmin webmaster@itadmins.net
        ServerName po.itadmins.net

        Redirect permanent / https://po.itadmins.net/
</VirtualHost>
root@etch:/etc/apache2/sites-enabled# cat www.itadmins.net-ssl
<IfModule mod_ssl.c>

NameVirtualHost 195.98.208.135:443

<VirtualHost 195.98.208.135:443>
        AssignUserID itadmins itadmins
        ServerAdmin webmaster@itadmins.net
        ServerName po.itadmins.net

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/apache2/ssl/itadmins_net.cert.pem
        SSLCertificateKeyFile /etc/apache2/ssl/itadmins_net.key.pem

        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0

        ProxyHTMLLogVerbose On
        LogLevel error
        ProxyRequests Off
        SSLProxyEngine on

        <Location />
                ProxyPass https://po.itadmins.net:8444/
                ProxyPassReverse https://po.itadmins.net:8444/
        </Location>

</VirtualHost>

ProxyHTMLLogVerbose: Turns on verbose logging of mod_proxy_html. very useful when you first start working with the module.

ProxyRequests: used to ensure that noone can abuse your proxy. IF you wish to enable this then be sure to secure your proxy and deny all access to the proxy except for those that should be allowed to access it!!!!

SSLProxyEngine: enables the proxy for SSL connection support

project-open/apache_proxy.txt · Last modified: 2020/02/24 11:16 (external edit)