httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serge Dubrouski" <serge...@gmail.com>
Subject Re: [users@httpd] Apache 2 mod_proxy & mod_rewrite questions
Date Fri, 29 Sep 2006 15:05:48 GMT
Honestly I'm not really familiar with ProxyPass and ProxyPassReverse.
I would do following:

RewriteRule ^/(.*)$    https://real_server:8050/$1 [P,L]

Try to put that instead of your ProxyPass and ProxyPassReverse. That
should do the trick.


On 9/29/06, Jeff DeFord <jeff.deford@gmail.com> wrote:
> AFAIK, it is all static content with some jsp pages. No CGI/PHP/Etc...
> The real server is an Oracle application server, so all of the web
> content was derived from the installation process script "AutoConfig".
>
> My confusion is in trying to get the URL's rewritten and proxied that
> go beyond the root level.  I have tried various combinations of
> ProxyPass and ProxyPassReverse statements, Rewrite Rules, etc and so
> far I can only get the root-level HTML to proxy and rewrite.
>
> so the real url
> https://realserver:8050/some_page.html
>
> appears to be
> https://proxyserver/some_page.html
>
> Just as it should.
>
> But mousing over or clicking any url with a directory path beyond "/"
> shows that the URL does not get rewritten or proxied and I have tried
> a myriad of combinations iwth ProxyPass/Reverse and RewriteRule
> directives all to no avail.
>
> Here are the important bits of the httpd.conf file:
>
> <VirtualHost *:80>
>   ServerName proxy_server
>   RewriteEngine   On
>   RewriteLogLevel 9
>   RewriteLog      logs/rewrite_log
>   ## Redirect all incoming HTTP requests to HTTPS locally before proxying.
>   RewriteRule ^/(.*) https://proxy_server/$1 [R,L]
> </VirtualHost>
>
>
> <VirtualHost _default_:443>
>   # General setup for the virtual host
>   ServerName proxy_server
>   SSLEngine on
>   SSLOptions +StrictRequire
>   SSLProtocol -all +TLSv1 +SSLv3
>   SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
>
>   # Server Certificate:
>   SSLCertificateFile conf/ssl.crt/server.crt
>   # Server Private Key:
>   SSLCertificateKeyFile conf/ssl.key/server.key
>   # SSL Protocol Adjustments:
>   SetEnvIf User-Agent ".*MSIE.*" \
>   nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
>   # Per-Server Logging:
>   #CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x \"%r\" %b"
>   CustomLog logs/ssl_request_log common
>
>   RewriteEngine   On
>   RewriteLogLevel 9
>   RewriteLog      logs/rewrite_log
>
>   ProxyRequests     Off
>   SSLProxyEngine    On
>   SSLProxyCACertificateFile conf/cacerts.crt
>   ProxyPreserveHost On
>   ProxyPass              /      https://real_server:8050/
>   ProxyPassReverse  /      https://real_server:8050/
> </VirtualHost>
>
>
> I have tried putting proxy rules in the 443 virtual host
> I have tried putting proxy rules in the IfModule mod_proxy.c section
> I have tried rewrite rules in all kinds of places and all kinds of
> combinations of proxy and rewrite directives...
> But somehow I can't get the combination right.
>
> I want URLs from the real server like this one
> https://real_server:8050/dir1/dir2/jsp/some_page.jsp
>
> to get proxied and appear as if they came from the proxy server
> https://proxy_server/dir1/dir2/jsp/some_page.jsp
>
> I just don't know where to put the rules and if I need both porxy and
> rewrite rules for every possible URL/directory structure combination
> that exists on the real server.
>
> Any help or direction would be greatly appreciated.
>
> -=jeff
>
>
> On 9/28/06, Serge Dubrouski <sergeyfd@gmail.com> wrote:
> > What kind of "real" server do you have on backend? Does it have static
> > content or dynamic? Could it be that your wrong links are generated on
> > backend by PHP/ASP/CGI or any other dynamic application that uses
> > $SEVER_NAME or some other variable to build absolute links?
> >
> > On 9/28/06, Jeff DeFord <jeff.deford@gmail.com> wrote:
> > > For testing purposes, I'm using a self-signed sert on the proxy server
> > > for the initial redirection, then the proxy server acts as a SSL
> > > client for all proxied requests that are handed off to the app server
> > > which is listening on port 8050 (SSL) using a real certificate.
> > >
> > > I copied the real cert file to the proxy server and put it in a file
> > > called cacerts.crt and added the directive shown below to the
> > > httpd.conf file:
> > >
> > > SSLProxyCACertificateFile conf/cacerts.crt
> > >
> > > In this configuration, the proxy server can be configured to be a SSL
> > > client for many sites each having their own cert.
> > >
> > > My problem is getting the proxy server configured so that mod_proxy
> > > and mod_rewrite do their job for the URLs on the app server that are
> > > below the root level and incorporate multiple levels of directories in
> > > the URL. It all works great for foor-level URL's.
> > >
> > > I hope I answered your question. Now if someone could help me answer mine...
> > >
> > > -=jeff
> > >
> > >
> > > On 9/28/06, John king <johnking06@gmail.com> wrote:
> > > > Where is your server cert installed? If it is installed on the reverse
