-   Linux - Server (
-   -   Apache virtual host, rewrite & proxy question (

NickDeGraeve 01-22-2009 04:52 AM

Apache virtual host, rewrite & proxy question
We are running several sites on several servers on our LAN.

Linux server 1
- Apache with several sites (Mantis, SVN, ...)
- Tomcat with some applications (Alfresco, ...)

Linux server 2
- Apache with several sites
- Tomcat with some applications (Continuum, ...)

Windows server
- IIS with some sites (Exchange, ...)

What we did for now was to open ports on our router and forward them to the correct server/ports.

80 -> Win:80
8080 -> Lin1:8080
8081 -> Lin1:80
8180 -> Lin2:8080
8181 -> Lin2:80

This is a bad solution.

What I want to do is open only port 80 and use Apache to forward the requests to the correct server/ports. E.g.: -> Lin1 -> Win -> Lin1 -> Win/exchange -> Lin1 -> Lin1/mantis -> Lin1 -> Lin1:8080/alfresco -> Lin1 -> Lin2:8080/continuum

Is this possible with Apache? I would think so.
I'll probably need to configure VirtualHosts, mod_rewrite and/or mod_proxy. Correct?

skibler1223 01-22-2009 07:51 AM

Yes and quite easy. Forward port 80 to a machine running Apache that has network access to all the other servers.

Create a virtual host in Apache to listen to port 80, here is a starter for your vhost config.

<VirtualHost *:80>
<IfModule mod_proxy.c>
<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule ^/exchange(.*) http://win-exchange-ip$1 [P,L]
RewriteRule ^/mantis(.*) http://mantis-ip$1 [P,L]
RewriteRule ^/alfresco(.*) http://alfresco-ip$1 [P,L]
RewriteRule ^/continuum(.*) http://continuum-ip$1 [P,L]

You will need to make sure that your proxy module is loaded and configured as well as the mod rewrite module.

You may or may not want to set ProxyPreserveHost, you would want to put that between <IfModule mod_proxy.c> and <IfModule mod_rewrite.c>.

This should cover the bulk of what your attempting to do.


NickDeGraeve 01-23-2009 04:30 AM

Thanks for your reply but as I'm not really that familiar with Apache, I need some more detailed help.

I tried reading up on virtual hosts, rewrite and proxy but the subject is so big and what I want doesn't come up in any examples.

I created a config called 'vhost_main'. Just to test I added only 1 RewriteRule.

ndg@SVR-DEV:~$ cat /etc/apache2/sites-available/vhost_main
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/exchange(.*)$1 [P,L]

I have enabled it and I reloaded Apache:
ndg@SVR-DEV:~$ sudo a2ensite vhost_main
Site vhost_main installed; run /etc/init.d/apache2 reload to enable.
ndg@SVR-DEV:~$ sudo /etc/init.d/apache2 reload
* Reloading web server config apache2 [ OK ]

Both mod_proxy and mod_rewrite are loaded:
ndg@SVR-DEV:~$ ls /etc/apache2/mods-enabled/{proxy,rewrite}.load
/etc/apache2/mods-enabled/proxy.load /etc/apache2/mods-enabled/rewrite.load

When I try to access I get a 403 Forbidden.

The error logs shows this:
ndg@SVR-DEV:~$ cat /var/log/apache2/error.log
[Fri Jan 23 11:20:05 2009] [error] [client] client denied by server configuration: proxy:

Maybe the proxy module isn't configured correctly?
ndg@SVR-DEV:~$ cat /etc/apache2/mods-available/proxy.conf
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
ProxyVia On

I hope you can help me get it working.

NickDeGraeve 01-23-2009 07:00 AM

I added 2 more lines to get some extra logging:

RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

Resulting in:

ndg@SVR-DEV:~$ cat /var/log/apache2/rewrite.log - - [23/Jan/2009:13:48:20 +0100] [][rid#a096e8/initial] (2) init rewrite engine with requested uri /exchange - - [23/Jan/2009:13:48:20 +0100] [][rid#a096e8/initial] (2) rewrite '/exchange' -> '' - - [23/Jan/2009:13:48:20 +0100] [][rid#a096e8/initial] (2) forcing proxy-throughput with - - [23/Jan/2009:13:48:20 +0100] [][rid#a096e8/initial] (1) go-ahead with proxy request proxy: [OK]

NickDeGraeve 01-23-2009 07:33 AM

I'm slowly progressing...

