Re: [users@httpd] proxy / email / certificates help

Thu, 25 Sep 2025 09:03:37 -0700 


Like this?: (on the backend apache host)


Edited loaded module:
vi /etc/httpd/conf.modules.d/00-base.conf


Commented out
#LoadModule access_compat_module modules/mod_access_compat.so



Modified Virtual:

<VirtualHost *:80>

  ServerName postfixadmin.sevendogzero.com
  DocumentRoot /var/www/postfixadmin/public/

  ErrorLog /var/log/httpd/postfixadmin_error.log
  CustomLog /var/log/httpd/postfixadmin_access.log combined

  <Directory />
    Options FollowSymLinks
    AllowOverride All
  </Directory>

  <Directory /var/www/postfixadmin/public/>
    Options FollowSymLinks MultiViews
    AllowOverride All
  #  Order allow,deny
  #  allow from all
  </Directory>

</VirtualHost>

Then
sudo systemctl restart httpd


Next step:

Will read this. https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM

Appreciate the direction










On 9/24/2025 8:22 PM, Frank Gingras wrote:
On Wed, Sep 24, 2025 at 9:17 PM Bret Stern <[email protected]> wrote: 

    Couple things..I appear to be top posting. What is the preferred
    conversation rule. I use Thunderbird. Way back in the day, I seem
    to recall a setting

    which played to the bottom posting preference.



    On the conversation here. I've set a reverse proxy on my gateway
    apache server pointing to the backend apache server, which is running

    mail services. (It doesn't have to be that way, I'm just trying to
    keep server counts down.)


    On the backend apache server here is an example of my Virthost.
    However I think the following line should be "localhost"

    current -> ServerName postfixadmin.domain.com
    <http://postfixadmin.domain.com>

    replace with something like ->

    *ProxyPass* /sample http://localhost:8080/sample
    *ProxyPassReverse* /sample http://localhost:8080/sample


    <VirtualHost *:80>

      ServerName postfixadmin.domain.com <http://postfixadmin.domain.com>
      DocumentRoot /var/www/postfixadmin/public/

      ErrorLog /var/log/httpd/postfixadmin_error.log
      CustomLog /var/log/httpd/postfixadmin_access.log combined

      <Directory />
        Options FollowSymLinks
        AllowOverride All
      </Directory>

      <Directory /var/www/postfixadmin/public/>
        Options FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
      </Directory>

    </VirtualHost>


    I just don't think I get this yet, but very close. I have three
    reverse proxy conf that are working for websites.


    But this one simply says "File not found". The logs say

    error_log
    [Tue Sep 23 23:24:19.181827 2025] [proxy_fcgi:error] [pid
    46973:tid 47081] [client 192.168.60.167:47784
    <http://192.168.60.167:47784>] AH01071: Got error 'Primary script
    unknown'


    access_log
    192.168.60.167 - - [23/Sep/2025:23:24:19 -0700] "GET /setup.php
    HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64;
    rv:141.0) Gecko/20100101 Firefox/141.0"

    Thanks for any help

    Bret



    On 9/20/2025 1:39 PM, Frank Gingras wrote:



    On Sat, Sep 20, 2025 at 3:46 PM Bret Stern
    <[email protected]> wrote:

        Ok. Is there a recommended place for the TLS, or either one
        is fine. Just confiming.

        Sounds like I'll need to remove a cert on one of the servers
        thinking..Yes/No

        Thanks Frank.

        On 9/20/2025 12:38 PM, Frank Gingras wrote:



        On Sat, Sep 20, 2025 at 3:12 PM Bret Stern
        <[email protected]> wrote:

            Hi there,

            I'm setting up and email server which is reverse
            proxyied behind a front
            end apache server.


            For the same domain...my dns has both a primary web
            server server, and
            an email server sitting behind a single wan ip.

            First question.

            Is this possible?

            At this point all email is working except smtp, which
            I'm thinking is a
            certificate problem.


            So I have certicates on the email server apache and the
            apache server
            providing the reverse proxy.

            And of course Postfix and Dovecot could have config
            issues, but mostly
            here I'm looking for verifying my described concept is

            achievable using apache.


            Comments or links to feasability and tips are always
            appreciated.

            Thanks,

            Bret



            
---------------------------------------------------------------------
            To unsubscribe, e-mail: [email protected]
            For additional commands, e-mail: [email protected]


        Email and HTTP server had nothing to do with each other,
        practically.  A reverse HTTP proxy can be used to host a
        webmail interface to handle those emails, sure, but then
        just handle the TLS termination either on the edge, or the
        inner server.

        For the latter, just use SSLProxyEngine on.



    It depends on what the backend interface requires - if it
    redirects to https:// automatically, then you'll need to offload
    TLS to the proxied server with SSLProxyEngine on.

    Otherwise, you can handle the TLS handshake on the edge server
    and speak non-TLS to the inner servers.
First, stop using the Allow/Deny/Order directives, and unload the mod_access_compat module.
Secondly, Primary script unknown is the error caused by pointing the URI to a non-existent resource running on php-fpm.  Take a look at https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
In short, if you request /foo a and you use DirectoryIndex index.php, the request will be converted to /foo/index.php, which in turn will be proxied to php-fpm, and that resource *must* existing on the file system, based on the docroot set in your fpm pool.

Reply via email to