Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't get Apache2 to ProxyPass to remote Apache2 servers on a VPN

Status
Not open for further replies.

NewtownGuy

Technical User
Jul 27, 2007
146
US
I'm running Apache2 on Ubuntu 8.04. This machine is accessible from the Internet and also hosts an OpenVPN server. I need users on the Internet to be able to access Apache2 servers that are running behind my firewall and are only accessible via my VPN.

I'm having trouble setting up proxying on the publicly accessible Apache2 server. I can't get Apache2 to redirect URL's on its publicly viewable web pages to Apache2 servers that are on my VPN. I don't want to require users to have OpenVPN to access my servers that are on my VPN.

I've symbolically linked proxy.load and proxy.conf in /etc/apache2/mods-available to /etc/apache2/mods-enabled.

I've made the following /etc/apache2/httpd.conf:

................

ProxyRequests off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass IP address:port>/myname_proxy/ ProxyPassReverse IP address:port>/myname_proxy/
...............

I have the following URL in my web page:

IP address:port>/myname_proxy/index.html

I restarted Apache2. It started OK.

I get this error when I click the link:

.............

NOT FOUND

The requested URL /myname_proxy/index.html was not found on this server.

............

The subject file IS present on the distant server that is only accessible from the VPN. I can access that distant server OK using SSH from the publicly available Apache2 / OpenVPN server.

Please help. Thank you.

-- NewtownGuy
 
My initial reaction to what you describe is that OpenVPN and connecting to internal servers seems to be problematic and so does Apache's reverse proxy. Except for your last part about being able to see the file is present when you SSH into the server. Consequently, assuming you haven't already, I would first recommend verifying that the server is serving up the page when accessed via localhost at that server and from another host on your LAN. In other words, confirm that the problem is definitely related to either the VPN and / or the reverse proxy. However, I think if this were the problem, you wouldn't get a 404 error, assuming it is coming from the remote host. Therefore, check the Apache access logs to see if there were any sort of attempt to access this resource from the VPN server. You should also be able to test the connection with a telnet to port 80 and / or Lynx as a text browser.

If you determine that it is a reverse proxy issue, I would consider using IPtables to perform NAT and IP masquerading and in consideration of your security concerns, band it to only the source and destination IP addresses, as well as the ports if you so desire.

If you still have trouble, the next thing I would look into is using Squid proxy instead of Apache's reverse proxy. I make this suggestion because a few days ago there was a thread on LinuxQuestions.org where someone was banging their head trying to get Apache's reverse proxy to work and someone suggested Squid instead and they then got that working in a few hours.
 
To: Noway2

Thank you for your suggestion. I have figured out how to solve the problem using apache2's proxy. The apache2 documentation is poor. It does not tell you all the things you must do to setup a proxy. And, there's a difference in the way the files are divided, and the various parts are located, in various implementations, for which I have not found a description.

Here's what I had to do to solve the problem for Ubuntu 8:

1) make a symbolic link from /etc/apache2/mods-enabled/ to /etc/apache2/mods-available/ for all proxy files (there are three)

2) make a ProxyPass and ProxyPassReverse in /etc/apache2/httpd.conf of the form:

ProxyPass /proxyname/ address:port>/

Notice all of the /'s.

Restart apache2.

Rewrite my web page to use /proxyname/ in any URL wherever I want the link to run on the server given by <ip address:port>.

-- NewtownGuy
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top