Sunday, 18 February 2007

The fourth idea -- Linux Reverse Proxy Apache --

What have you need ?

  • What Computer models ?
    • Intel 486 family SX, DX, DX2 .....
    • Intel Pentium family , MMX, II, III ....
    • Intel Celeron family
  • Hardware components:
    • Base : Hard Disk Drive, CPU, RAM, Video Card, Floppy Disk & CDRom
    • RJ45 Network Cards ,
  • Operating System:
    • Linux !!!!!!!!!!!

Example --->

We have a PC like this one :
Pentium MMX 133Mhz, 64 Mb Ram, HD 512Mb, A Network Card 10 Mbps, CDRom 12x, SVGA max 800x600, floppy disk, Monitor 14'', Keyboard and mouse.

Installation Ubuntu Operating System following the post link

"......A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. As with a standard proxy, a reverse proxy may serve to improve performance of the web by caching; this is a simple way to mirror a website. But the most common reason to run a reverse proxy is to enable controlled access from the Web at large to servers behind a firewall........." [referrer]


Installation Apache on Ubuntu

If your ubuntu system is connect to internet, follow these steps :
  • type the command # sudo apt-get install apache2 ;insert the root password to continue
  • insert the media Ubuntu cdrom
  • test your web server with a browser ;insert url http://192.168.66.156
The example scenario :





Configuring Apache Web Server
  • type these commands to enable proxy and rewrite modules:
  • # sudo a2enmod proxy ;insert the root password
  • # sudo a2enmod rewrite
  • # sudo a2enmod proxy_http

  • # sudo /etc/init.d/apache2 restart
  • create the file test.conf in directory /etc/apache2/conf.d
  • # sudo vi test.conf
  • insert in the file :

  • NameVirtualHost 192.168.66.156:80
    ''
    ServerName test.apache.local

    Order deny,allow
    Allow from all

    RewriteEngine on
    ProxyPass / http://www.cisco.com/
    ProxyPassReverse / http://www.cisco.com/*
    '
    '
  • test your reverse proxy with a browser ; insert the url http://test.apache.local/
Note: for this test insert in Operating System file hosts the directive:
[Ip Address ] test.apache.local
for windows "c:\[windir]\system32\drivers\etc" and for linux "/etc/hosts" .

Labels: , , , ,

5 Comments:

Anonymous Anonymous said...

hi
i had error when install follow your instruction: "Forbidden

You don't have permission to access / on this server.
Apache/2.2.3 (Ubuntu) Server at proxy.abc.vn Port 80"

Plz help thanks!

15 November 2007 at 02:53  
Blogger Gianni said...

Can you post your Apache configuration ?
thanks ........

20 November 2007 at 00:30  
Anonymous Anonymous said...

I get the same error - here is my apache conf:

I had to insert some # to get file to be included - i.e. it thought it was interpreting HTML
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log"
# with ServerRoot set to "" will be interpreted by the
# server as "//var/log/apache2/foo.log".
#

### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at # you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.

#
ServerRoot "/etc/apache2"

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
LockFile /var/lock/apache2/accept.lock

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /var/run/apache2.pid

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

##
## Server-Pool Size Regulation (MPM specific)
##

# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<#IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
<#/IfModule>

# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<#IfModule mpm_worker_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
<#/IfModule>

User www-data
Group www-data

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<#Files ~ "^\.ht">
Order allow,deny
Deny from all
<#/Files>

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain


#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <#VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <#VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/apache2/error.log

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf

# Include all the user configurations:
Include /etc/apache2/httpd.conf

# Include ports listing
Include /etc/apache2/ports.conf

#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On



#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<#error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<#error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.

# Alias /error/ "/usr/share/apache2/error/"
#
# <#Directory "/usr/share/apache2/error">
# AllowOverride None
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
# <#/Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var



# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
Include /etc/apache2/conf.d/

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

28 November 2007 at 12:32  
Blogger Gianni said...

i don't find the "ProxyPass" in your configuration ....

??????

29 November 2007 at 09:52  
Blogger Simon said...

Hi, I have the same difficulty as the two previous commenters.

"You don't have permission to access {uri} on this server."

The same configuration works on a server running Ubuntu Gutsy, but will not work on one running Ubuntu Hardy - I reckon the difference is probably that Hardy ships with php hardened with a Suhosin patch.

I've tried adding "suhosin.log.use-x-forwarded-for = On" in my php.ini configuration, but to no avail, and now I'm out of ideas. Having found precious little by googling, I figured I'd ask here if you know anything about this?

Any advice, suggestions, hints, encouragement etc. would be greatly appreciated!

Thanks!

29 May 2008 at 20:39  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home