httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank Gingras <francois.ging...@gmail.com>
Subject Re: [users@httpd] Rewrite Rule
Date Thu, 25 Apr 2013 18:22:11 GMT
On 4/25/2013 1:59 PM, Chris Arnold wrote:
> Ooopppsss!! Anyway I can get a mod to delete my last email to the list?
>
> Sent from my iPhone
>
> On Apr 25, 2013, at 1:44 PM, "Chris Arnold" <carnold@electrichendrix.com> wrote:
>
>> Sorry to email you directly but i am doing this to give you the complete unedited
config files. I don't want them on an indexed mailing list for security reasons. Either you
or i can post back to the list so others are aware of the findings.
>>
>> So i have made the namevirtualhost edit in my listen.conf file:
>>
>> Listen 80
>>
>>
>> <IfDefine SSL>
>>     <IfDefine !NOSSL>
>>     <IfModule mod_ssl.c>
>>
>> #        Listen 443
>>
>>     </IfModule>
>>     </IfDefine>
>> </IfDefine>
>>
>>
>> # Use name-based virtual hosting
>> #
>> # - on a specified address / port:
>> #
>> #NameVirtualHost 12.34.56.78:80
>> #
>> # - name-based virtual hosting:
>> #
>> NameVirtualHost *:443
>>
>> Here is the "main" ssl virtual host:
>>
>> <IfDefine SSL>
>> <IfDefine !NOSSL>
>>
>> <VirtualHost *:443>
>>     #This will be the default vhost because the name starts with 000
>>
>>     #  General setup for the virtual host
>>     #DocumentRoot "/srv/www/htdocs"
>>     ServerName teknerds.net:443
>>     ServerAlias mail.* ifolder.*
>>
>>     #This rewrites https://mail.anydomain.tld to our mail server
>>     RewriteEngine On
>>     RewriteCond %{HTTP_HOST} ^mail\.
>>     RewriteCond %{HTTPS} on
>>     RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>>     #RedirectMatch ^/$ /zimbra/
>>
>>     #This rewrites https://mail.anydomain.tld to our mail server
>>     #RewriteEngine On
>>     #RewriteLog /var/log/apache2/rewrite.log
>>     #RewriteLogLevel 3
>>     #RewriteCond %{HTTP_HOST} ^apps\.
>>     #RewriteCond %{HTTPS} on
>>     #RewriteRule ^/(.*) https://192.168.123.7/rdweb/ [P]
>>     #RedirectMatch ^/$ /rdweb/
>>
>>     RewriteCond %{HTTP_HOST} ^webmail\.
>>     RewriteCond %{HTTPS} on
>>     RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>>     
>>     #This rewrites https://ifolder.anydomain.tld to our ifolder server
>>     #RewriteCond %{HTTP_HOST} ^ifolder\.
>>     #RewriteCond %{HTTPS} on
>>     #RewriteRule ^/(.*) https://192.168.123.4/ifolder/$1 [P]
>>     #RedirectMatch ^/$ /ifolder/
>>
>>     #This rewrites https://share.anydomain.tld to our alfresco server
>>     #RewriteCond %{HTTP_HOST} ^share\.
>>     #RewriteCond %{HTTPS} on
>>     #RewriteRule ^/(.*) http://192.168.123.3:8080/share/$1 [P]
>>     
>>     #ServerAdmin webmaster@example.com
>>     ErrorLog /var/log/apache2/error_log
>>     TransferLog /var/log/apache2/access_log
>>
>>     SSLProxyEngine On
>>     ProxyPreserveHost On
>>     ProxyPass /ifolder https://192.168.123.4/ifolder
>>     ProxyPassReverse /ifolder https://192.168.123.4/ifolder
>>     ProxyPass /simias10 https://192.168.123.4/simias10
>>     ProxyPassReverse /simias10 https://192.168.123.4/simias10
>>     ProxyPass /admin https://192.168.123.4/admin
>>     ProxyPassReverse /admin https://192.168.123.4/admin
>>     ProxyPass /nps https://192.168.123.4/nps
>>     ProxyPassReverse /nps https://192.168.123.4/nps
>>     
>>     #ProxyPass / https://192.168.124.3/
>>     #ProxyPassReverse / https://192.168.124.3/
>>     #<Proxy *>
>>     #    Order allow,deny
>>     #    Allow from all
>>     #</Proxy>
>>
>>     #   SSL Engine Switch:
>>     #   Enable/Disable SSL for this virtual host.
>>     SSLEngine on
>>
>>     #   SSL Cipher Suite:
>>     #   List the ciphers that the client is permitted to negotiate.
>>     #   See the mod_ssl documentation for a complete list.
>>     SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>>
>>     #   Server Certificate:
>>     #   Point SSLCertificateFile at a PEM encoded certificate.  If
>>     #   the certificate is encrypted, then you will be prompted for a
>>     #   pass phrase.  Note that a kill -HUP will prompt again.  Keep
>>     #   in mind that if you have both an RSA and a DSA certificate you
>>     #   can configure both in parallel (to also allow the use of DSA
>>     #   ciphers, etc.)
