[K12OSN] OT: Reverse proxy for internal websites

Sat Jan 12 17:22:59 UTC 2008

Hmmmm .... evidently I still didn't 'say enough' ... This doesn't seem
to work either :(

More words than absolutely needed, but rather frustrated at this point.

I am using SSL and trying to get the reverse proxy to work with SSL as
well.  I have apache running on CentOS, and trying to talk to the
IIS/Exchange server.  Now, apache loads the ssl.conf file from conf.d
so I have tried using <VirtualHost> entries both in that file and in
the main httpd.conf but haven't seen a difference.

There seems to be issues with trailing /'s and a host header that is
needed as well, not to mention the way IIS/OWA handles spaces. There
is also some sort of issue with using Form-based Authentication in
OWA?  I have gotten the Basic Auth to ask for a login/password, but it
never accepts anything, just continually returns the username/password
prompt.  Couple all of this with the fact that our external DNS
resolves to our ISP supplied routable IP (which is our external
router). This is then port redirected to the different internal
systems and I suspect I have something of a mess. ;)  We have used
https with OWA being accessed directly via a simple port redirect:
Internet_IP:443 --> Internal_IP:443 without issues.  But since there
is now a need for additional SSL sites, we need the reverse proxy or
another IP address.  I thought it would just be a matter of
Internet_IP:443 --> Internal_IP_apache_reverse_proxy:443 which would
then redirect to the other servers, but ... nope.  At this point, the
simplest might just be to get another Internet IP address from our
ISP?  Proxying anything else (80 or 443) 'just works', but
OWA/Exchange apparently has its own set of rules.

Also, I am still not clear on when to use a hostname for the
VirtualHost and when to use an IP address. For name based, I thought
it was just a

<VirtualHost *:80>
ServerName mysite1.domain.org
... other stuff
</VirtualHost>

and apache matches up the mysite1.domain.org which is what the browser
uses to determine which block to use. Internal testing of the 6 sites
being hosted show that it seems to work. e.g. a address of
http://mysite2.domain.org returns mysite2 and not mysite1 though both
are wrapped in their own <VirtualHost *:80></VirtualHost> blocks.

I'll keep plugging away at over the weekend. Otherwise, I'll just redo
the redirect at the router on Monday and try again later.

Thanks!!!
Dave Hopkins

On Jan 12, 2008 1:00 AM, Peter Hartmann <ascensiontech at gmail.com> wrote:
> Oh well why didn't you say so!   :)  Mind the double forward slashes
> and 'Keep Alives' on the IIS side.
>
> <VirtualHost 10.1.1.7:80>
> #    ServerAdmin webmaster at dummy-host.example.com
>     ServerName server.name.com
> ProxyRequests Off
> ProxyPreserveHost On
>
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> ProxyPass / http://10.1.1.3/
> ProxyPassReverse / http://10.1.1.3/
> ProxyPass /exchange http://10.1.1.3/exchange//
> ProxyPassReverse /exchange http://10.1.1.3/exchange//
> ProxyPass /Exchange http://10.1.1.3/exchange//
> ProxyPassReverse /Exchange http://10.1.1.3/exchange//
> ProxyPass /exchweb http://10.1.1.3/exchweb//
> ProxyPassReverse /exchweb http://10.1.1.3/exchweb//
> ProxyPass /public http://10.1.1.3/public//
> ProxyPassReverse /public http://10.1.1.3/public//
> ProxyPass /iisadmpwd http://10.1.1.3/iisadmpwd//
> ProxyPassReverse /iisadmpwd http://10.1.1.3/iisadmpw//
>
> ProxyPass /exchange/ http://10.1.1.3/exchange//
> ProxyPassReverse /exchange/ http://10.1.1.3/exchange//
> ProxyPass /Exchange/ http://10.1.1.3/exchange//
> ProxyPassReverse /Exchange/ http://10.1.1.3/exchange//
> ProxyPass /exchweb/ http://10.1.1.3/exchweb//
> ProxyPassReverse /exchweb/ http://10.1.1.3/exchweb//
> ProxyPass /public/ http://10.1.1.3/public//
> ProxyPassReverse /public/ http://10.1.1.3/public//
> ProxyPass /iisadmpwd/ http://10.1.1.3/iisadmpwd//
> ProxyPassReverse /iisadmpwd/ http://10.1.1.3/iisadmpw//
>
> </VirtualHost>
>
>
>
> On Jan 11, 2008 9:01 PM, David Hopkins <dahopkins429 at gmail.com> wrote:
> > Thanks for the examples. They work except for one notable exception:
> > Reverse proxying my Exchange server OWA connection so I don't have to
> > have the OWA server facing the internet.  There are numerous examples
> > found by google, none of which seem to work.  I have spent a few days
> > trying to get the OWA proxy to work and no luck at all. Oh well :(
> >
> > Sincerely,
> > Dave Hopkins
> >
> >
> > 2008/1/7 Harish Pillay <harish.pillay at gmail.com>:
> >
> > > David -
> > >
> > > > I want to be able to serve several different internal websites via
> > > > http and https but only have one redirect at the router for ports 80
> > > > and 443 to an internal system.  I can run squid or apache2 or both on
> > > > that internal system.  What I had in mind was setting up this internal
> > > > system to redirect the external requests to the appropriate internal
> > > > servers based on the hostnames. The internal network uses a 10.
> > > > address space if that makes a difference.  Both squid and apache2 can
> > > > be set up for reverse proxying.  Has anyone on the list implemented
> > > > this and is there a preference for which one to use?
> > >
> > > I had done exactly that for a programming contest I ran which needed
> > > to access internal servers.
> > >
> > > Here's the zipped up httpd.conf file.
> > >
> > > Enjoy.
> > > --
> > > Harish Pillay h.pillay at ieee.org gpg id: 746809E3
> > > fingerprint: F7F5 5CCD 25B9 FC25 303E 3DA2 0F80 27DB 7468 09E3
> > >
> >
> > > _______________________________________________
> > > K12OSN mailing list
> > > K12OSN at redhat.com
> > > https://www.redhat.com/mailman/listinfo/k12osn
> > > For more info see <http://www.k12os.org>
> > >
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>