OT:Apache question 2
Chris Hewitt
g0pae at manordat.demon.co.uk
Sat Feb 21 20:42:24 UTC 2004
Info wrote:
>Please forgive the intrusion on this thread. But I've got a somewhat related question.
>
>I have my web page on the internet on my RedHat8 server(apache). Also on my little network I have a
>Win2K server running an application which currently only runs on M$ platforms. (I'd prefer to have the user
>go through the Apache server to get to the M$ app ... www.mydomain.com/app (or http://win2k/app from inside).
>
>While this works like a champ from inside my lan, it doesn't work worth a hoot from outside. (I end up exposing IIS to the world and I'm just too busy to keep up with the security patches etc. to keep social diseases out.)
>
>Should I add the Win2K virtual directorys to Apache in a manner similar to your suggestion.
> /Win2K/App
> <Directory //Win2k/App ......
> /Win2K/App/SubDirectory
> <Directory //Win2K/App/Subdirectory ...
>???
>
>Or am I wandering down the wrong fork in the road and need to try something else.
>(Is there a "young person's guide to all of this funny networking stuff.."?)
>
>thanks in advance
>ghd
>
Ghd,
Well I was right and wrong. Yes Apache httpd can do what you want, but
mod_rewrite is not going to be the right thing to use. Again, I'm
assuming that your internet connection is via your linux box and your
win2k box cannot be directly seen from the internet.
If mod_rewrite finds a match with part of a url or port then it sends a
redirect message back to the browser giving the new url, the browser
then goes to the new url automatically to get the page. In your case
this will not work as the win2k box cannot be seen from the internet.
What is needed is a reverse proxy, and Apache httpd has mod_proxy. I've
just noticed you mentioned you are using RH8 (which I think has an httpd
1.3.x version), I've used Fedora Core 1 (which has httpd 2.0.47). You
will need to use the equivalent 1.3.x commands, which do differ. Look at
http://localhost/manual on your linux box for mod_proxy and you will
find the equivalents.
I used three computers:
aone.homemanordata.nodom (the equivalent of your linux box that you are
going to modify /etc/httpd/conf/httpd.conf on so that this computer acts
as a proxy).
athlon.homemanordata.nodom (the equivalent of your win2k box. This
computer I've booted up in win2k and I have an Oracle Workflow
application on that I access with the url of
http://athlon.homemanordata.nodom:8000/wf/plsql/wfa_html.login ).
server.homemanordata.nodom (the equivalent of the computer on which a
user's browser is running and which wants to talk to the workflow
application using aone as a proxy.
On aone, I edited /etc/httpd/conf/httpd.conf and uncommented the line:
ProxyRequests On
I added the lines:
<Location /wf/plsql/>
RequestHeader set X-Proxy-Request yes
ProxyPass http://athlon.homemanordata.nodom:8000/wf/plsql/
</Location>
As all URLs for the workflow applcation will have "/wf/plsql/" in them
it was a good thing for me to pick up on, but you can even do it on a
different port if you like, it just needs something to recognise. The
ProxyPass line simply rewites the url up to the end of the /wf/plsql/ as
http://athlon.homemanordata.nodom:8000/wf/plsql/, gets the page then
passes it back to the browser. I've not set up caching or any security
aspects but the above is the basics. After editing httpd.conf, don't
forget to restart httpd with "service httpd restart".
I can access the workflow application now as:
http://aone.homemanordata.nodom/wf/plsql/wfa_html.login
Note that I did not put in the port 8000, the ProxyPass line has that in it
Let us know if you need any more information, I've got to go now but
I'll be around in the morning. You mentioned that you had a concern
about the win2k box being on the internet, by doing this it is
effectively on the internet. There are security things which can be
done, like restricting access to only http requests (I think <Location
http://*/wf/plsql > will do that) or just port 80.
Hope this helps.
Regards
Chris
More information about the Redhat-install-list
mailing list