Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 84073 invoked from network); 27 Oct 2010 22:45:48 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 27 Oct 2010 22:45:48 -0000 Received: (qmail 80398 invoked by uid 500); 27 Oct 2010 22:45:46 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 80354 invoked by uid 500); 27 Oct 2010 22:45:46 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 80346 invoked by uid 99); 27 Oct 2010 22:45:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Oct 2010 22:45:46 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of kevin.r.coombes@gmail.com designates 209.85.160.180 as permitted sender) Received: from [209.85.160.180] (HELO mail-gy0-f180.google.com) (209.85.160.180) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Oct 2010 22:45:37 +0000 Received: by gyg8 with SMTP id 8so945671gyg.11 for ; Wed, 27 Oct 2010 15:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=xPAAzJnRs0Co2dDdja6DtINKTP9kCphVsiWdSfOxxaU=; b=CxWAgN1X6otv7NE24df2qYks9he7VmDT1R5wbpXFU82keMGliUw4McrRTQzUz44zaD s5vh/2/KWfxExkxmvhLsMeOTmbzpfn4NaehTR62w+67Bw20lVf4inq7jFZtOJK2FBgRP birC/dYwQIvicqB/MXzNLXr24iz1yDpL8VeU8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; b=fDB9k8NmWVyLxpWY9BDBi42vtxFez37OpFxdNix74iVcAzwKtOTccfLIDH0mwM1Rmw 9cHv7ppUTbPMPUZDhuwnLNIt+0Gs3jna1htqoUsH5EwvZ/ZyiQATQn/mHgGGoRHCmtk+ fydWWODOwkv88CMCjkZqwG/PG0kiWWJMGhIHk= Received: by 10.151.48.13 with SMTP id a13mr18661374ybk.55.1288219516775; Wed, 27 Oct 2010 15:45:16 -0700 (PDT) Received: from [10.105.35.136] ([143.111.22.28]) by mx.google.com with ESMTPS id i64sm197300yha.10.2010.10.27.15.45.15 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 27 Oct 2010 15:45:15 -0700 (PDT) Message-ID: <4CC8AB7A.7040307@gmail.com> Date: Wed, 27 Oct 2010 17:45:14 -0500 From: "Kevin R. Coombes" Organization: UT M.D. Anderson Cancer Center User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 MIME-Version: 1.0 To: user@couchdb.apache.org CC: Keith Gable Subject: Re: Proxy missing path component References: <4CC82A6C.4000906@gmail.com> <254B0824-726A-4854-8706-B47184819B95@gmail.com> In-Reply-To: <254B0824-726A-4854-8706-B47184819B95@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org The Couch permissions probably would be easier. But that's not my call. The administrators have been running an Apache proxy for all kinds of applications for a long time, so they are more comfortable continuing to do things that way. The difficulty with changing the javascript (either as part of my application or as part of couch.js) is that we'd like things to work both externally (where the administrators want "couch" as a path component) and internally (where "couch" is not part of the path component). I guess the application has to figure out if the call is coming from the proxy server or directly from the couchdb server so it knows whether to insert the extra component. Does anyone have an example that illustrates (using javascript and couch.js) how to figure out which machine originated the call? Kevin On 10/27/2010 9:20 AM, Keith Gable wrote: > I can't say for Couch, but Apache doesn't change the request bodies > when proxying. So if you're proxying an application which doesn't know > how to link to things and include the proxy prefix (/couch or > whatever), it won't work right. When I proxy web applications, I > always end up having to use something like mod_proxy_html to rewrite > content in the page. Obviously this won't work for you, so you might > have to change the internal JavaScript library to take your prefix > into account. > > Couch has permissions though I thought. Wouldn't that route be easier? > > > > On Oct 27, 2010, at 8:34 AM, "Kevin R. Coombes" > wrote: > >> Hi, >> >> For security reasons, our administrators want to put couchdb behind >> an Apache proxy. The setup right now basically provides an >> externally visible URL of the form >> http://proxymachine/couch/myapp >> which maps to the internal URL >> http://couchmachine/myapp >> >> Part of the security point is that the proxy only allows GET >> requests, while people behind the firewall can send PUT, POST, or >> DELETE to the internal machine. The extra "couch" path component was >> inserted on the proxy because it also works as a server for a variety >> of different applications with different stuff going on behind the >> firewall. >> >> The problem, of course, is that the current configuration fails. My >> application relies on the "couch.js" script via a call like >> db = CouchDB("myapp") >> which results in internal references that look like >> /myapp/_design/basic/_view/whatever >> These end up returning a "404 Not Found" error because the proxy >> machine tries to access >> http://proxymachine/myapp/_design/basic/_view/whatever >> Since the "couch" path component is missing, the proxy server does >> not rewrite the call, and so the request fails. >> >> Is there a way to fix this so that the same javascript will run on >> both the proxy server and the internal server? >> >> Thanks for any advice, >> Kevin