Koozali.org: home of the SME Server

Reverse proxy

Offline Mike

  • *
  • 15
  • +0/-0
Re: Reverse proxy
« Reply #15 on: August 09, 2011, 11:05:33 PM »
Hmm, that's something I didn't think about....
I'll check this with my provider first.

Extra IP-addresses are only available for (expensive) business accounts. That's, in my case, not affordable. It's just hobby.
It would also be to easy by the way  ;)

Yes, I know axactly what you mean but....
If you have XS4ALL you can already run IPv4 and IPv6 so you will have the ability to run dualstack.
With IPv6 you will have a range of IP adresses and in a couple of years everyone will probably be able to talk IPv6.
Than your problems are solved....

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #16 on: August 10, 2011, 07:56:50 AM »
Mike, the question was answered by the abuse helpdesk of XS4ALL (ISP).
Maybe we could use the Proxmox Mail Gateway for this?
...

Offline Mike

  • *
  • 15
  • +0/-0
Re: Reverse proxy
« Reply #17 on: August 10, 2011, 01:10:03 PM »
Mike, the question was answered by the abuse helpdesk of XS4ALL (ISP).
Maybe we could use the Proxmox Mail Gateway for this?

Aaah, XS4ALL is the best Dutch provider and they know what they are talking about.
It's also my ISP!
Looked at the proxmox mail gateway but if I have multiple sme VM's each with their own domain than you cannot use the free version.
Also I am not sure if the proxmox mailgateway can do what we want it to because in the fifth screenshot you can see that they use internet IP ranges for their mailservers and I'm just a home user too so it is too expensive for me.
« Last Edit: August 10, 2011, 01:11:40 PM by Mike »

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
Re: Reverse proxy
« Reply #18 on: August 10, 2011, 07:52:34 PM »
Kijk nou eens, die Nederlanders kom je ook overal tegen...
Yes, even on you holiday in the jungle... bleeh.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #19 on: August 11, 2011, 11:31:59 AM »
Maybe Mailcleaner can be of use to us: http://www.mailcleaner.org/
I'll try it in a VM this weekend
...

Offline Mike

  • *
  • 15
  • +0/-0
Re: Reverse proxy
« Reply #20 on: August 11, 2011, 09:06:33 PM »
Maybe Mailcleaner can be of use to us: http://www.mailcleaner.org/
I'll try it in a VM this weekend

Mailcleaner indeed looks interesting.
I did some checking up and found this link quickly:
http://forum.mailcleaner.org/viewtopic.php?f=12&t=812
Like I said, it looks interesting and I will be waiting to hear about your report of your test this weekend.
« Last Edit: August 11, 2011, 09:08:04 PM by Mike »

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #21 on: October 07, 2011, 02:49:50 PM »
That wasn't it. Mailcleaner I mean.
Trying ProxyPass now
« Last Edit: October 07, 2011, 06:49:20 PM by EdelingF »
...

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #22 on: October 07, 2011, 06:48:27 PM »
Mmm, have made a ProxyPass entry and it appears to work inside my network.
Code: [Select]
[root@server ~]# db domains show mydomain.eu.org                         
mydomain.eu.org=domain
    Nameservers=internet
    ProxyPassTarget=http://66.220.149.11/
    TemplatePath=ProxyPassVirtualHosts

But it ends up like this in my browser:
Code: [Select]
https://66.220.149.11/egroupware/login.phpinstead of
Code: [Select]
https://mydomain.eu.org/egroupware/login.php
Am I missing something?
...

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Reverse proxy
« Reply #23 on: October 08, 2011, 01:19:37 AM »
EdelingF

Is the server at http://66.220.149.11/ configured to resolve the domain name
https://mydomain.eu.org/ ?
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #24 on: October 08, 2011, 01:23:57 PM »
Yes, it is. It is the primary domain on a brand new SME8b6.
The domain was first on my old SME7.5 server, which is now used as a proxy.
I tried DNS locally and internet, but the outcome is the same.

I was wondering, I now used the ProxyPass-method explained in http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass, but isn't it easier to use the server-manager to forward the domain to a local IP-address?
In hostnames and addresses I can forward a domain to a local IP-address. I can even decide to keep the mailserver on the proxy-server (which will probably give me problems in egroupware, I think).
I never looked at that anymore since I always build my servers the same way.
...

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #25 on: October 11, 2011, 11:05:11 AM »
Also tried to use the hostnames and addresses in Server-manager to forward to my new server, but that doesn't seem to work at all.
So I removed the prox-rules and entered them again. If I only enter the domainname in a browser I end up on the page which says "This web site is under construction". If I add egroupware (installed under /opt) to the URL it still forwards to the internat IP-address, so outside my network I get an error.
...

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #26 on: October 11, 2011, 09:26:01 PM »
Just found an old HowTo on Schirrm's website: SME : Using Apache Server as a reverse HTTP proxy (http://www.schirrms.net/sme/SMEApacheReverseProxy.php).

