Mailing List Archive: mod_proxy _rewrite to SSL a backend server

mod_proxy _rewrite to SSL a backend server

Jan 17, 2002, 9:22 AM

Post #1 of 4 (856 views)

I have Apache 1.3.22 on RH7.1 Linux as a Frontend server running SSL secured through :443. It is enabled with mod_proxy and mod_rewrite. It is Internet accessible at https://www.example.com/

A Backend server is also running Apache (non-SSL!) with a legacy "application" site that is cgi driven. It is intranet accessible at http://backend.example.com/

I would like to have requests to Frontends's URL https://www.example.com/application/ be a transparent passthrough / rewrite for requests to http://backend.example.com/ without having to recode anything on Backend.

The result should be Internet output from:
https://www.example.com/application/cgi-bin/foo.cgi?i=1 or
https://www.example.com/application/html/calendar.html or
or whatever else the Backend spews forth.

Can this be done with mod's _proxy and _rewrite? What I though should work was:

--- snip httpd.conf----
<Directory />
RewriteEngine On
RewriteRule ^application/(.*)$ http://10.0.0.50/$1 [P]</Directory>

This brings some of the images and html forward, but the links from the Backend to /cgi-bin/foo.cgi are still tied to www.example.com/cgi-bin/foo.cgi, so I conclude that I've missed something to make them /application/cgi-bin/foo.cgi

Thanks!

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy _rewrite to SSL a backend server [ In reply to ]

Robert.L.Harris at rdlg

Jan 17, 2002, 9:55 AM

Post #2 of 4 (797 views)

Permalink

I'm doing the same thing pretty much. You need the following 2 lines in
your httpd.conf.

ProxyPass /application http://backend.example.com/
ProxyPassReverse /application http://backened.example.com/

Thus spake David Richardson (isp@derdev.com):

> I have Apache 1.3.22 on RH7.1 Linux as a Frontend server running SSL secured through :443. It is enabled with mod_proxy and mod_rewrite. It is Internet accessible at https://www.example.com/
>
> A Backend server is also running Apache (non-SSL!) with a legacy "application" site that is cgi driven. It is intranet accessible at http://backend.example.com/
>
> I would like to have requests to Frontends's URL https://www.example.com/application/ be a transparent passthrough / rewrite for requests to http://backend.example.com/ without having to recode anything on Backend.
>
> The result should be Internet output from:
> https://www.example.com/application/cgi-bin/foo.cgi?i=1 or
> https://www.example.com/application/html/calendar.html or
> or whatever else the Backend spews forth.
>
> Can this be done with mod's _proxy and _rewrite? What I though should work was:
>
> --- snip httpd.conf----
> <Directory />
> RewriteEngine On
> RewriteRule ^application/(.*)$ http://10.0.0.50/$1 [P]</Directory>
>
> This brings some of the images and html forward, but the links from the Backend to /cgi-bin/foo.cgi are still tied to www.example.com/cgi-bin/foo.cgi, so I conclude that I've missed something to make them /application/cgi-bin/foo.cgi
>
> Thanks!
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy _rewrite to SSL a backend server [ In reply to ]

isp at derdev

Jan 17, 2002, 11:15 AM

Post #3 of 4 (794 views)

Permalink

List: I tried Robert's idea and its not including '/billing in the virtual links within the document... am I asking too much or as my config wrong?

ProxyRequests on
ProxyPass /application http://10.0.0.50/
RewriteEngine On
RewriteRule ^application(.*)$ http://10.0.0.50/$1 [P]
ProxyPassReverse /application http://10.0.0.50/

---------- Original Message ----------------------------------
From: "Robert L. Harris" <Robert.L.Harris@rdlg.net>
Date: Thu, 17 Jan 2002 09:55:47 -0700

