On 9/25/2025 2:10 PM, Frank Gingras wrote:
On Thu, Sep 25, 2025 at 3:14 AM Bret Stern
<[email protected]> wrote:
Like this?: (on the backend apache host)
Edited loaded module:
vi /etc/httpd/conf.modules.d/00-base.conf
Commented out
#LoadModule access_compat_module modules/mod_access_compat.so
Modified Virtual:
<VirtualHost *:80>
ServerName postfixadmin.sevendogzero.com
<http://postfixadmin.sevendogzero.com>
DocumentRoot /var/www/postfixadmin/public/
ErrorLog /var/log/httpd/postfixadmin_error.log
CustomLog /var/log/httpd/postfixadmin_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/postfixadmin/public/>
Options FollowSymLinks MultiViews
AllowOverride All
# Order allow,deny
# allow from all
</Directory>
</VirtualHost>
Then
sudo systemctl restart httpd
Next step:
Will read this.
https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
Appreciate the direction
On 9/24/2025 8:22 PM, Frank Gingras wrote:
On Wed, Sep 24, 2025 at 9:17 PM Bret Stern
<[email protected]> wrote:
Couple things..I appear to be top posting. What is the
preferred conversation rule. I use Thunderbird. Way back in
the day, I seem to recall a setting
which played to the bottom posting preference.
On the conversation here. I've set a reverse proxy on my
gateway apache server pointing to the backend apache server,
which is running
mail services. (It doesn't have to be that way, I'm just
trying to keep server counts down.)
On the backend apache server here is an example of my
Virthost. However I think the following line should be
"localhost"
current -> ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
replace with something like ->
*ProxyPass* /sample http://localhost:8080/sample
*ProxyPassReverse* /sample http://localhost:8080/sample
<VirtualHost *:80>
ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
DocumentRoot /var/www/postfixadmin/public/
ErrorLog /var/log/httpd/postfixadmin_error.log
CustomLog /var/log/httpd/postfixadmin_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/postfixadmin/public/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
I just don't think I get this yet, but very close. I have
three reverse proxy conf that are working for websites.
But this one simply says "File not found". The logs say
error_log
[Tue Sep 23 23:24:19.181827 2025] [proxy_fcgi:error] [pid
46973:tid 47081] [client 192.168.60.167:47784
<http://192.168.60.167:47784>] AH01071: Got error 'Primary
script unknown'
access_log
192.168.60.167 - - [23/Sep/2025:23:24:19 -0700] "GET
/setup.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT
10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Thanks for any help
Bret
On 9/20/2025 1:39 PM, Frank Gingras wrote:
On Sat, Sep 20, 2025 at 3:46 PM Bret Stern
<[email protected]> wrote:
Ok. Is there a recommended place for the TLS, or either
one is fine. Just confiming.
Sounds like I'll need to remove a cert on one of the
servers thinking..Yes/No
Thanks Frank.
On 9/20/2025 12:38 PM, Frank Gingras wrote:
On Sat, Sep 20, 2025 at 3:12 PM Bret Stern
<[email protected]> wrote:
Hi there,
I'm setting up and email server which is reverse
proxyied behind a front
end apache server.
For the same domain...my dns has both a primary web
server server, and
an email server sitting behind a single wan ip.
First question.
Is this possible?
At this point all email is working except smtp,
which I'm thinking is a
certificate problem.
So I have certicates on the email server apache and
the apache server
providing the reverse proxy.
And of course Postfix and Dovecot could have config
issues, but mostly
here I'm looking for verifying my described concept is
achievable using apache.
Comments or links to feasability and tips are
always appreciated.
Thanks,
Bret
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
Email and HTTP server had nothing to do with each
other, practically. A reverse HTTP proxy can be used
to host a webmail interface to handle those emails,
sure, but then just handle the TLS termination either
on the edge, or the inner server.
For the latter, just use SSLProxyEngine on.
It depends on what the backend interface requires - if it
redirects to https:// automatically, then you'll need to
offload TLS to the proxied server with SSLProxyEngine on.
Otherwise, you can handle the TLS handshake on the edge
server and speak non-TLS to the inner servers.
First, stop using the Allow/Deny/Order directives, and unload the
mod_access_compat module.
Secondly, Primary script unknown is the error caused by pointing
the URI to a non-existent resource running on php-fpm. Take a
look at https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
In short, if you request /foo a and you use DirectoryIndex
index.php, the request will be converted to /foo/index.php, which
in turn will be proxied to php-fpm, and that resource *must*
existing on the file system, based on the docroot set in your fpm
pool.
You need to replace the 2.2 authz directives with Require, too. Also,
avoid using .htaccess files by setting AllowOverride none.
I believe you mean in this declaration. The docs call this an
authorization container. Not going to pretend I know the syntax. Is this
close?
So whatever the <Require> directive is, the arguments within the
<Require(parameter)> must meet the parameter directive.. am I getting it
sort of?
<Directory /var/www/postfixadmin/public/>
<Require> <-------------------------------do I need an option
here...I would think 'all' can you give me a hint?
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Require>
</Directory>