I modified the proxy config. It now looks like this:

ndg@SVR-DEV:~$ cat /etc/apache2/mods-available/proxy.conf
<IfModule mod_proxy.c>
ProxyRequests On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Deny from all
Allow from 10.0.0
ProxyVia On

I'm getting a different error now, 500 Internal Server Error.

ndg@SVR-DEV:~$ cat /var/log/apache2/error.log
[Fri Jan 23 14:19:41 2009] [warn] proxy: No protocol handler was valid for the URL /exchange. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

It seems to me that the rewriting wasn't correct and that instead of '' only '/exchange' was passed.

Maybe the regex isn't correct? I'll check that first...

NickDeGraeve 01-23-2009 10:24 AM

If I change the rule to

RewriteRule ^/exchange(.*)$1 [P,L]

the RewriteLog shows this: - - [23/Jan/2009:15:58:57 +0100] [][rid#a0b088/initial] (2) init rewrite engine with requested uri /exchange - - [23/Jan/2009:15:58:57 +0100] [][rid#a0b088/initial] (2) rewrite '/exchange' -> '' - - [23/Jan/2009:15:58:57 +0100] [][rid#a0b088/initial] (2) forcing proxy-throughput with - - [23/Jan/2009:15:58:57 +0100] [][rid#a0b088/initial] (1) go-ahead with proxy request proxy: [OK]

which looks to me to be more correct than previously.

The problem remains though, so there must be something else wrong.

skibler1223 01-24-2009 11:57 AM

The rewrite rules I gave assumed that Apache configured to listen on did not need the /exchange appended to the URL. In other words the rewrite was valid but maybe did not produce the result your backend server is setup to respond to. As it was the rule would process a request as below -> ->

now the rewrite will process a request as below -> ->

According to the logs the proxy is working just fine. Your problem may be at the back end server. What do the logs look like on


NickDeGraeve 01-26-2009 09:01 AM

Progress once more...

The proxy wasn't working because 'mod_proxy_http' wasn't loaded. It is now and my rules seem to be working ok. There are some issues left though:

1. The rewritten URL is displayed instead of the original URL. Eg. becomes

Can I make this rewriting transparent to the users?

2. The sites on the Apache server get sucked in the catch-all rewrite rule.

In the original default site config there are some sites defined and if I add this config

# Userfriendly Subversion
Alias /usvn /opt/website/apache/usvn
<Directory "/opt/website/apache/usvn">
AllowOverride All
<Location "/usvn/svn">
ErrorDocument 404 default
DAV svn
Require valid-user
SVNParentPath /opt/version_control/svn/files/svn
SVNListParentPath off
AuthType Basic
AuthName "USVN"
AuthUserFile /opt/version_control/svn/files/htpasswd
AuthzSVNAccessFile /opt/version_control/svn/files/authz

# Mantis
Alias /mantis /opt/website/apache/mantis

to the new config before the rwrite rules the request are redirected through the default rule anyway.

My Rewrite section looks like this:

RewriteRule ^/alfresco(.*)$1 [P,L]
# Default: redirect everything to
RewriteRule ^/(.*)$1 [P,L]

Adding these rules

RewriteRule ^/mantis(.*)$ [P,L]
RewriteRule ^/usvn(.*)$1 [P,L]

doesn't work because it is causing an infinite loop.

How can I do it?

Thanks for your help and patience so far.

skibler1223 02-02-2009 07:09 PM

Problem 1: Its odd that the url is being rewritten rather than proxied. The [P] flag is supposed to force a reverse proxy and should cause the rewrite/proxy to be transparent.

I have the rewrite rule below in production use and the url is not rewritten and the proxy is completely transparent to any users.

RewriteRule ^/(.*)$ http://localhost:12000/$1 [P,L]

Do you perhaps have a rewrite rule that isn't using the P flag and it is rewriting the url without proxying?

It might be helpful if you could post the entire config file, of course stripping out any sensitive information.

Problem 2: Wait do you want to proxy /mantis and /usvn to another server or are those being served locally?

If you are using a default rewrite rule to proxy everything to another server, in order to prevent a request from being proxied you will need to give something like below:

RewriteRule ^/dont/proxy/this /dont/proxy/this [L]

or if you need regexp matching, something like:

RewriteRule ^/dont/proxy/this(/.*)?$ /dont/proxy/this$1 [L]

Sorry it took so long to respond, been pretty busy lately.


All times are GMT -5. The time now is 09:09 PM.