----- Original Message -----
From: "Igor Cicimov" <icici...@gmail.com> To: "users" <users@httpd.apache.org> Sent: Monday, November 26, 2012 5:49:19 PM Subject: Re: [users@httpd] Interesting Problem On Tue, Nov 27, 2012 at 6:03 AM, Chris Arnold < carn...@electrichendrix.com > wrote: <VirtualHost *:443> #This will be the default vhost because the name starts with 000 # General setup for the virtual host DocumentRoot "/srv/www/htdocs" ServerName domain.net:443 ServerAlias www.domain.net:443 #ServerAdmin webmas...@example.com ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log SSLProxyEngine On ProxyPass /ifolder https://192.168.123.4/ifolder ProxyPassReverse /ifolder https://192.168.123.4/ifolder ProxyPass /admin https://192.168.123.4/admin ProxyPassReverse /admin https://192.168.123.4/admin ProxyPass /nps https://192.168.123.4/nps ProxyPassReverse /nps https://192.168.123.4/nps -->ProxyPass / https://192.168.124.3/ -->ProxyPassReverse / https://192.168.124.3/ <Proxy *> Order allow,deny Allow from all </Proxy> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on >So you have put the proxy for https://mail.domain.com inside domain.net >virtual host. You realize they are different domains right? >You need to set a separate vhost for that subdomain mail.domain.com and put >the Proxy there. Or you can set a _default_ vhost as I >mentioned before. >Default one is the one that is defined first in the list of vhosts no matter >if its name starts with 000 or not. ># Catch all VHost, traffic that is NOT going to domain.net ><VirtualHost _default_:443> > ServerName localhost_name.domain.net >-->ProxyPass / https://192.168.124.3/ ->->ProxyPassReverse / https://192.168.124.3/ > <Proxy *> > Order allow,deny > Allow from all > </Proxy> >.# SSL stuff here . . ></VirtualHost > This works fine but proxies all 192.168.124.3 traffic which is not the expected result. The expected result is to proxy only https://mail.domain.com traffic. ><VirtualHost * :443> > DocumentRoot "/srv/www/htdocs" > ServerName domain.net > ServerAlias www.domain.net > >#ServerAdmin webmas...@example.com >ErrorLog /var/log/apache2/error_log >TransferLog /var/log/apache2/access_log> > > SSLProxyEngine On > ProxyPass /ifolder https://192.168.123.4/ifolder >ProxyPassReverse /ifolder https://192.168.123.4/ifolder >ProxyPass /admin https://192.168.123.4/admin >ProxyPassReverse /admin https://192.168.123.4/admin >ProxyPass /nps https://192.168.123.4/nps >ProxyPassReverse /nps https://192.168.123.4/nps ><Proxy *> > Order allow,deny > Allow from all ></Proxy> > > # SSL Engine Switch: > # Enable/Disable SSL for this virtual host. > SSLEngine on ></VirtualHost> >>Another solution would be to use mod_rewrite instead and keep the one VHost >>you have as default one. You might put something >>like this then: ><VirtualHost * :443> > DocumentRoot "/srv/www/htdocs" > ServerName domain.net > ServerAlias www.domain.net > >#ServerAdmin webmas...@example.com >ErrorLog /var/log/apache2/error_log >TransferLog /var/log/apache2/access_log > ># Catch the mail.domain.com traffic and Proxy to 192.168.123.4 > RewriteEngine On > RewriteCond %{HTTP_HOST} ^ (www\.)?mail\.domain\.com [NC] > RewriteRule .* https://192.168.124.3/ [P,L] > > SSLProxyEngine On > ProxyPass /ifolder https://192.168.123.4/ifolder > ProxyPassReverse /ifolder https://192.168.123.4/ifolder > ProxyPass /admin https://192.168.123.4/admin > ProxyPassReverse /admin https://192.168.123.4/admin > > ProxyPass /nps https://192.168.123.4/nps > ProxyPassReverse /nps https://192.168.123.4/nps > <Proxy *> > Order allow,deny > Allow from all > </Proxy> > </VirtualHost> This one does not appear to work. When i access https://mail.domain.net, i get access is forbidden. I am pounding my head against the wall with this... We've got a mail server, 192.168.124.3, that runs on port 443. Our web server, 192.168.123.3, uses port 443 for web services. We have 1 (real) public ip address and our firewall/router points ports (443 is my concern now) to the web server. So, when customers type their webmail address, https://mail.theirdomain.tld, that points to our public ip and the firewall directs that port 443 connection to the web server, 192.168.123.3. I need the web server, using apache, to deliver content from the mail server, 192.168.124.3. Can apache does this and am i trying the right things (like those suggested, proxy and rewrite)? Again, the goal is to have apache proxy/rewrite https://mail.domain.tld traffic only, not all (/) traffic