Solved

Apache FQDN Reverse Proxy

Posted on 2014-12-18
8
452 Views
Last Modified: 2014-12-27
Hi,

I am going to use Apache httpd for the first time to act as a FQDN Reverse Proxy. I have three web sites all pointing to the same IP and so I need Apache to act as a reverse proxy and forward requests based on the incoming FQDN to the appropriate server.

I am really new to all this and so I looking for a good tutorial or guide that explains how this is done in a Windows environment, preferably one which provides some explanation of what the settings are doing so that I can learn something from the process rather than just blindly following instructions

The server I am using is W2K8 R2 Standard
0
Comment
Question by:Michael74
  • 4
  • 3
8 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40508611
FQDN part sneaks in apache documentation between NameVirtualHost and VirtualHost parameters
Reverse Proxy is handled by mod_proxy_* with ProxyPass and ProxyPassReverse parameters

e.g:
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
 ServerName FQDN.example
 # ServerAliases www.fwdn.local www.fqdn.example
 # CustomLog /var/log/httpd/FQDN_access.log
 # ErrorLog /vqar/log/httpd/FQDN_error.log
 # ProxyPreserveHost on
 <Location />
  ProxyPass http://backendip:8080 ttl=3600 retry=1 timeout=1800
  ProxyPassReverse http://backendip:8080
 </Location>
</VirtualHost>
0
 
LVL 23

Author Comment

by:Michael74
ID: 40512117
OK time for some more detail I think

I have two sites (fake names)

https://example1.myco.com
https://example2.myco.com

both of these have public DNS entries pointing to the same IP say 12.1.1.1

I have a Windows 2008 R2 server on 12.1.1.1 with Apache 2.4 installed which is to be the reverse proxy.

Based on the incoming FQDN I want to redirect incoming calls to appropriate internal host server

Note: I need to use SSL and I do have a wildcard domain cert  *.myco.com and the associated key
0
 
LVL 62

Expert Comment

by:gheist
ID: 40512469
You just use 2 <VirtualHost *:80> sections with appropriate host names/host aliases/proxy backends.
You can have unlimited amount of them.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 23

Accepted Solution

by:
Michael74 earned 0 total points
ID: 40514353
In the end I found the solution using a number of different sources

I enabled the following modules

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule xml2enc_module modules/mod_xml2enc.so

In httpd.conf I entered

Listen 12.1.1.1:443
ServerName 12.1.1.1:443

<Proxy *>
	Order deny,allow
	Allow from all
</Proxy>

Open in new window


In my proxy-html.conf I entered
<VirtualHost 12.1.1.1:443>
	ProxyRequests Off
        SSLEngine on
	SSLCertificateFile      host.crt
	SSLCertificateKeyFile   host.key

	ServerName      		"example2.myco.com"
	ProxyPreserveHost 		On
	ProxyPass 				/ https://example2.myco.com/
	ProxyPassReverse 		/ https://example2.myco.com/
</VirtualHost>

<VirtualHost 12.1.1.1:443>
        ProxyRequests Off
        SSLEngine on
	SSLCertificateFile      host.crt
	SSLCertificateKeyFile   host.key

	ServerName      		"example1.myco.com"
	ProxyPreserveHost 		On
	ProxyPass 				/ https://example1.myco.com/
	ProxyPassReverse 		/ https://example1.myco.com/
</VirtualHost>

Open in new window

0
 
LVL 62

Expert Comment

by:gheist
ID: 40514488
There is one small problem - you NEVER even mentioned SSL
You just dropped some random page off the net which in part of functionality used is equivalent to solution provided.
And you do not use any directives from mod_proxy_html and mod_xml2enc, so with SSL optimal solution would be SSLProxyEngine.
0
 
LVL 23

Author Comment

by:Michael74
ID: 40515591
@gheist

My original post did not list https but my second stated
Note: I need to use SSL and I do have a wildcard domain cert  *.myco.com and the associated key

Your solution provided no detail and no explanations which was specifically requested in the original post. I came to my answer after hours of reading many different sources and trying different configs, which still did not result in my getting a good understanding of the subject but did result in a working solution.
0
 
LVL 23

Author Closing Comment

by:Michael74
ID: 40519478
I ended up finding the solution myself
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
change time in cron 4 78
Do you know any Office editor web for IIS or Apache web server)??? 10 95
Apache error.log 19 43
How can i point a subdomain to directory? 5 20
Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question