>>     SSLCertificateFile /etc/apache2/ssl.crt/server.crt
>>
>> Here is the apps virtualhost file:
>>
>> <VirtualHost *:443>
>>   ServerName apps.teknerds.net
>>   SSLEngine On
>>   SSLCertificateFile /etc/apache2/ssl.crt/server.crt
>>   SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
>>
>>   ProxyPass / https://192.168.123.7/rdweb
>>   ProxyPassReverse / https://192.168.123.7/rdweb
>>
>>     ErrorLog /var/log/apache2/apps.error_log
>>     TransferLog /var/log/apache2/apps.access_log
>> </VirtualHost>
>>
>> With this present config, when going to https://apps.teknerds.net in IE 8, internet
explorer can not display the web page. The apps.error log does not show anything in it except
the certificate name not matching.
>> Also in this present config, webmail stops working and ifolder stops working. These
are in the "main" ssl virtualhost and you access them by https://mail.teknerds.net and https://teknerds.net/ifolder.
I am going to undo the listen.conf edit and rename the apps ssl host file as we have customers
that use these resources.
>> Should you want access to the server, i can supply that, just let me know. Thanks
for the help
>>
>> ----- Original Message -----
>> From: "Tom Evans" <tevans.uk@googlemail.com>
>> To: users@httpd.apache.org
>> Sent: Thursday, April 25, 2013 12:39:47 PM
>> Subject: Re: [users@httpd] Rewrite Rule
>>
>> On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold
>> <carnold@electrichendrix.com> wrote:
>>> On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote:
>>>
>>>> It looks like you are rewriting it to it's current location. This
>>>> leads to a loop.
>>>>
>>>> Why are you using rewrite rules anyway?
>>> Because reverse proxy does not work
>> ...
>>
>> The *only* way to get content from a backend is via reverse proxy.
>>
>>>
>>>> It seems like you want to
>>>> reverse proxy from an apache server with a public IP to a backend
>>>> webserver in your private LAN. Where do rewrite rules come in to this?
>>>> Why are you checking the host name in your rewrite rules, instead of
>>>> using vhosts? Why is this not your configuration:
>>> As I stated in an earlier post, apache does not start when more than 1 ssl
>>> virtual host (complains about overlap)
>> Not using vhosts is frankly more trouble than it is worth. Use vhosts.
>> Post about the problem that using vhosts gives you. You must be using
>> the same certificate for both hostnames anyway (presumably a wildcard
>> cert or using subjectAltName, or you just ignore the errors?), so the
>> configuration should be pretty straightforward.
>>
>>>
>>>> ServerName apps.tld
>>>> ProxyPass / https://192.168.123.7/
>>>> ProxyPassReverse / https://192.168.123.7/
>>> We have many different things that run on this server and apache handles
>>> them. When using "/" in your proxy config, everything stops working, email,
>>> other websites etc.
>> So don't proxy from /, or add specific excludes for the paths you do
>> not want to be proxied:
>>
>> ProxyPass /email !
>> ProxyPass / https://192.168.123.7/
>>
>> Again, this problem goes away if you correctly separate out your
>> separate hosts into their own vhost configuration.
>>
>>>> I'm very confused by what you're trying to achieve.
>>> I covered this in my first email but will try to describe it again: server
>>> behind an apache server that we need users to get to using
>>> https://apps.domain.tld. The app resides at http:///sub. We need apache to
>>> catch the https://apps.domain.tld request and send to https://another
>>> server/sub
>>
>> NameVirtualHost *:443
>>
>> <VirtualHost *:443>
>>   ServerName www.domain.tld
>>   SSLEngine On
>>   SSLCertificateFile ..
>>   SSLCertificateKeyFile ..
>>
>>   # All your current directives that apply to www
>> </VirtualHost>
>>
>> <VirtualHost *:443>
>>   ServerName apps.domain.tld
>>   SSLEngine On
>>   SSLCertificateFile ..
>>   SSLCertificateKeyFile ..
>>
>>   ProxyPass / https://192.168.123.7/
>>   ProxyPassReverse / https://192.168.123.7/
>> </VirtualHost>
>>
>> Cheers
>>
>> Tom
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>

Previewing your email would probably have been a good idea :)

Frank

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message