Solved

ProxyPass to Cups

Posted on 2011-09-02
16
1,269 Views
Last Modified: 2012-05-12
Hello

I am looking for information and help on using Apache to proxy to a cups server.

Simple web portal that after the user logs in they can get to cups that is internal but the browser url shows the external domain.

Would think ProxyPass statements would take care of this but I have some questions.

An example:  
https://somecompany.com/finance
https://somecompany.com/humanresource

ProxyPass /finance http://127.0.0.1/classes/finance 
ProxyPass /humanresource http://127.0.0.1/classes/hr

Can the cups url be changed?
Instead of the examples above you might have:
ProxyPass /finance http://127.0.0.1/finance/classes/finance
ProxyPass /humanresource http://127.0.0.1/hr/classes/hr

Can Windows printers be setup with ipp to login?

http://user:password@somecompany.com/finance/myprintque

All this is in the drawing on paper stage to wrap my head around small scale “cloud” printing.

Thanks
mld4165
0
Comment
Question by:mld4165
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
16 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 36511291
Use Split-DNS so that the FQDN resolves to the correct IP# with respect to where the Client is.  That is,...internal Clients on the LAN must resolve it to the LAN IP of the resource directly,...while clients out in Internet Land must resolve the same FQDN to the Public IP# of the Firewall/Proxy and the Reverse-NAT takes over from there.

For Clients outside the LAN you can not use RFC Private IP#s.  Traffic must be Reverse-NAT'ed from a Public IP to and RFC IP of the resource.

You can never use 127.x.x.x in any situation,...ever.
0
 
LVL 1

Author Comment

by:mld4165
ID: 36514080
Sorry pwindell but the cups server runs on the Apache Server and that is why proxypass is to 127.0.0.1.

Does not seem to work anyway as cups still sees the original url and in the log files responds with can't find errors.

Thanks anyway.
mld4165
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36514524
So without seeing the other pertinent config excerpts, or knowing which apache version and/or mod_proxy version etc etc, this may not work, but try the following.  This is a very simple approach to get the basics working first.

ProxyRequests Off
ProxyPass /finance/classes/finance http://localhost:631/
<Location /finance/classes/finance>
  ProxyPassReverse /
</Location>

Open in new window

0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:mld4165
ID: 36516148
Papertrip

Centos 5.6
httpd-2.2.3-43
All updates applies.

Let me know what other "pertinent config excerpts" I can provide?

I have not tried the Location part that you added. Just the ProxyPass and ProxyPassReverse line. What does Location provide that ProxyPassReverse does not?

thanks
mld4165
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36517258
A good example of other config excerpts to provide would be something like that you are using ProxyPassReverse, which wasn't in your original question.  Anything you have in your config that has to do with what you are trying to do is always good to post, sanitized as-needed of course.

Anyways let's just start this over, because it appears you only have 1 major problem.
ProxyPass /finance http://127.0.0.1/classes/finance

Open in new window

should look like
ProxyPass /finance http://localhost:631

Open in new window


Try that out.
0
 
LVL 1

Author Comment

by:mld4165
ID: 36519085
Papertrip

I just want to be able to use Apache to proxy requests to cups and have a url that does not show classes or printers in the url.

I also want users to be able to set up a Windows print queue using the following.

https://somecompany.com/finance/someprintque

I cannot seem to get this to work. I will try your suggestions and report back ASAP.

mld4165
0
 
LVL 1

Author Comment

by:mld4165
ID: 36526780
OK. I worked on this a lot today and it is not an Apache issue.

Setup the ProxyPass statements again and in a browser it works just fine but you cannot set up a Windows printer.

Maybe this cannot be done? See attached.

clip-of-logs.txt

thanks
mld4165
0
 
LVL 1

Author Comment

by:mld4165
ID: 36526812
I submitted the first post to quick.

Add: ProxyPass /finance http://127.0.0.1/classes

Then I am able to open a web browser up and put in the url we are passing and see the class that is setup. Setting up a Windows printer just results in an error that Windows cannot connect to printer.

Add: ProxyPass /finance http://127.0.0.1/classes/finance and the same thing occurs.

Use ProxyPass /classes http://localhost:631/classes as your config. statement and Windows printer works fine.

Cups and ipp must be the issue, or possibly the way Apache sends Cups the URL. Not sure.

thanks again!
mld4165

0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36526934
OK so here is the deal.  CUPS is listening on port 631.  Unless you explicitly put :631 in the URL, it will go over port 80 which is apache.  That is why your first 2 examples above do not work.

If the 3rd example does work, then it is setup correctly and you are done.
0
 
LVL 1

Author Comment

by:mld4165
ID: 36533491
Hey Papertrip,

Darn. I messed up the last two post. So sorry.

All ProxyPass statements had the port number.

Example /finance http://127.0.0.1:631/classes

So yes a web browser works perfect, so we know the url gets passed, but when you try to install a printer on a Windows desktop, Apache passes the URL https//:somecomapny.com/classes/finance to Cups, and it goes to Cups because you see it in Apache's log, and it is in the Cups access and error logs, but for whatever reason Cups reports it cannot find the class. See attachment.

Might be the difference between ipp printing and http. Right now I do not know.

What I'm learning is that what I want may not possible. If you have a working system then let me know and we can continue, if not and you want to continue maybe you could try and setup what I am attempting?

If not I really appreciate your help and prompt replies!

Thanks
mld4165
0
 
LVL 1

Author Comment

by:mld4165
ID: 36557873
JustAMod

Working on this over the weekend and it appears this may not work.

Will close question if no new responses or my tests fail.

mld4165
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36558114
Hey mld4165,

Sorry I can't reproduce your exact scenario to further help with this.  If you have any new questions from your weekend of work let me know.
0
 
LVL 1

Author Closing Comment

by:mld4165
ID: 36577932
Cool. I appreciate the help.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Zimbra on Amazon Linux help 7 109
Setup small office network 1 57
Changing the default VLAN on a Cisco switch? 9 64
Server 2016 WSUS 7 31
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question