On Fri, Sep 26, 2025 at 2:57 AM Bret Stern <[email protected]> wrote:
> > On 9/25/2025 2:10 PM, Frank Gingras wrote: > > > > On Thu, Sep 25, 2025 at 3:14 AM Bret Stern < > [email protected]> wrote: > >> >> Like this?: (on the backend apache host) >> >> >> Edited loaded module: >> vi /etc/httpd/conf.modules.d/00-base.conf >> >> >> Commented out >> #LoadModule access_compat_module modules/mod_access_compat.so >> >> >> >> Modified Virtual: >> >> <VirtualHost *:80> >> >> ServerName postfixadmin.sevendogzero.com >> DocumentRoot /var/www/postfixadmin/public/ >> >> ErrorLog /var/log/httpd/postfixadmin_error.log >> CustomLog /var/log/httpd/postfixadmin_access.log combined >> >> <Directory /> >> Options FollowSymLinks >> AllowOverride All >> </Directory> >> >> <Directory /var/www/postfixadmin/public/> >> Options FollowSymLinks MultiViews >> AllowOverride All >> # Order allow,deny >> # allow from all >> </Directory> >> >> </VirtualHost> >> Then >> sudo systemctl restart httpd >> >> >> Next step: >> >> Will read this. >> https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM >> >> Appreciate the direction >> >> >> >> >> >> >> >> >> >> >> On 9/24/2025 8:22 PM, Frank Gingras wrote: >> >> >> >> On Wed, Sep 24, 2025 at 9:17 PM Bret Stern < >> [email protected]> wrote: >> >>> Couple things..I appear to be top posting. What is the preferred >>> conversation rule. I use Thunderbird. Way back in the day, I seem to recall >>> a setting >>> >>> which played to the bottom posting preference. >>> >>> >>> >>> On the conversation here. I've set a reverse proxy on my gateway apache >>> server pointing to the backend apache server, which is running >>> >>> mail services. (It doesn't have to be that way, I'm just trying to keep >>> server counts down.) >>> >>> >>> On the backend apache server here is an example of my Virthost. However >>> I think the following line should be "localhost" >>> >>> current -> ServerName postfixadmin.domain.com >>> >>> replace with something like -> >>> >>> *ProxyPass* /sample http://localhost:8080/sample*ProxyPassReverse* /sample >>> http://localhost:8080/sample >>> >>> >>> <VirtualHost *:80> >>> >>> ServerName postfixadmin.domain.com >>> DocumentRoot /var/www/postfixadmin/public/ >>> >>> ErrorLog /var/log/httpd/postfixadmin_error.log >>> CustomLog /var/log/httpd/postfixadmin_access.log combined >>> >>> <Directory /> >>> Options FollowSymLinks >>> AllowOverride All >>> </Directory> >>> >>> <Directory /var/www/postfixadmin/public/> >>> Options FollowSymLinks MultiViews >>> AllowOverride All >>> Order allow,deny >>> allow from all >>> </Directory> >>> >>> </VirtualHost> >>> >>> >>> I just don't think I get this yet, but very close. I have three reverse >>> proxy conf that are working for websites. >>> >>> >>> But this one simply says "File not found". The logs say >>> error_log >>> [Tue Sep 23 23:24:19.181827 2025] [proxy_fcgi:error] [pid 46973:tid >>> 47081] [client 192.168.60.167:47784] AH01071: Got error 'Primary script >>> unknown' >>> >>> >>> access_log >>> 192.168.60.167 - - [23/Sep/2025:23:24:19 -0700] "GET /setup.php >>> HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) >>> Gecko/20100101 Firefox/141.0" >>> >>> Thanks for any help >>> >>> Bret >>> >>> >>> >>> On 9/20/2025 1:39 PM, Frank Gingras wrote: >>> >>> >>> >>> On Sat, Sep 20, 2025 at 3:46 PM Bret Stern < >>> [email protected]> wrote: >>> >>>> Ok. Is there a recommended place for the TLS, or either one is fine. >>>> Just confiming. >>>> >>>> Sounds like I'll need to remove a cert on one of the servers >>>> thinking..Yes/No >>>> >>>> Thanks Frank. >>>> On 9/20/2025 12:38 PM, Frank Gingras wrote: >>>> >>>> >>>> >>>> On Sat, Sep 20, 2025 at 3:12 PM Bret Stern < >>>> [email protected]> wrote: >>>> >>>>> Hi there, >>>>> >>>>> I'm setting up and email server which is reverse proxyied behind a >>>>> front >>>>> end apache server. >>>>> >>>>> >>>>> For the same domain...my dns has both a primary web server server, and >>>>> an email server sitting behind a single wan ip. >>>>> >>>>> First question. >>>>> >>>>> Is this possible? >>>>> >>>>> At this point all email is working except smtp, which I'm thinking is >>>>> a >>>>> certificate problem. >>>>> >>>>> >>>>> So I have certicates on the email server apache and the apache server >>>>> providing the reverse proxy. >>>>> >>>>> And of course Postfix and Dovecot could have config issues, but mostly >>>>> here I'm looking for verifying my described concept is >>>>> >>>>> achievable using apache. >>>>> >>>>> >>>>> Comments or links to feasability and tips are always appreciated. >>>>> >>>>> Thanks, >>>>> >>>>> Bret >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>>> >>>> Email and HTTP server had nothing to do with each other, practically. >>>> A reverse HTTP proxy can be used to host a webmail interface to handle >>>> those emails, sure, but then just handle the TLS termination either on the >>>> edge, or the inner server. >>>> >>>> For the latter, just use SSLProxyEngine on. >>>> >>>> >>>> >>> It depends on what the backend interface requires - if it redirects to >>> https:// automatically, then you'll need to offload TLS to the proxied >>> server with SSLProxyEngine on. >>> >>> Otherwise, you can handle the TLS handshake on the edge server and speak >>> non-TLS to the inner servers. >>> >>> First, stop using the Allow/Deny/Order directives, and unload the >> mod_access_compat module. >> >> Secondly, Primary script unknown is the error caused by pointing the URI >> to a non-existent resource running on php-fpm. Take a look at >> https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM >> >> In short, if you request /foo a and you use DirectoryIndex index.php, the >> request will be converted to /foo/index.php, which in turn will be proxied >> to php-fpm, and that resource *must* existing on the file system, based on >> the docroot set in your fpm pool. >> >> >> >> >> >> >> >> >> > You need to replace the 2.2 authz directives with Require, too. Also, > avoid using .htaccess files by setting AllowOverride none. > > > I believe you mean in this declaration. The docs call this an > authorization container. Not going to pretend I know the syntax. Is this > close? > > So whatever the <Require> directive is, the arguments within the > <Require(parameter)> must meet the parameter directive.. am I getting it > sort of? > <Directory /var/www/postfixadmin/public/> > <Require> <-------------------------------do I need an option > here...I would think 'all' can you give me a hint? > > Options FollowSymLinks MultiViews > AllowOverride All > Order allow,deny > allow from all > </Require> > </Directory> > > > > > > > > > > > > > > > > There are good examples in the docs: http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require Look at the first use case.
