Solved

Apache FQDN Reverse Proxy

Posted on 2014-12-18
8
471 Views
Last Modified: 2014-12-27
Hi,

I am going to use Apache httpd for the first time to act as a FQDN Reverse Proxy. I have three web sites all pointing to the same IP and so I need Apache to act as a reverse proxy and forward requests based on the incoming FQDN to the appropriate server.

I am really new to all this and so I looking for a good tutorial or guide that explains how this is done in a Windows environment, preferably one which provides some explanation of what the settings are doing so that I can learn something from the process rather than just blindly following instructions

The server I am using is W2K8 R2 Standard
0
Comment
Question by:Michael74
  • 4
  • 3
8 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40508611
FQDN part sneaks in apache documentation between NameVirtualHost and VirtualHost parameters
Reverse Proxy is handled by mod_proxy_* with ProxyPass and ProxyPassReverse parameters

e.g:
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
 ServerName FQDN.example
 # ServerAliases www.fwdn.local www.fqdn.example
 # CustomLog /var/log/httpd/FQDN_access.log
 # ErrorLog /vqar/log/httpd/FQDN_error.log
 # ProxyPreserveHost on
 <Location />
  ProxyPass http://backendip:8080 ttl=3600 retry=1 timeout=1800
  ProxyPassReverse http://backendip:8080
 </Location>
</VirtualHost>
0
 
LVL 23

Author Comment

by:Michael74
ID: 40512117
OK time for some more detail I think

I have two sites (fake names)

https://example1.myco.com
https://example2.myco.com

both of these have public DNS entries pointing to the same IP say 12.1.1.1

I have a Windows 2008 R2 server on 12.1.1.1 with Apache 2.4 installed which is to be the reverse proxy.

Based on the incoming FQDN I want to redirect incoming calls to appropriate internal host server

Note: I need to use SSL and I do have a wildcard domain cert  *.myco.com and the associated key
0
 
LVL 62

Expert Comment

by:gheist
ID: 40512469
You just use 2 <VirtualHost *:80> sections with appropriate host names/host aliases/proxy backends.
You can have unlimited amount of them.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 23

Accepted Solution

by:
Michael74 earned 0 total points
ID: 40514353
In the end I found the solution using a number of different sources

I enabled the following modules

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule xml2enc_module modules/mod_xml2enc.so

In httpd.conf I entered

Listen 12.1.1.1:443
ServerName 12.1.1.1:443

<Proxy *>
	Order deny,allow
	Allow from all
</Proxy>

Open in new window


In my proxy-html.conf I entered
<VirtualHost 12.1.1.1:443>
	ProxyRequests Off
        SSLEngine on
	SSLCertificateFile      host.crt
	SSLCertificateKeyFile   host.key

	ServerName      		"example2.myco.com"
	ProxyPreserveHost 		On
	ProxyPass 				/ https://example2.myco.com/
	ProxyPassReverse 		/ https://example2.myco.com/
</VirtualHost>

<VirtualHost 12.1.1.1:443>
        ProxyRequests Off
        SSLEngine on
	SSLCertificateFile      host.crt
	SSLCertificateKeyFile   host.key

	ServerName      		"example1.myco.com"
	ProxyPreserveHost 		On
	ProxyPass 				/ https://example1.myco.com/
	ProxyPassReverse 		/ https://example1.myco.com/
</VirtualHost>

Open in new window

0
 
LVL 62

Expert Comment

by:gheist
ID: 40514488
There is one small problem - you NEVER even mentioned SSL
You just dropped some random page off the net which in part of functionality used is equivalent to solution provided.
And you do not use any directives from mod_proxy_html and mod_xml2enc, so with SSL optimal solution would be SSLProxyEngine.
0
 
LVL 23

Author Comment

by:Michael74
ID: 40515591
@gheist

My original post did not list https but my second stated
Note: I need to use SSL and I do have a wildcard domain cert  *.myco.com and the associated key

Your solution provided no detail and no explanations which was specifically requested in the original post. I came to my answer after hours of reading many different sources and trying different configs, which still did not result in my getting a good understanding of the subject but did result in a working solution.
0
 
LVL 23

Author Closing Comment

by:Michael74
ID: 40519478
I ended up finding the solution myself
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about some of the basic and important steps to be used to improve the performance in web-sphere commerce application development. 1) Always leverage the Dyna-caching facility provided by the product 2) Remove the unwanted code …
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question