Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Configuration Reverse Proxy - https issue
Operating Systems Linux Red Hat Configuration Reverse Proxy - https issue Post 302864159 by niyas_gk on Wednesday 16th of October 2013 05:17:54 AM
Old 10-16-2013
Computer Configuration Reverse Proxy - https issue
Hi All

I need your valuable help on this. Im trying to setup reverse proxy using apache in rhel 5.5. I just started with Apache, and not much idea about going with advance level config, except that i have tried to set up this reverse proxy based on an online guide i found in internet. The purpose of this test to validate, whether the incoming url request from outside is successfully diverting to given application url.

So far, im getting expected result ( thats wht im thinking ) for http requests from outside, as its successfully diverting to the url mentioned in httpd virtual host config, which is as below

-->

ProxyRequests Off

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
ServerName ws01.mydom.com
ServerAlias ws01
ErrorLog /var/log/httpd/ws01_error.log
TransferLog /var/log/httpd/ws01_access.log

ProxyPass / hxxp://test.mydom.com:8080/
ProxyPassReverse / hxxp://test.mydom.com:8080/

</VirtualHost>

------------------->

what im trying to do next is , is below

1) http url divert to https, and from there to actual app url
2) direct https will divert to app url

So far i have modified the httpd.conf file as follows

-------------------------->

ProxyRequests Off

NameVirtualHost *:80
NameVirtualHost *:443

#Redirect HTTP Request to HTTPS
<VirtualHost *:80>
ServerName ws01.mydom.com
ServerAlias ws01
Redirect / hxxps://ws01.mydom.com/
</VirtualHost>

<VirtualHost *:443>
ServerName ws01.mydom.com
ServerAlias ws01
ErrorLog /var/log/httpd/ws01_error.log
TransferLog /var/log/httpd/ws01_access.log

ProxyPass / hxxp://test.mydom.com:8080/
ProxyPassReverse / hxxp://test.mydom.com:8080/

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/pki/tls/certs/ws01.mydom.com
SSLCertificateKeyFile /etc/pki/tls/private/ws01.mydom.com
</VirtualHost>

------------------------------------------>

when i access the url as ,

1) hxxp://ws01.mydom.com/ -> its redirecting to hxxps://ws01.mydom.com/, and stucks, all i can see is white blank page in browser. The log updating is , access_log and not ws01_access.log. The contents of access_log is ->

""GET / HXXP/1.1" 302 291 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)""

2) hxxps://ws01.mydom.com/ -> its showing default fedora apache page, rather than redirecting to , hxxp://test.mydom.com:8080/. And only the below log getting updated on this time

a) ssl_request_log -> "TLSv1 AES128-SHA "GET /icons/poweredby.png HTTP/1.1" 299"

b) ssl_error_log -> "Directory index forbidden by Options directive: /var/www/html/" ,
"Symbolic link not allowed or link target not accessible: /var/www/icons/poweredby.png, referer: hxxps://192.168.1.172/"

c) ssl_access_log --> ""GET / HTTP/1.1" 403 3918" ,
""GET /icons/poweredby.png HTTP/1.1" 403 299"

I have no idea how to proceed from here, any help would be much appreciated.

What i expect is, the url need to be diverted to hxxp://test.mydom.com:8080/, when accessing from outside, either by http or by https.
 

8 More Discussions You Might Find Interesting

1. Linux

Reverse Proxy

I have configured reverse proxy through apache...conf file is attached My reverse proxy has a public ip.it is redirecting the request to 172.16.1.43 which is http server.....Now i have a link in Http server's home page which will redirect the request to another Lan zone machine... (0 Replies)
Discussion started by: dipanrc
0 Replies

2. UNIX for Dummies Questions & Answers

Reverse Proxy difficulty

Hi I am trying to set up two hosts in a reverse proxy. The reverse proxy already has 8 servers running perfectly, but they are all simply mapping pure addresses, which I have registered internally and externally. The latest two I wish to add are a bit different, they are app servers, one... (1 Reply)
Discussion started by: rboekdrukker
1 Replies

3. UNIX for Advanced & Expert Users

Apache-Reverse proxy and load balancing

Hi All, I have a webpage loaded on server1 with authorization enabled by .htaccess, which can be accessed by http://ipofserver1/index.html. Now im planning a high availabilty load balancing in such a way that if the server1 is down due to some reason it should connect to another server. i have... (1 Reply)
Discussion started by: Tuxidow
1 Replies

4. UNIX for Advanced & Expert Users

Setup a Reverse Proxy on Squid

Hi all, The scenario is: http://img834.imageshack.us/img834/7990/1234z.jpg - With: + 192.168.100.0/24 : internet link (simulation) + Multiple Websites are hosting in local. + Complete DNS configuration. + OS: CentOS 5 - Requirements: Configure Squid Proxy as... (0 Replies)
Discussion started by: kidzer0
0 Replies

5. Linux

How to deny facebook https using squid proxy in Centos 6.5?

Hi we have Centos Server and we have client machines using Ubuntu 12.04 and Win7,I Have Configured Squid only purposely for facebook denied, Cos User;s often being in fb so need to do it, have configured squid as transpernt , followed this How to install squid proxy on centos 6 steps to did it and... (1 Reply)
Discussion started by: babinlonston
1 Replies

6. Linux

How to deny facebook https using squid proxy in Centos 6.5?

Hi we have Centos Server and we have client machines using Ubuntu 12.04 and Win7,I Have Configured Squid only purposely for facebook denied, Cos User;s often being in fb so need to do it, have configured squid as transparent , followed this How to install squid proxy on centos 6 steps to did it and... (2 Replies)
Discussion started by: babinlonston
2 Replies

7. IP Networking

Reverse proxy tutorials for webserver?

