crumpled
asked on
Reverse Proxy All Traffic on Apache2
below is code from the 000-default file.
This server is 192.168.1.121, and I wan't all the content to come from 192.168.1.133
All I get right now is a 403 error from the server on the apache server. How can my 000-default file be changed to get the proxy working properly?
the DNS for foo1.test is pointing to 192.168.1.121 properly.
This server is 192.168.1.121, and I wan't all the content to come from 192.168.1.133
All I get right now is a 403 error from the server on the apache server. How can my 000-default file be changed to get the proxy working properly?
the DNS for foo1.test is pointing to 192.168.1.121 properly.
NameVirtualHost *
<VirtualHost *>
ServerAdmin itsupport@xxxx.com
ServerName foo1.test
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
ProxyRequests off
ProxyPass / http://192.168.1.133/
ProxyPassReverse / http://192.168.1.133/
</VirtualHost>
ASKER
The 403 is coming from the apache reverse proxy server (192.168.1.121) and not the upstream backend server.
ASKER
I know that for sure because the backend server is running IIS and the error page identifies the server. What else could be wrong?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have a look in the Apache error log and post any relevant error messages.
ASKER
Error reads as follows in code snippet.
@Caterham: I tried your code snippet and that resulted in a misconfiguration error instead of the 403 error. I set the conf file back to what I had before.
@Caterham: I tried your code snippet and that resulted in a misconfiguration error instead of the 403 error. I set the conf file back to what I had before.
[Fri Apr 24 11:34:40 2009] [error] [client 192.168.1.39] client denied by server configuration: proxy:http://192.168.1.133/
From the apache server, do
telnet 192.168.1.133 80
GET /
quit
to see if you get a valid page returned.
telnet 192.168.1.133 80
GET /
quit
to see if you get a valid page returned.
ASKER
@Tintin: I do get the page when I do that.
OK, well, I think caterham was on the right track. Assuming you are running Apache 2.2, the default access rules were tightened. In which case, your config needs to look like
NameVirtualHost *
<VirtualHost *>
ServerAdmin itsupport@xxxx.com
ServerName foo1.test
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.lo g combined
ServerSignature On
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.133/
ProxyPassReverse / http://192.168.1.133/
</VirtualHost>
NameVirtualHost *
<VirtualHost *>
ServerAdmin itsupport@xxxx.com
ServerName foo1.test
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.lo
ServerSignature On
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.1.133/
ProxyPassReverse / http://192.168.1.133/
</VirtualHost>
ASKER
I get a 500 error with that, the error log line is in the code snippet section. I do load mod_proxy.so I'm not sure what 'protocol handler' means or 'submodule'.
Thanks for your attention. This is important to me, and perplexing... I've set up reverse proxies before.
This version is Apache 2.2.8.
Thanks for your attention. This is important to me, and perplexing... I've set up reverse proxies before.
This version is Apache 2.2.8.
[Fri Apr 24 14:11:00 2009] [warn] proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So just to confirm, you have an entry
LoadModule mod_proxy modules/mod_proxy.so
LoadModule mod_proxy modules/mod_proxy.so
ASKER
@tintin: I have an entry like that in /etc/apache2/mods-enabled/ proxy.load
@caterham: I haven't seen a reference to mod_proxy_http, so I ran the command in the following code snippet. The response to the command makes it look like it is indeed installed. Is that definitive?
@caterham: I haven't seen a reference to mod_proxy_http, so I ran the command in the following code snippet. The response to the command makes it look like it is indeed installed. Is that definitive?
user@www:/etc/apache2/mods-enabled$ sudo a2enmod proxy_http
Enabling proxy as a dependency
This module is already enabled!
Module proxy_http installed; run /etc/init.d/apache2 force-reload to enable.
> so I ran the command in the following code snippet. The response to the command makes it look like it is indeed installed.
That looks to me mod_proxy was installed and mod_proxy_http is now installed and you you need to restart/reload apache.
The reference is at the to of the page: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
That looks to me mod_proxy was installed and mod_proxy_http is now installed and you you need to restart/reload apache.
The reference is at the to of the page: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
ASKER
It was a combination allowing proxy with the directive, and making sure I had mod_proxy_http installed. Thank you Experts for your steadfast support.
When you say you get a 403 error from apache, is it really coming from Apache or your backend server?