Re: [users@httpd] Interesting Problem

Tue, 27 Nov 2012 03:48:46 -0800 


----- Original Message -----

From: "Igor Cicimov" <icici...@gmail.com> 
To: "users" <users@httpd.apache.org> 
Sent: Monday, November 26, 2012 5:49:19 PM 
Subject: Re: [users@httpd] Interesting Problem 



On Tue, Nov 27, 2012 at 6:03 AM, Chris Arnold < carn...@electrichendrix.com > 
wrote: 



<VirtualHost *:443> 
#This will be the default vhost because the name starts with 000 

# General setup for the virtual host 
DocumentRoot "/srv/www/htdocs" 
ServerName domain.net:443 
ServerAlias www.domain.net:443 

#ServerAdmin webmas...@example.com 
ErrorLog /var/log/apache2/error_log 
TransferLog /var/log/apache2/access_log 

SSLProxyEngine On 
ProxyPass /ifolder https://192.168.123.4/ifolder 
ProxyPassReverse /ifolder https://192.168.123.4/ifolder 
ProxyPass /admin https://192.168.123.4/admin 
ProxyPassReverse /admin https://192.168.123.4/admin 
ProxyPass /nps https://192.168.123.4/nps 
ProxyPassReverse /nps https://192.168.123.4/nps 
-->ProxyPass / https://192.168.124.3/ 
-->ProxyPassReverse / https://192.168.124.3/ 
<Proxy *> 
Order allow,deny 
Allow from all 
</Proxy> 

# SSL Engine Switch: 
# Enable/Disable SSL for this virtual host. 
SSLEngine on 




>So you have put the proxy for https://mail.domain.com inside domain.net 
>virtual host. You realize they are different domains right? 
>You need to set a separate vhost for that subdomain mail.domain.com and put 
>the Proxy there. Or you can set a _default_ vhost as I >mentioned before. 
>Default one is the one that is defined first in the list of vhosts no matter 
>if its name starts with 000 or not. 

># Catch all VHost, traffic that is NOT going to domain.net 
><VirtualHost _default_:443> 
> ServerName localhost_name.domain.net 

>-->ProxyPass / https://192.168.124.3/ 
->->ProxyPassReverse / https://192.168.124.3/ 
> <Proxy *> 
> Order allow,deny 
> Allow from all 
> </Proxy> 
>.# SSL stuff here 
. 
. 

></VirtualHost > 

This works fine but proxies all 192.168.124.3 traffic which is not the expected 
result. The expected result is to proxy only https://mail.domain.com traffic. 

><VirtualHost * :443> 
> DocumentRoot "/srv/www/htdocs" 
> ServerName domain.net 
> ServerAlias www.domain.net 
> 
>#ServerAdmin webmas...@example.com 
>ErrorLog /var/log/apache2/error_log 
>TransferLog /var/log/apache2/access_log> 
> 
> SSLProxyEngine On 
> ProxyPass /ifolder https://192.168.123.4/ifolder 
>ProxyPassReverse /ifolder https://192.168.123.4/ifolder 
>ProxyPass /admin https://192.168.123.4/admin 
>ProxyPassReverse /admin https://192.168.123.4/admin 
>ProxyPass /nps https://192.168.123.4/nps 
>ProxyPassReverse /nps https://192.168.123.4/nps 
><Proxy *> 
> Order allow,deny 
> Allow from all 
></Proxy> 
> 
> # SSL Engine Switch: 
> # Enable/Disable SSL for this virtual host. 
> SSLEngine on 
></VirtualHost> 

>>Another solution would be to use mod_rewrite instead and keep the one VHost 
>>you have as default one. You might put something >>like this then: 

><VirtualHost * :443> 
> DocumentRoot "/srv/www/htdocs" 
> ServerName domain.net 
> ServerAlias www.domain.net 
> 
>#ServerAdmin webmas...@example.com 
>ErrorLog /var/log/apache2/error_log 
>TransferLog /var/log/apache2/access_log 
> 
># Catch the mail.domain.com traffic and Proxy to 192.168.123.4 
> RewriteEngine On 
> RewriteCond %{HTTP_HOST} ^ (www\.)?mail\.domain\.com [NC] 
> RewriteRule .* https://192.168.124.3/ [P,L] 
> 
> SSLProxyEngine On 
> ProxyPass /ifolder https://192.168.123.4/ifolder 
> ProxyPassReverse /ifolder https://192.168.123.4/ifolder 
> ProxyPass /admin https://192.168.123.4/admin 
> ProxyPassReverse /admin https://192.168.123.4/admin 
> > ProxyPass /nps https://192.168.123.4/nps 
> ProxyPassReverse /nps https://192.168.123.4/nps 
> <Proxy *> 
> Order allow,deny 
> Allow from all 
> </Proxy> 
> </VirtualHost> 

This one does not appear to work. When i access https://mail.domain.net, i get 
access is forbidden. 

I am pounding my head against the wall with this... 
We've got a mail server, 192.168.124.3, that runs on port 443. Our web server, 
192.168.123.3, uses port 443 for web services. We have 1 (real) public ip 
address and our firewall/router points ports (443 is my concern now) to the web 
server. So, when customers type their webmail address, 
https://mail.theirdomain.tld, that points to our public ip and the firewall 
directs that port 443 connection to the web server, 192.168.123.3. I need the 
web server, using apache, to deliver content from the mail server, 
192.168.124.3. Can apache does this and am i trying the right things (like 
those suggested, proxy and rewrite)? Again, the goal is to have apache 
proxy/rewrite https://mail.domain.tld traffic only, not all (/) traffic

Reply via email to