It should be something  like this :
Code: [Select]
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
vi 99reverseproxysite

And then in my case I think it should be:
Code: [Select]
<VirtualHost 0.0.0.0:80>
    ServerName mydomain.eu.org
    ServerAlias mydomain

    ProxyPass / http://66.220.149.11/
    ProxyPassReverse / http://66.220.149.11/

</VirtualHost>

<VirtualHost 0.0.0.0:443>
    ServerName mydomain.eu.org
    ServerAlias mydomain

    ProxyPass / http://66.220.149.11/
    ProxyPassReverse / http://66.220.149.11/

</VirtualHost>

(the IP-adres is of course not my IP-adres, otherwise my name would be Mark Zuckerberg)


This code has been written for SME6, but maybe someone can tell me if I can still use it for SME8?

Thinking ahead,  I think I also have to do this email, FTP, etc?

...

Offline Buckwheat

  • 16
  • +0/-0
Re: Reverse proxy
« Reply #27 on: October 12, 2011, 04:04:07 AM »
Works on 6 it will work on 7 & 8

Offline Buckwheat

  • 16
  • +0/-0
Re: Reverse proxy
« Reply #28 on: October 12, 2011, 04:54:28 AM »
You can copy & paste this script to make the changes.
Option to uninstall is included.

Save script as reverseproxysite.sh

Code: [Select]
#!/bin/bash

# Modify/Change IP addresses below & set perms to 744 and run script

host_ip="0.0.0.1"
proxy_ip="0.0.0.1"


app_name=reverseproxysite
template_num=99
template_path=etc/e-smith/templates/etc/httpd/conf/httpd.conf

#=======================================================
intro_install ()
#=======================================================
{
cat << EOF
=============== Install Information ===================
 This scripted created by buckwheat.
  reverseproxysite.sh ver 1.00.1 -- 10/11/2011
 
  To uninstall rerun script with...
 
  reverseproxysite.sh uninstall
 
=============== Installation Started ==================
 
EOF
}

#=======================================================
create_httpd_conf ()
#=======================================================
{
if [ ! -f /$template_path/$template_num$app_name ]; then

cat > /$template_path/$template_num$app_name << EOF

#------------------------------------------------------------
#   $template_num$app_name
#------------------------------------------------------------

<VirtualHost $host_ip:80>
    ServerName mydomain.eu.org
    ServerAlias mydomain

    ProxyPass / http://$proxy_ip/
    ProxyPassReverse / http://$proxy_ip/

</VirtualHost>

<VirtualHost $host_ip:443>
    ServerName mydomain.eu.org
    ServerAlias mydomain

    ProxyPass / http://$proxy_ip/
    ProxyPassReverse / http://$proxy_ip/

</VirtualHost>

EOF

echo -e "\n ====== $template_num$app_name template created"
else
echo -e "\n ====== $template_num$app_name found...skipping"
fi
}

#------------------------------------------------------------
expand_template_httpd.conf()
#------------------------------------------------------------
{
expand-template /etc/httpd/conf/httpd.conf
echo -e "\n ====== Expanding Templates complete"
}

#------------------------------------------------------------
httpd_service_restart()
#------------------------------------------------------------
{
sv h /service/httpd-e-smith
echo -e "\n ====== Restarting the httpd service done"
}

#------------------------------------------------------------
uninstall ()
#------------------------------------------------------------
{
cat << EOF
================== Uninstall Started ====================

EOF

rm -rf /$template_path/$template_num$app_name

expand_template_httpd.conf
httpd_service_restart

cat << EOF

=============== Uninstall Complete ======================
EOF
}

#------------------------------------------------------------
end ()
#------------------------------------------------------------
{
cat << EOF

=============== Install Complete ======================

EOF
exit 0
}

#################################
# Main Program #
#################################

clear

intro_install

if [[ ${1} == "uninstall" ]]; then
echo -e "\n ****** WARNING >> You are about to Uninstall $app_name!!!\n "
read -p " Are you sure you want to continue?(y|Y): "

if  [[ ${REPLY} == "Y" || ${REPLY} == "y" ]] ; then
uninstall
fi
exit 0
fi

create_httpd_conf
expand_template_httpd.conf
httpd_service_restart
end

exit 0

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #29 on: October 12, 2011, 07:50:21 AM »
Buckwheat, thanks. It's beginning to get clearer for me now, but I still have a few questions looking at the code.
If I 'read' it correctly, the code says: "If you call on mydomain.eu.org at the main server (host_ip?) at port 80, then proxy to new/virtual server (proxy_IP?)"?
If correct, I assume I should do something like this for other ports like for instance port 21, 25 and 110?
Which files/maps should the perms be set to 744?
« Last Edit: October 12, 2011, 08:02:57 AM by EdelingF »
...