After much trial and error, I've gotten this working. I remember asking about this once in SAX and getting some answers about needing to use multiple ports, but I actually figured out a way to do it on the same port. This guide is for people who may not know how to do this.

This method involves having one, forward-facing server. This forward facing server is the only one configured for port forwarding-- Port 80 to itself. This server is an HTTP proxy server, containing an array of virtual hosts configured as proxies, using the following code.


Code:
<VirtualHost *:80>
ServerName: example.com
#ServerAlias: www.example.com

ProxyPreserveHost: On
#This is needed to ensure the actual server knows what host to serve. It causes the actual request hostname be provided in the Host: part of the http header, rather than the downstream host name (the proxy server). This enables the actual host to be able to match the host with a vhost running on it.
<Location "/">
ProxyPass "http://192.168.1.161"
# maps the location to the "remote" server
ProxyPassReverse "http://192.168.1.161"
# rebuilds asset links correctly for actual host server
</Location>
</VirtualHost>


You put one of these for every host you need to serve, and fill in ProxyPass and ProxyPassReverse with the correct local IP for the actual server.

On the actual server, you setup and configure apache to serve the website normally.
The port-forwarded proxy server will see the host request. It will match the vhost file, and proxy the request to the other server specified. The other server will serve the site back to the proxy server, which will relay it back to the requesting client. All transparently.

Hope this helps anyone needing to do something like this. And yes, I have this tested, deployed and working.
Requires apache modules proxy and http_proxy.

** This can also be used to map a sub-directory of a website to a completely different server.**
Take http://titrek.us for example. Say I wanted to host titrek.us on one server and titrek.us/srv (or srv.titrek.us) on another.


Code:
<VirtualHost *:80>
ServerName: titrek.us
#ServerAlias: www.titrek.us
DocumentRoot: /path/to/root
//Other Directives
ProxyPreserveHost: On
#This is needed to ensure the actual server knows what host to serve. It causes the actual request hostname be provided in the Host: part of the http header, rather than the downstream host name (the proxy server). This enables the actual host to be able to match the host with a vhost running on it.
<Location "/srv/">
ProxyPass "other_server"
# maps the location to the "remote" server
ProxyPassReverse "other server"
# rebuilds asset links correctly for actual host server
</Location>
</VirtualHost>

This maps exclusively the /srv/ directory to another server.
Heck this is useful. Time to see if Ky'll let me buy a dozen Raspberry Pi's.
I've done basically this on my home network for a while. The proxy machine runs a number of services itself (for which the application servers are proxied behind apache), but there's one host that proxies to a different machine.

You can omit the Location blocks too:

Code:
<VirtualHost *:443>
    ServerName "app.example.com"
    SSLEngine on
    SSLCertificateFile ...
    SSLCertificateKeyFile ...

    ProxyPass / http://myhost/
    ProxyPassReverse / http://myhost/
</VirtualHost>
Tari wrote:


Code:
<VirtualHost *:443>
    ServerName "app.example.com"
    SSLEngine on
    SSLCertificateFile ...
    SSLCertificateKeyFile ...

    ProxyPass / http://myhost/
    ProxyPassReverse / http://myhost/
</VirtualHost>

Yea, I know you can have dual arguments for ProxyPass and Reverse but apache's documentation says that if you have a lot of those in that format, it can slow things down. I'm not quite sure how many of them it means, but I assume <Location> is more optimized in some way.
I have a follow up to this. I was able to get the http proxy working but I'm trying to get an HTTPS service running by proxy as well. Now basically here's what I'm trying to do.

Server A (forward facing proxy)
Server B (hosting server, with SSL certificate installed)

Packet arrives, is forwarded to Server A on Port 443
Server A forwards traffic to Server B, which handles SSL authentication.
Server B responds to Server A.
Server A responds to client.

I clearly have it configured wrong because I have the browser error "Unable to provide a secure connection".

Here is my existing proxy host file.

Code:
<VirtualHost *:443>
        ServerName dummy.zedaky.org
        ProxyPreserveHost On
        SSLProxyEngine On
        <Location "/">
                ProxyPass "https://192.168.1.161/"
                ProxyPassReverse "https://192.168.1.161/"
        </Location>
</VirtualHost>

Suggestions?
I don't think Apache is capable of doing what you want with that. SSLProxyEngine enables using HTTPS to connect to a backend, not passing through HTTPS to a backend. What you've done is configured the proxy server to terminate the secure connection then proxy through a different secure connection.

The easy solution is to terminate HTTPS at the proxy server instead, and if encrypted connections on your LAN are also important then issue a different certificate to the backend (and configure the reverse proxy to verify it).

It is notionally possible to do what you want based on Server Name Indication, but Apache can't do it. Looks like other reverse proxies can, though.

If there's only one HTTPS backend that you want to support, then you can just make that the only target for incoming connections on port 443.
So basically handle SSL authentication on the proxy server, and then proxy the request to normal HTTP on the backend?
Yes.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement