On Thu, Sep 25, 2025 at 3:14 AM Bret Stern <[email protected]> wrote:
> > Like this?: (on the backend apache host) > > > Edited loaded module: > vi /etc/httpd/conf.modules.d/00-base.conf > > > Commented out > #LoadModule access_compat_module modules/mod_access_compat.so > > > > Modified Virtual: > > <VirtualHost *:80> > > ServerName postfixadmin.sevendogzero.com > DocumentRoot /var/www/postfixadmin/public/ > > ErrorLog /var/log/httpd/postfixadmin_error.log > CustomLog /var/log/httpd/postfixadmin_access.log combined > > <Directory /> > Options FollowSymLinks > AllowOverride All > </Directory> > > <Directory /var/www/postfixadmin/public/> > Options FollowSymLinks MultiViews > AllowOverride All > # Order allow,deny > # allow from all > </Directory> > > </VirtualHost> > Then > sudo systemctl restart httpd > > > Next step: > > Will read this. https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM > > Appreciate the direction > > > > > > > > > > > On 9/24/2025 8:22 PM, Frank Gingras wrote: > > > > On Wed, Sep 24, 2025 at 9:17 PM Bret Stern < > [email protected]> wrote: > >> Couple things..I appear to be top posting. What is the preferred >> conversation rule. I use Thunderbird. Way back in the day, I seem to recall >> a setting >> >> which played to the bottom posting preference. >> >> >> >> On the conversation here. I've set a reverse proxy on my gateway apache >> server pointing to the backend apache server, which is running >> >> mail services. (It doesn't have to be that way, I'm just trying to keep >> server counts down.) >> >> >> On the backend apache server here is an example of my Virthost. However I >> think the following line should be "localhost" >> >> current -> ServerName postfixadmin.domain.com >> >> replace with something like -> >> >> *ProxyPass* /sample http://localhost:8080/sample*ProxyPassReverse* /sample >> http://localhost:8080/sample >> >> >> <VirtualHost *:80> >> >> ServerName postfixadmin.domain.com >> DocumentRoot /var/www/postfixadmin/public/ >> >> ErrorLog /var/log/httpd/postfixadmin_error.log >> CustomLog /var/log/httpd/postfixadmin_access.log combined >> >> <Directory /> >> Options FollowSymLinks >> AllowOverride All >> </Directory> >> >> <Directory /var/www/postfixadmin/public/> >> Options FollowSymLinks MultiViews >> AllowOverride All >> Order allow,deny >> allow from all >> </Directory> >> >> </VirtualHost> >> >> >> I just don't think I get this yet, but very close. I have three reverse >> proxy conf that are working for websites. >> >> >> But this one simply says "File not found". The logs say >> error_log >> [Tue Sep 23 23:24:19.181827 2025] [proxy_fcgi:error] [pid 46973:tid >> 47081] [client 192.168.60.167:47784] AH01071: Got error 'Primary script >> unknown' >> >> >> access_log >> 192.168.60.167 - - [23/Sep/2025:23:24:19 -0700] "GET /setup.php HTTP/1.1" >> 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) >> Gecko/20100101 Firefox/141.0" >> >> Thanks for any help >> >> Bret >> >> >> >> On 9/20/2025 1:39 PM, Frank Gingras wrote: >> >> >> >> On Sat, Sep 20, 2025 at 3:46 PM Bret Stern < >> [email protected]> wrote: >> >>> Ok. Is there a recommended place for the TLS, or either one is fine. >>> Just confiming. >>> >>> Sounds like I'll need to remove a cert on one of the servers >>> thinking..Yes/No >>> >>> Thanks Frank. >>> On 9/20/2025 12:38 PM, Frank Gingras wrote: >>> >>> >>> >>> On Sat, Sep 20, 2025 at 3:12 PM Bret Stern < >>> [email protected]> wrote: >>> >>>> Hi there, >>>> >>>> I'm setting up and email server which is reverse proxyied behind a >>>> front >>>> end apache server. >>>> >>>> >>>> For the same domain...my dns has both a primary web server server, and >>>> an email server sitting behind a single wan ip. >>>> >>>> First question. >>>> >>>> Is this possible? >>>> >>>> At this point all email is working except smtp, which I'm thinking is a >>>> certificate problem. >>>> >>>> >>>> So I have certicates on the email server apache and the apache server >>>> providing the reverse proxy. >>>> >>>> And of course Postfix and Dovecot could have config issues, but mostly >>>> here I'm looking for verifying my described concept is >>>> >>>> achievable using apache. >>>> >>>> >>>> Comments or links to feasability and tips are always appreciated. >>>> >>>> Thanks, >>>> >>>> Bret >>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>> Email and HTTP server had nothing to do with each other, practically. A >>> reverse HTTP proxy can be used to host a webmail interface to handle those >>> emails, sure, but then just handle the TLS termination either on the edge, >>> or the inner server. >>> >>> For the latter, just use SSLProxyEngine on. >>> >>> >>> >> It depends on what the backend interface requires - if it redirects to >> https:// automatically, then you'll need to offload TLS to the proxied >> server with SSLProxyEngine on. >> >> Otherwise, you can handle the TLS handshake on the edge server and speak >> non-TLS to the inner servers. >> >> First, stop using the Allow/Deny/Order directives, and unload the > mod_access_compat module. > > Secondly, Primary script unknown is the error caused by pointing the URI > to a non-existent resource running on php-fpm. Take a look at > https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM > > In short, if you request /foo a and you use DirectoryIndex index.php, the > request will be converted to /foo/index.php, which in turn will be proxied > to php-fpm, and that resource *must* existing on the file system, based on > the docroot set in your fpm pool. > > > > > > > > > You need to replace the 2.2 authz directives with Require, too. Also, avoid using .htaccess files by setting AllowOverride none.