proxy
> > > > server, do you decrypte the incoming HTTPS
> > > > traffic and re-encrypte it again in the proxy server before sending it
to
> > > > the next host?
> > > >
> > > >
> > > > On 9/28/06, Jeff DeFord <jeff.deford@gmail.com> wrote:
> > > > > Not sure if that would work since all requests are HTTPS...
> > > > > Can you elaborate?
> > > > >
> > > > > Here are the modules I compiled in when I built Apache:
> > > > > # ./httpd -l
> > > > > Compiled in modules:
> > > > >   core.c
> > > > >   mod_access.c
> > > > >   mod_auth.c
> > > > >   mod_log_config.c
> > > > >   mod_headers.c
> > > > >   mod_setenvif.c
> > > > >   mod_proxy.c
> > > > >   proxy_connect.c
> > > > >   proxy_ftp.c
> > > > >   proxy_http.c
> > > > >   mod_ssl.c
> > > > >   prefork.c
> > > > >   http_core.c
> > > > >   mod_mime.c
> > > > >   mod_status.c
> > > > >   mod_dir.c
> > > > >   mod_rewrite.c
> > > > >   mod_so.c
> > > > >
> > > > >
> > > > > On 9/27/06, Jim BAO <JXB6@nrc.gov> wrote:
> > > > > > Did you try HTTP Connect?
> > > > > >
> > > > > > >>> jeff.deford@gmail.com 9/27/2006 10:35 AM >>>
> > > > > > All:
> > > > > >
> > > > > > I have some questions regarding the way to implement
> > > > > > Apache as a reverse proxy server using mod_rewrite in order
to mask the
> > > > > > real
> > > > > > URLs. Users will connect to the proxy, then the proxy will connect
to
> > > > > > the real server that is listening on port 8050 (SSL)
> > > > > >
> > > > > >
> > > > > > So far this is what I have working:
> > > > > >
> > > > > > Proxy server listining on port 80 and on 443 and I am
> > > > > > using a rewrite rule to force a rediect to 443 only as shown
below:
> > > > > >
> > > > > >  ## Redirect all incoming HTTP requests to HTTPS locally before
> > > > > > proxying.
> > > > > >  RewriteRule ^/(.*) https://proxy.server.com/$1 [R,L]
> > > > > >
> > > > > > This works just as expected as my initial http connection gets
forced
> > > > > > to https.
> > > > > >
> > > > > > Then I have the following proxy statements set up as shown below
for
> > > > > > the default SSL virtual host on the proxy server:
> > > > > >
> > > > > >  ProxyRequests     Off
> > > > > >  SSLProxyEngine    On
> > > > > >  SSLProxyCACertificateFile conf/cacerts.crt
> > > > > >  ProxyPreserveHost On
> > > > > >  ProxyPass         / https://real.server.com:8050/
> > > > > >  ProxyPassReverse  / https://real.server.com:8050/
> > > > > >
> > > > > > This all works great for all of the base URLs on the root level.
The
> > > > > > home
> > > > > > page URLs on the real server get rewritten and appear to have
> > > > > > originated from the proxy server when I mouse over or
> > > > > > click on a root-level URL.
> > > > > >
> > > > > > However, any URL with a subdirectory below the root level on
the real
> > > > > > server does not get rewritten and the real URL (the complete
URL on
> > > > > > the real server including the port number 8050) is visible on
the
> > > > > > proxied web page.
> > > > > >
> > > > > > Now, how do go I about getting this to work for all of the URLs
with
> > > > > > subdirectories? I have read through the documentation and I
am stuck.
> > > > > >
> > > > > > Do I need rewrite rules for each URL that has a subdirectly
below the
> > > > > > root with a subsequent ProxyPass and ProxyPassReverse statement?
> > > > > >
> > > > > > Do my rewrite rules need to use the proxy flag [P]? Or will
they work
> > > > > > once written to mimic the root-level rules?
> > > > > >
> > > > > > Many thanks in advance for any help that you may provide....
> > > > > >
> > > > > >
> > > > > > -=jeff
> > > > > >
> > > > > >
> > > > ---------------------------------------------------------------------
> > > > > > The official User-To-User support forum of the Apache HTTP Server
> > > > > > Project.
> > > > > > See <URL: http://httpd.apache.org/userslist.html> for
> > > > more info.
> > > > > > To unsubscribe, e-mail:
> > > > users-unsubscribe@httpd.apache.org
> > > > > >   "   from the digest:
> > > > users-digest-unsubscribe@httpd.apache.org
> > > > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > > >
> > > > > >
> > > > ---------------------------------------------------------------------
> > > > > > The official User-To-User support forum of the Apache HTTP Server
> > > > Project.
> > > > > > See <URL: http://httpd.apache.org/userslist.html> for
> > > > more info.
> > > > > > To unsubscribe, e-mail:
> > > > users-unsubscribe@httpd.apache.org
> > > > > >   "   from the digest:
> > > > users-digest-unsubscribe@httpd.apache.org
> > > > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > ---------------------------------------------------------------------
> > > > > The official User-To-User support forum of the Apache HTTP Server
Project.
> > > > > See <URL: http://httpd.apache.org/userslist.html> for
> > > > more info.
> > > > > To unsubscribe, e-mail:
> > > > users-unsubscribe@httpd.apache.org
> > > > >    "   from the digest:
> > > > users-digest-unsubscribe@httpd.apache.org
> > > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message