>
>
>I'm doing the same thing pretty much. You need the following 2 lines in
>your httpd.conf.
>
>ProxyPass /application http://backend.example.com/
>ProxyPassReverse /application http://backened.example.com/
>
>
>
>
>Thus spake David Richardson (isp@derdev.com):
>
>> I have Apache 1.3.22 on RH7.1 Linux as a Frontend server running SSL secured through :443. It is enabled with mod_proxy and mod_rewrite. It is Internet accessible at https://www.example.com/
>>
>> A Backend server is also running Apache (non-SSL!) with a legacy "application" site that is cgi driven. It is intranet accessible at http://backend.example.com/
>>
>> I would like to have requests to Frontends's URL https://www.example.com/application/ be a transparent passthrough / rewrite for requests to http://backend.example.com/ without having to recode anything on Backend.
>>
>> The result should be Internet output from:
>> https://www.example.com/application/cgi-bin/foo.cgi?i=1 or
>> https://www.example.com/application/html/calendar.html or
>> or whatever else the Backend spews forth.
>>
>> Can this be done with mod's _proxy and _rewrite? What I though should work was:
>>
>> --- snip httpd.conf----
>> <Directory />
>> RewriteEngine On
>> RewriteRule ^application/(.*)$ http://10.0.0.50/$1 [P]</Directory>
>>
>> This brings some of the images and html forward, but the links from the Backend to /cgi-bin/foo.cgi are still tied to www.example.com/cgi-bin/foo.cgi, so I conclude that I've missed something to make them /application/cgi-bin/foo.cgi
>>
>> Thanks!
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>:wq!
>---------------------------------------------------------------------------
>Robert L. Harris | Micros~1 :
>Senior System Engineer | For when quality, reliability
> at RnD Consulting | and security just aren't
> \_ that important!
>DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
>FYI:
> perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_proxy _rewrite to SSL a backend server [ In reply to ]

isp at derdev

Jan 17, 2002, 11:17 AM

Post #4 of 4 (802 views)

Permalink

List: I tried Robert's idea and its not including '/application' in the virtual links within the document... am I asking too much or as my config wrong?

ProxyRequests on
ProxyPass /application http://10.0.0.50/
RewriteEngine On
RewriteRule ^application(.*)$ http://10.0.0.50/$1 [P]
ProxyPassReverse /application http://10.0.0.50/

---------- Original Message ----------------------------------
From: "Robert L. Harris" <Robert.L.Harris@rdlg.net>
Date: Thu, 17 Jan 2002 09:55:47 -0700

>
>
>I'm doing the same thing pretty much. You need the following 2 lines in
>your httpd.conf.
>
>ProxyPass /application http://backend.example.com/
>ProxyPassReverse /application http://backened.example.com/
>
>
>
>
>Thus spake David Richardson (isp@derdev.com):
>
>> I have Apache 1.3.22 on RH7.1 Linux as a Frontend server running SSL secured through :443. It is enabled with mod_proxy and mod_rewrite. It is Internet accessible at https://www.example.com/
>>
>> A Backend server is also running Apache (non-SSL!) with a legacy "application" site that is cgi driven. It is intranet accessible at http://backend.example.com/
>>
>> I would like to have requests to Frontends's URL https://www.example.com/application/ be a transparent passthrough / rewrite for requests to http://backend.example.com/ without having to recode anything on Backend.
>>
>> The result should be Internet output from:
>> https://www.example.com/application/cgi-bin/foo.cgi?i=1 or
>> https://www.example.com/application/html/calendar.html or
>> or whatever else the Backend spews forth.
>>
>> Can this be done with mod's _proxy and _rewrite? What I though should work was:
>>
>> --- snip httpd.conf----
>> <Directory />
>> RewriteEngine On
>> RewriteRule ^application/(.*)$ http://10.0.0.50/$1 [P]</Directory>
>>
>> This brings some of the images and html forward, but the links from the Backend to /cgi-bin/foo.cgi are still tied to www.example.com/cgi-bin/foo.cgi, so I conclude that I've missed something to make them /application/cgi-bin/foo.cgi
>>
>> Thanks!
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>:wq!
>---------------------------------------------------------------------------
>Robert L. Harris | Micros~1 :
>Senior System Engineer | For when quality, reliability
> at RnD Consulting | and security just aren't
> \_ that important!
>DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
>FYI:
> perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org