Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: tolistim on July 06, 2018, 10:19:11 PM
-
Hi Folks,
Rather that open my SME server up to a new Web Team, we would like to create an internal server (running Apache on CentOS 7) and then redirect an iBay to that internal server. For example:
http://support.foo.com is resolved as belonging to our SME server's iBay, but the actual requests are made to and handled by an internal server at 192.168.1.55.
Does anyone have a HOWTO on configuring the support iBay entry to talk to the internal server instead?
-
What you want is to proxy pass.
And there is a wiki page for all the possibilities on SME https://wiki.contribs.org/SME_Server:Documentation:ProxyPass
-
What you want is to proxy pass.
And there is a wiki page for all the possibilities on SME https://wiki.contribs.org/SME_Server:Documentation:ProxyPass (https://wiki.contribs.org/SME_Server:Documentation:ProxyPass)
Thanks for that pointer, Jean-Philippe, it's not knowing what to search for that got in my way :).
-
After reading through that, I'm curious about how that would be applied to handle the top level site instead of a sub-page.
For example, I have foo.org registered and I have an iBay set for support.foo.org. How would I set up the db entries so that anyone coming to support.foo.com gets forwarded to the internal system?
-
In simple terms, cheat.
There are other threads on this in the forums. I answered one only recently.
Basically create a new domain called
support.foo.org
Point to ibay
Remove uneccesary hosts
Do your proxy thing.
-
In simple terms, cheat.
There are other threads on this in the forums. I answered one only recently.
Basically create a new domain called
support.foo.org
Point to ibay
Remove uneccesary hosts
Do your proxy thing.
I'd actually tried just that last night and I end up with "You don't have permission to access / on this server"And now, when I go to the server-manager and click iBays, I get a bad table:
EDIT - I don't know why the image isn't showing. Here's the link:
http://images.tolisgroup.com/KoozaliiBay-1.png
My changes after creating the iBay was to copy the basic accounts settings in that wiki page. Here's what the db shows for support:
# db accounts show support
support=ProxyPass
Description=ProxyToInternalServer
HTTP=on
HTTPS=on
Target=http://10.0.0.3
The commands that I performed were:
[root@mail ~]# db accounts set support ProxyPass
[root@mail ~]# db accounts setprop support Target http://10 (http://10).0.0.3
[root@mail ~]# db accounts setprop support Description ProxyToInternalServer
[root@mail ~]# db accounts setprop support HTTP on
[root@mail ~]# db accounts setprop support HTTPS on
[root@mail ~]# expand-template /etc/httpd/conf/httpd.conf
[root@mail ~]# sv t httpd-e-smith
What should I be looking into at this point?
-
I think you are getting confused with the plethora of options on that page and I'm not sure how many are relevant to v9.
You really need to be able to read and check httpd.conf and template files for this.
I can't do anything tonight but I'll make a few notes tomorrow on how I do it with rocketchat.
Also look at
https://wiki.contribs.org/Webapps-common
-
OK, ultimately the file that dictates what goes where is:
/etc/httpd/conf/httpd.conf
The templates that generate that are in
/etc/e-smith/templates/etc/httpd/conf/httpd.conf
If you are going to mess with ANYTHING in there, copy the fragments to the templates-custom directory and play from there.
I had a quick a look through the templates for Proxy stuff (I am no guru on this) These seem to be the two relevant fragments and show the keys that can be set.
/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35ProxyPass
/etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts/ProxyPassContent
Check the httpd.conf file for the proxy lines. Are they there ? Are they what you expect to see? Are there any errors in the logs when you expand the file?
For rocketchat I create a separate virtual host with its own templates and domain. It's a bit of a cheat but means you can point directly to say foobar.domain.com instead of domain.com/foobar
Here's the dummy domain:
chat.mydomain.com=domain
Content=Primary
Description=Chat Server
Nameservers=localhost
ProxyPassTarget=http://127.0.0.1:3000/
TemplatePath=ProxyPassVirtualRocketchat
letsencryptSSLcert=enabled
I then have a directory called
/etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualRocketchat
In there I have a set of templates to generate the config for httpd.conf - you can use some of the existing templates to help you here.
Note the Proxypass target can be anywhere. Just so happens here it points to a docker instance on the same host.
Hope that helps.
-
I think you are getting confused with the plethora of options on that page and I'm not sure how many are relevant to v9.
You really need to be able to read and check httpd.conf and template files for this.
I can't do anything tonight but I'll make a few notes tomorrow on how I do it with rocketchat.
Also look at
https://wiki.contribs.org/Webapps-common (https://wiki.contribs.org/Webapps-common)
I was just following what was in that linked page.
I'll dig into the other stuff this morning, thanks.
-
Yeah there are a lot of methods :-)
From what i saw in the templates, your settings 'should' work.
Check if there are any errors on template expansion in /var/log/messages and httpd/error_log and then take a look at what ends up in httpd.conf.
You can paste it here if you can find it.
-
Hi tolistim,
If you need only http://support.foo.com and not also https://support.foo.com
At the registrar of foo.com, make sure you add a CNAME support pointing to @.
On main server:
db domains set support.foo.com domain
db domains setprop support.foo.com Nameservers internet
db domains setprop support.foo.com ProxyPassTarget http://192.168.1.55/
db domains setprop support.foo.com TemplatePath ProxyPassVirtualHosts
signal-event domain-create support.foo.com
# mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
# cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/25SSLDirectives \
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
Add the lines between ##### to /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/25SSLDirectives
#####
if ( $port eq "80" && $virtualHost eq "support.foo.com")
{
$OUT .= " \n";
$OUT .= " # For redirection to support.foo.com.\n";
$OUT .= " Redirect / http://support.foo.com/\n";
}
#####
{
return " # skipping SSL directives\n" unless $port eq "443";
return "" unless $modSSL{'status'} eq 'enabled';
$OUT = <<SSL_END;
# SSL Directives
SSLEngine on
SSL_END
}
Expand template and restart httpd-e-smith
# expand-template /etc/httpd/conf/httpd.conf
# /etc/rc.d/init.d/httpd-e-smith restart
Hoping it will help,
Michel-André