On Wed, Sep 24, 2025 at 9:17 PM Bret Stern <[email protected]> wrote:
> Couple things..I appear to be top posting. What is the preferred > conversation rule. I use Thunderbird. Way back in the day, I seem to recall > a setting > > which played to the bottom posting preference. > > > > On the conversation here. I've set a reverse proxy on my gateway apache > server pointing to the backend apache server, which is running > > mail services. (It doesn't have to be that way, I'm just trying to keep > server counts down.) > > > On the backend apache server here is an example of my Virthost. However I > think the following line should be "localhost" > > current -> ServerName postfixadmin.domain.com > > replace with something like -> > > *ProxyPass* /sample http://localhost:8080/sample*ProxyPassReverse* /sample > http://localhost:8080/sample > > > <VirtualHost *:80> > > ServerName postfixadmin.domain.com > DocumentRoot /var/www/postfixadmin/public/ > > ErrorLog /var/log/httpd/postfixadmin_error.log > CustomLog /var/log/httpd/postfixadmin_access.log combined > > <Directory /> > Options FollowSymLinks > AllowOverride All > </Directory> > > <Directory /var/www/postfixadmin/public/> > Options FollowSymLinks MultiViews > AllowOverride All > Order allow,deny > allow from all > </Directory> > > </VirtualHost> > > > I just don't think I get this yet, but very close. I have three reverse > proxy conf that are working for websites. > > > But this one simply says "File not found". The logs say > error_log > [Tue Sep 23 23:24:19.181827 2025] [proxy_fcgi:error] [pid 46973:tid 47081] > [client 192.168.60.167:47784] AH01071: Got error 'Primary script unknown' > > > access_log > 192.168.60.167 - - [23/Sep/2025:23:24:19 -0700] "GET /setup.php HTTP/1.1" > 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) > Gecko/20100101 Firefox/141.0" > > Thanks for any help > > Bret > > > > On 9/20/2025 1:39 PM, Frank Gingras wrote: > > > > On Sat, Sep 20, 2025 at 3:46 PM Bret Stern < > [email protected]> wrote: > >> Ok. Is there a recommended place for the TLS, or either one is fine. Just >> confiming. >> >> Sounds like I'll need to remove a cert on one of the servers >> thinking..Yes/No >> >> Thanks Frank. >> On 9/20/2025 12:38 PM, Frank Gingras wrote: >> >> >> >> On Sat, Sep 20, 2025 at 3:12 PM Bret Stern < >> [email protected]> wrote: >> >>> Hi there, >>> >>> I'm setting up and email server which is reverse proxyied behind a front >>> end apache server. >>> >>> >>> For the same domain...my dns has both a primary web server server, and >>> an email server sitting behind a single wan ip. >>> >>> First question. >>> >>> Is this possible? >>> >>> At this point all email is working except smtp, which I'm thinking is a >>> certificate problem. >>> >>> >>> So I have certicates on the email server apache and the apache server >>> providing the reverse proxy. >>> >>> And of course Postfix and Dovecot could have config issues, but mostly >>> here I'm looking for verifying my described concept is >>> >>> achievable using apache. >>> >>> >>> Comments or links to feasability and tips are always appreciated. >>> >>> Thanks, >>> >>> Bret >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> Email and HTTP server had nothing to do with each other, practically. A >> reverse HTTP proxy can be used to host a webmail interface to handle those >> emails, sure, but then just handle the TLS termination either on the edge, >> or the inner server. >> >> For the latter, just use SSLProxyEngine on. >> >> >> > It depends on what the backend interface requires - if it redirects to > https:// automatically, then you'll need to offload TLS to the proxied > server with SSLProxyEngine on. > > Otherwise, you can handle the TLS handshake on the edge server and speak > non-TLS to the inner servers. > > First, stop using the Allow/Deny/Order directives, and unload the mod_access_compat module. Secondly, Primary script unknown is the error caused by pointing the URI to a non-existent resource running on php-fpm. Take a look at https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM In short, if you request /foo a and you use DirectoryIndex index.php, the request will be converted to /foo/index.php, which in turn will be proxied to php-fpm, and that resource *must* existing on the file system, based on the docroot set in your fpm pool.
