httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Spork Schivago <sporkschiv...@gmail.com>
Subject Re: [users@httpd] Re: pf 2017
Date Mon, 02 Jan 2017 17:31:47 GMT
Thank you for verify that a reverse proxy can accomplish what I'd like
accomplished.   I have the proxy subdomain redirects turned off (under WHM
>> Tweak Settings) because there's no way to generate an SSL cert using
Let's Encrypt for the various cPanel subdomains when they're turned on.
cPanel supports auto-SSL now and perhaps that will generate SSL certs for
the various cPanel subdomains, but last time I checked, it didn't.

Anyway, thanks for the response.

Ken

On Sun, Jan 1, 2017 at 11:22 PM, Yehuda Katz <yehuda@ymkatz.net> wrote:

> Reverse proxy is the way to do it. Looking at one of my cPanel servers, it
> looks like that might be set up by default (or at least an option to turn
> it on). I have this config:
> ([P] in the RewriteRule means reverse proxy)
>
>
> # CPANEL/WHM/WEBMAIL/WEBDISK PROXY SUBDOMAINS
>
> <VirtualHost 192.0.2.2:443 127.0.0.1:443>
>     ServerName server.example.com
>
>     ServerAlias cpanel.* whm.* webmail.* webdisk.* cpcalendars.*
> cpcontacts.*
>
>     DocumentRoot /usr/local/apache/htdocs
>     ServerAdmin hostmaster@server.example.com
>     <IfModule mod_suphp.c>
>         suPHP_UserGroup nobody nobody
>     </IfModule>
>     <Proxy "*">
>         <IfModule mod_security2.c>
>             SecRuleEngine Off
>         </IfModule>
>     </Proxy>
>     RewriteEngine On
>     <IfModule mod_ssl.c>
>         SSLEngine on
>         SSLProxyEngine On
>         SSLProxyVerify none
>         # Setting to Off for backwards-compatibility
>         # Read for more info: http://httpd.apache.org/docs/
> 2.4/mod/mod_ssl.html#sslproxycheckpeercn
>         SSLProxyCheckPeerCN Off
>         SSLProxyCheckPeerName Off
>         SSLProxyCheckPeerExpire Off
>             SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
>         SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
>         SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem
>
>     </IfModule>
>     RewriteCond %{HTTP_HOST} !^server.example.com$
>     RewriteCond %{HTTP_HOST} ^cpanel.
>     RewriteCond %{HTTPS} on
>     RewriteRule ^/(.*) https://127.0.0.1:2083/$1 [P]
>
>     RewriteCond %{HTTP_HOST} !^server.example.com$
>     RewriteCond %{HTTP_HOST} ^webmail.
>     RewriteCond %{HTTPS} on
>     RewriteRule ^/(.*) https://127.0.0.1:2096/$1 [P]
>
>     RewriteCond %{HTTP_HOST} !^server.example.com$
>     RewriteCond %{HTTP_HOST} ^whm.
>     RewriteCond %{HTTPS} on
>     RewriteRule ^/(.*) https://127.0.0.1:2087/$1 [P]
>
>     RewriteCond %{HTTP_HOST} !^server.example.com$
>     RewriteCond %{HTTP_HOST} ^webdisk.
>     RewriteCond %{HTTPS} on
>     RewriteRule ^/(.*) https://127.0.0.1:2078/$1 [P]
>
>     RewriteCond %{HTTP_HOST} !^server.example.com$
>     RewriteCond %{HTTP_HOST} ^cpcalendars.
>     RewriteCond %{HTTPS} on
>     RewriteRule ^/(.*) https://127.0.0.1:2080/$1 [P]
>
>     RewriteCond %{HTTP_HOST} !^server.example.com$
>     RewriteCond %{HTTP_HOST} ^cpcontacts.
>     RewriteCond %{HTTPS} on
>     RewriteRule ^/(.*) https://127.0.0.1:2080/$1 [P]
>
>     UseCanonicalName Off
> </VirtualHost>
>
>
> On Sun, Jan 1, 2017 at 10:20 PM, Spork Schivago <sporkschivago@gmail.com>
> wrote:
>
>> Yehuda, I understand that when I make changes in the Apache config,