Hi, one member of WJ forum adviced that i setup an reverse proxy for my webserver. So im curious if anyone know about good, easy noob tutorial on hwo to achieve this, please link to this tutorial how to setup reverse proxy for an webserver. Or better for whole node server with OpenVZ... (1 Reply)
Discussion started by: postcd
1 Replies

8. UNIX and Linux Applications

One DMZ server reverse proxy for 2 websites

Hi All, Hope this is the correct thread to ask this, if not, can an admin please move it to the correct thread. Got a wee problem I hope someone can point me in the right direction. I have Network A with two servers hosting separate webpages (I will call these WP1 & WP2). A DMZ server... (6 Replies)
Discussion started by: dakelly
6 Replies

LEARN ABOUT OPENDARWIN

proxymngr

PROXYMNGR(1)						      General Commands Manual						      PROXYMNGR(1)

NAME

       proxymngr - proxy manager service

SYNOPSIS

       proxymngr [-config filename] [-timeout seconds] [-retries #] [-verbose]

DESCRIPTION

       The  proxy manager (proxymngr) is responsible for resolving requests from xfindproxy (and other similar clients), starting new proxies when
       appropriate, and keeping track of all of the available proxy services.  The proxy manager strives to reuse existing proxies whenever possi-
       ble.

       There are two types of proxies that the proxy manager deals with, managed and unmanaged proxies.

       A managed proxy is a proxy that is started ``on demand'' by the proxy manager.

       An  unmanaged proxy, on the other hand, is started either at system boot time, or manually by a system administrator.  The proxy manager is
       made aware of its existence, but no attempt is made by the proxy manager to start unmanaged proxies.

       The command line options that can be specified to proxymngr are:

       -config Used to override the default proxymngr config file.  See below for more details about the config file.

       -timeout
	       Sets the number of seconds between attempts made by the proxy manager to find an unmanaged proxy.  The default is 10.

       -retries
	       Sets the maximum number of retries made by the proxy manager to find an an unmanaged proxy.  The default is 3.

       -verbose
	       Causes various debugging and tracing records to be displayed as requests are received and proxies are started.

Proxy Manager Config File
       The proxy manager maintains a local configuration file describing the proxy services available.	This configuration file  is  installed	in
       /usr/lib/X11/proxymngr/pmconfig	during the installation of proxymngr.  The location of the configuration file can be overwritten using the
       -config command line option.

       Aside from lines starting with an exclamation point for comments, each line of the configuration file describes either an unmanaged or man-
       aged proxy service.

       For unmanaged proxies, the format is:

	      <service-name> unmanaged <proxy-address>

       service-name  is  the  name  of	the  unmanaged proxy service, and must not contain any spaces, for example ``XFWP''.  service-name is case
       insensitive.

       proxy-address is the network address of the unmanaged proxy.  The format of the address is specific to the service-name.  For example,  for
       the ``XFWP'' service, the proxy-address might be ``firewall.x.org:100''.

       If  there  is more than one entry in the config file with the same unmanaged service-name, the proxy manager will try to use the proxies in
       the order presented in the config file.

       For managed proxies, the format is:

	      <service-name> managed <command-to-start-proxy>

       service-name is the name of the managed proxy service, and must not contain any spaces, for example ``LBX''.  service-name is case insensi-
       tive.

       command-to-start-proxy  is  the command executed by the proxy manager to start a new instance of the proxy.  If command-to-start-proxy con-
       tains spaces, the complete command should be surrounded by single quotes.  If desired, command-to-start-proxy can be used to start a  proxy
       on a remote machine.  The specifics of the remote execution method used to do this is not specified here.

EXAMPLE

       Here is a sample configuration file:

	      ! proxy manager config file
	      !
	      ! Each line has the format:
	      !    <serviceName> managed <startCommand>
	      !        or
	      !    <serviceName> unmanaged <proxyAddress>
	      !
	      lbx managed /usr/bin/lbxproxy
	      !
	      ! substitute site-specific info
	      xfwp unmanaged firewall:4444

PROXY MANAGER DETAILS

       When  the proxy manager gets a request from xfindproxy (or another similar client), its course of action will depend on the service-name in
       question.

       For a managed proxy service, the proxy manager will find out if any of the already running proxies  for	this  service  can  handle  a  new
       request.   If  not,  the  proxy manager will attempt to start up a new instance of the proxy (using the command-to-start-proxy found in the
       config file).  If that fails, an error will be returned to the caller.

       For an unmanaged proxy service, the proxy manager will look in the config file to find all unmanaged proxies for this service.  If there is
       more  than  one	entry  in the config file with the same unmanaged service-name, the proxy manager will try to use the proxies in the order
       presented in the config file.  If none of the unmanaged proxies can satisfy the request, the proxy manager will timeout for a  configurable
       amount  of time (specified by -timeout or default of 10) and reattempt to find an unmanaged proxy willing to satisfy the request.  The num-
       ber of retries can be specified by the -retries argument, or a default of 3 will be used.  If the retries fail, the proxy  manager  has	no
       choice but to return an error to the caller (since the proxy manager can not start unmanaged proxy services).

BUGS

       proxy manager listen port should be configurable.

       -timeout and -retries is not implemented in proxymngr.

       proxymngr does not utilize the ``options'' and ``host'' fields in the proxy management protocol GetProxyAddr request.

SEE ALSO

       xfindproxy (1), xfwp (1), Proxy Management Protocol spec V1.0

AUTHOR

       Ralph Mor, X Consortium

X Version 11							  proxymngr 1.0.1						      PROXYMNGR(1)
All times are GMT -4. The time now is 05:55 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy