Apache virtual host, rewrite & proxy question
We are running several sites on several servers on our LAN.
Linux server 1 - Apache with several sites (Mantis, SVN, ...) - Tomcat with some applications (Alfresco, ...) Linux server 2 - Apache with several sites - Tomcat with some applications (Continuum, ...) Windows server - IIS with some sites (Exchange, ...) What we did for now was to open ports on our router and forward them to the correct server/ports. 80 -> Win:80 8080 -> Lin1:8080 8081 -> Lin1:80 8180 -> Lin2:8080 8181 -> Lin2:80 This is a bad solution. What I want to do is open only port 80 and use Apache to forward the requests to the correct server/ports. E.g.: www.ourdomain.com -> Lin1 -> Win www.ourdomain.com/exchange -> Lin1 -> Win/exchange www.ourdomain.com/mantis -> Lin1 -> Lin1/mantis www.ourdomain.com/alfresco -> Lin1 -> Lin1:8080/alfresco www.ourdomain.com/continuum -> Lin1 -> Lin2:8080/continuum Is this possible with Apache? I would think so. I'll probably need to configure VirtualHosts, mod_rewrite and/or mod_proxy. Correct? |
Yes and quite easy. Forward port 80 to a machine running Apache that has network access to all the other servers.
Create a virtual host in Apache to listen to port 80, here is a starter for your vhost config. <VirtualHost *:80> ..... <IfModule mod_proxy.c> <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/exchange(.*) http://win-exchange-ip$1 [P,L] RewriteRule ^/mantis(.*) http://mantis-ip$1 [P,L] RewriteRule ^/alfresco(.*) http://alfresco-ip$1 [P,L] RewriteRule ^/continuum(.*) http://continuum-ip$1 [P,L] </IfModule> </IfModule> </VirtualHost> You will need to make sure that your proxy module is loaded and configured as well as the mod rewrite module. You may or may not want to set ProxyPreserveHost, you would want to put that between <IfModule mod_proxy.c> and <IfModule mod_rewrite.c>. This should cover the bulk of what your attempting to do. badreligion |
Thanks for your reply but as I'm not really that familiar with Apache, I need some more detailed help.
I tried reading up on virtual hosts, rewrite and proxy but the subject is so big and what I want doesn't come up in any examples. I created a config called 'vhost_main'. Just to test I added only 1 RewriteRule. ndg@SVR-DEV:~$ cat /etc/apache2/sites-available/vhost_main <VirtualHost *:80> RewriteEngine On RewriteRule ^/exchange(.*) http://10.0.0.6$1 [P,L] </VirtualHost> I have enabled it and I reloaded Apache: ndg@SVR-DEV:~$ sudo a2ensite vhost_main Site vhost_main installed; run /etc/init.d/apache2 reload to enable. ndg@SVR-DEV:~$ sudo /etc/init.d/apache2 reload * Reloading web server config apache2 [ OK ] Both mod_proxy and mod_rewrite are loaded: ndg@SVR-DEV:~$ ls /etc/apache2/mods-enabled/{proxy,rewrite}.load /etc/apache2/mods-enabled/proxy.load /etc/apache2/mods-enabled/rewrite.load When I try to access http://10.0.0.5/exchange I get a 403 Forbidden. The error logs shows this: ndg@SVR-DEV:~$ cat /var/log/apache2/error.log [...] [Fri Jan 23 11:20:05 2009] [error] [client 10.0.0.50] client denied by server configuration: proxy:http://10.0.0.6 Maybe the proxy module isn't configured correctly? ndg@SVR-DEV:~$ cat /etc/apache2/mods-available/proxy.conf <IfModule mod_proxy.c> ProxyRequests Off <Proxy *> AddDefaultCharset off Order deny,allow Deny from all </Proxy> ProxyVia On </IfModule> I hope you can help me get it working. |
I added 2 more lines to get some extra logging:
RewriteLog "/var/log/apache2/rewrite.log" RewriteLogLevel 2 Resulting in: ndg@SVR-DEV:~$ cat /var/log/apache2/rewrite.log 10.0.0.50 - - [23/Jan/2009:13:48:20 +0100] [10.0.0.5/sid#7e1a08][rid#a096e8/initial] (2) init rewrite engine with requested uri /exchange 10.0.0.50 - - [23/Jan/2009:13:48:20 +0100] [10.0.0.5/sid#7e1a08][rid#a096e8/initial] (2) rewrite '/exchange' -> 'http://10.0.0.6' 10.0.0.50 - - [23/Jan/2009:13:48:20 +0100] [10.0.0.5/sid#7e1a08][rid#a096e8/initial] (2) forcing proxy-throughput with http://10.0.0.6 10.0.0.50 - - [23/Jan/2009:13:48:20 +0100] [10.0.0.5/sid#7e1a08][rid#a096e8/initial] (1) go-ahead with proxy request proxy:http://10.0.0.6 [OK] |
I'm slowly progressing...
I modified the proxy config. It now looks like this: ndg@SVR-DEV:~$ cat /etc/apache2/mods-available/proxy.conf <IfModule mod_proxy.c> ProxyRequests On <Proxy *> AddDefaultCharset off Order deny,allow Deny from all Allow from 10.0.0 </Proxy> ProxyVia On </IfModule> I'm getting a different error now, 500 Internal Server Error. ndg@SVR-DEV:~$ cat /var/log/apache2/error.log [...] [Fri Jan 23 14:19:41 2009] [warn] proxy: No protocol handler was valid for the URL /exchange. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. It seems to me that the rewriting wasn't correct and that instead of 'http://10.0.0.6/exchange' only '/exchange' was passed. Maybe the regex isn't correct? I'll check that first... |
If I change the rule to
RewriteRule ^/exchange(.*) http://10.0.0.6/exchange$1 [P,L] the RewriteLog shows this: 10.0.0.50 - - [23/Jan/2009:15:58:57 +0100] [10.0.0.5/sid#7a5658][rid#a0b088/initial] (2) init rewrite engine with requested uri /exchange 10.0.0.50 - - [23/Jan/2009:15:58:57 +0100] [10.0.0.5/sid#7a5658][rid#a0b088/initial] (2) rewrite '/exchange' -> 'http://10.0.0.6/exchange' 10.0.0.50 - - [23/Jan/2009:15:58:57 +0100] [10.0.0.5/sid#7a5658][rid#a0b088/initial] (2) forcing proxy-throughput with http://10.0.0.6/exchange 10.0.0.50 - - [23/Jan/2009:15:58:57 +0100] [10.0.0.5/sid#7a5658][rid#a0b088/initial] (1) go-ahead with proxy request proxy:http://10.0.0.6/exchange [OK] which looks to me to be more correct than previously. The problem remains though, so there must be something else wrong. |
The rewrite rules I gave assumed that Apache configured to listen on 10.0.0.6 did not need the /exchange appended to the URL. In other words the rewrite was valid but maybe did not produce the result your backend server is setup to respond to. As it was the rule would process a request as below
http://10.0.0.5/exchange -> http://10.0.0.6 http://10.0.0.5/exchange/foo -> http://10.0.0.6/foo now the rewrite will process a request as below http://10.0.0.5/exchange -> http://10.0.0.6/exchange http://10.0.0.5/exchange/foo -> http://10.0.0.6/exchange/foo According to the logs the proxy is working just fine. Your problem may be at the back end server. What do the logs look like on 10.0.0.6? Badreligion |
Progress once more...
The proxy wasn't working because 'mod_proxy_http' wasn't loaded. It is now and my rules seem to be working ok. There are some issues left though: 1. The rewritten URL is displayed instead of the original URL. Eg. http://www.ourdomain.com/afresco becomes http://10.0.0.5:8080/alfresco Can I make this rewriting transparent to the users? 2. The sites on the Apache server get sucked in the catch-all rewrite rule. In the original default site config there are some sites defined and if I add this config # Userfriendly Subversion Alias /usvn /opt/website/apache/usvn <Directory "/opt/website/apache/usvn"> AllowOverride All </Directory> <Location "/usvn/svn"> ErrorDocument 404 default DAV svn Require valid-user SVNParentPath /opt/version_control/svn/files/svn SVNListParentPath off AuthType Basic AuthName "USVN" AuthUserFile /opt/version_control/svn/files/htpasswd AuthzSVNAccessFile /opt/version_control/svn/files/authz </Location> # Mantis Alias /mantis /opt/website/apache/mantis to the new config before the rwrite rules the request are redirected through the default rule anyway. My Rewrite section looks like this: RewriteRule ^/alfresco(.*) http://10.0.0.5:8080/alfresco$1 [P,L] ... # Default: redirect everything to 10.0.0.6 RewriteRule ^/(.*) http://10.0.0.6/$1 [P,L] Adding these rules RewriteRule ^/mantis(.*) http://10.0.0.5/mantis$ [P,L] RewriteRule ^/usvn(.*) http://10.0.0.5/usvn$1 [P,L] doesn't work because it is causing an infinite loop. How can I do it? Thanks for your help and patience so far. |
Problem 1: Its odd that the url is being rewritten rather than proxied. The [P] flag is supposed to force a reverse proxy and should cause the rewrite/proxy to be transparent.
I have the rewrite rule below in production use and the url is not rewritten and the proxy is completely transparent to any users. RewriteRule ^/(.*)$ http://localhost:12000/$1 [P,L] Do you perhaps have a rewrite rule that isn't using the P flag and it is rewriting the url without proxying? It might be helpful if you could post the entire config file, of course stripping out any sensitive information. Problem 2: Wait do you want to proxy /mantis and /usvn to another server or are those being served locally? If you are using a default rewrite rule to proxy everything to another server, in order to prevent a request from being proxied you will need to give something like below: RewriteRule ^/dont/proxy/this /dont/proxy/this [L] or if you need regexp matching, something like: RewriteRule ^/dont/proxy/this(/.*)?$ /dont/proxy/this$1 [L] Sorry it took so long to respond, been pretty busy lately. BadReligion |
All times are GMT -5. The time now is 07:41 AM. |