>> because I'm using cPanel, I have to do it just right.   I know how to make
>> changes so they don't get overwritten.   I'd still like to know though if
>> reverse proxies is what I'm looking for.   Perhaps the Apache mailing list
>> wasn't the best place to ask.   Please ignore the part about cPanel all
>> together.
>>
>> If I wanted to hide the port number from visitors so when they went to
>> something like mydomain.com:2083, it'd show subdomain.mydomain.com
>> instead, do you think I could accomplish that using a reverse proxy?   Is
>> there any other ways to accomplish this that anyone knows of?   Thank you!
>>
>> Ken
>>
>> On Sun, Jan 1, 2017 at 10:01 PM, Yehuda Katz <yehuda@ymkatz.net> wrote:
>>
>>> I would suggest looking on the cPanel documentation and forums. When you
>>> make changes in cPanel it generally overwrites the entire Apache config, so
>>> you need to be careful.
>>>
>>> - Y
>>>
>>> Sent from a device with a very small keyboard and hyperactive
>>> autocorrect.
>>>
>>> On Jan 1, 2017 4:07 PM, "Spork Schivago" <sporkschivago@gmail.com>
>>> wrote:
>>>
>>>> I'd like to add that I agree with Stormy.   I don't think I've ever
>>>> gotten spam, except for this one time.   That's why I was a bit curious
>>>> about it.   I didn't click the post because I wasn't sure what it was.  
At
>>>> first, I thought it was maybe a video related to Apache, but when I hovered
>>>> over it, I saw something about infected mushrooms and figured it'd be best
>>>> not to click.   Anyway, thanks for verifying what it was for me and happy
>>>> New Year's to everyone else.
>>>>
>>>> I do have an Apache related question that I'd like to ask.  I have a
>>>> domain and I rent a VPS from Linode.   I have bought a cPanel license and
>>>> use Let's Encrypt free SSL certificates.   For reasons I'd rather not get
>>>> into at this time (unless you guys really want to know why), I have created
>>>> a script to generate the SSL certificates and install them.   I have
>>>> manually setup subdomains, cpanel.mydomain.com, whm.mydomain.com, etc.
>>>>   Then, when I go to something like cpanel.mydomain.com, I have a
>>>> mod_rewrite rule that redirects me to www.mydomain.com:2083
>>>>
>>>> If I wanted to hide the www.mydomain.com:<port number> and just have
>>>> it show subdomain.mydomain.com (like cpanel.mydomain.com), would I
>>>> want to look into a reverse proxy?   I have to admit, i don't know anything
>>>> about proxies or reverse proxies.   I've seen mention of them in this list
>>>> with people trying to do similar things but with stuff that wasn't related
>>>> to cPanel.
>>>>
>>>> Thanks!
>>>>
>>>> On Sun, Jan 1, 2017 at 12:04 PM, Stormy <stormy22@stormy.ca> wrote:
>>>>
>>>>> At 04:25 PM 1/1/2017 +0000, Good Guy wrote:
>>>>>
>>>>>> On 01/01/2017 00:51, Spork Schivago wrote:
>>>>>>
>>>>>>> I don't understand why I'm receiving this e-mail. Is this spam?
>>>>>>> Thanks.
>>>>>>>
>>>>>>
>>>>>> Of course it is.  Some people celebrate new year by spamming people.
>>>>>> They seem to enjoy this.
>>>>>>
>>>>>
>>>>> I would add that the owners/moderators of this list do a remarkable
>>>>> job of keeping spam at a near zero percentage of postings.
>>>>>
>>>>> Anyway, Have a very happy and prosperous 2017.
>>>>>>
>>>>>
>>>>> And from the frozen North, my wishes for 2017 to all...
>>>>>
>>>>> Paul
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>>
>>>>
>>
>

Mime
View raw message