httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Schenck <robschenck...@gmail.com>
Subject [users@httpd] Reverse proxying is problematic
Date Wed, 02 Dec 2009 11:02:27 GMT
*I know this is a long read...but I really need help, and felt the best way
for anyone to help me remotely is to explain the issues in their entirety. *

Hello,

I'm trying to set a reverse proxy, but first, some context:

My office is subscribed to few academic journals. These journals verify the
subscription via IP, such that anyone connected to the internet through our
connection can access the journals. However, some individuals would like to
access the journals away from the office as well. We have a VPN, but it only
connects them to our intranet. Therefore, we want to create a reverse proxy
such that the users with connect to the VPN, then to our intranet, and then
to the proxy server, and then, ultimately, to the journal at hand. This
works because the proxy server will be within our intranet, which they have
access to through the VPN. So it will look like so:

Client --> VPN --> Our Intranet --> Reverse Proxy --> Journal

Note that I'm an intern and have had *very *little experience with Apache
and networking in general (and Linux!)...so please explain things fully.

I have attempted to follow this guide:
http://www.apachetutor.org/admin/reverseproxies

I'm running SUSE Linux Enterprise 11, and have installed apache through
zypper. I installed the mod_proxy_html and mod_xml2enc modules via
compiling. They are fully functional. (mod_proxy_html to rewrite links).

In the examples below I'm attempting to reverse proxy both http://aip.organd
http://apl.aip.org. So basically want I want to do is have anything that is
http://aip.org/somepage.html to be http://proxysrv1/aip/somepage.html and
anything that is http://apl.aip.org to be http://proxysrv1/apl/somepage.html.
All of the content on the page must go through the proxy (note: I know that
many of the links lead to other sub-domains, I will include those as
well...but later, I figured I should get these two working first). *Please
do not suggest a different server application like Squid, I'm required to
use Apache. *

So far, I have the following modifications to the http.conf file:

----------------------------------------------------------------------------------------------------------------------------
Include /etc/apache2/vhosts.d/*.conf

ProxyHTMLEnable On
ProxyHTMLExtended On

ProxyHTMLLinks  a               href
ProxyHTMLLinks  area            href
ProxyHTMLLinks  link            href
ProxyHTMLLinks  img             src longdesc usemap
ProxyHTMLLinks  object          classid codebase data usemap
ProxyHTMLLinks  q               cite
ProxyHTMLLinks  blockquote      cite
ProxyHTMLLinks  ins             cite
ProxyHTMLLinks  del             cite
ProxyHTMLLinks  form            action
ProxyHTMLLinks  input           src usemap
ProxyHTMLLinks  head            profile
ProxyHTMLLinks  base            href
ProxyHTMLLinks  script          src for
ProxyHTMLLinks  iframe          src

ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
                onmouseover onmousemove onmouseout onkeypress \
                onkeydown onkeyup onfocus onblur onload \
                onunload onsubmit onreset onselect onchange

ProxyRequests Off
ProxyPass /aip/ http://aip.org/
ProxyPassReverse /aip/ http://aip.org/
ProxyHTMLURLMap http://www.aip.org http://proxysrv1/aip
ProxyPass /apl/ http://apl.aip.org/
ProxyPassReverse /apl/ http://apl.aip.org/
ProxyHTMLURLMap http://apl.aip.org http://proxysrv1/apl

<Location /aip/>
        ProxyHTMLEnable On
        ProxyHTMLExtended On
        ProxyPassReverse /
        ProxyHTMLURLMap / /
        RequestHeader unset Accept-Encoding
</Location>

<Location /apl/>
        ProxyHTMLEnable On
        ProxyHTMLExtended On
        ProxyPassreverse /
        ProxyHTMLURLMap / /
        RequestHeader unset Accept-Encoding
</Location>

ProxyHTMLLogVerbose On
LogLevel Info


----------------------------------------------------------------------------------------------------------------------------

And the following modifications to the vhost.conf file:

----------------------------------------------------------------------------------------------------------------------------

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName proxysrv1
    DocumentRoot /srv/www/htdocs
    HostnameLookups Off
    UseCanonicalName On

    ServerSignature On
    <Directory "/srv/www/htdocs">
        Options Indexes All
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:80>
        Documentroot /srv/www/htdocs/aip
        Servername proxysrv1/aip
        HostnameLookups Off
        UseCanonicalName On
        ServerSignature On
        <Directory "/srv/www/htdocs/aip">

                Options Indexes All
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>


<VirtualHost *:80>

        Documentroot /srv/www/htdocs/apl
        Servername proxysrv1/apl
        HostnameLookups Off
        UseCanonicalName On
        ServerSignature On
        <Directory "/srv/www/htdocs/apl">

                Options Indexes All
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

-------------------------------------------------------------------------------------------

*The mass of issues:*

1) http://proxysrv1/aip/ looks like this: http://imgur.com/n6m0L.png

The page source: http://paste.ubuntu.com/333007/

2) http://proxysrv1/apl/ looks like this: http://proxysrv1/apl/

The page source: http://paste.ubuntu.com/333009/

3) I created a virtual host & proxy at http://proxysrv1/apl/, yet
links like http://apl.aip.org/about/about_the_journal

redirect to http://proxysrv/about/about_the_journal rather than
http://proxysrv/apl/about/about_the_journal

4) All the pages look like crap. I had aip.org working previously, but
only if I set its directory to / (so by going to http://proxysrv1/ you
went to aip.org/),

and had no virtual hosts.

5) That's actually all I can think of. But the pages are pretty darn broken.

*Please explain any fixes in a step-by-step process. Again, I'm new to this.*

Mime
View raw message