Reverse Proxy Server 2: Deployment

From The Uniform Server Wiki
Jump to navigation Jump to search

 

Uniform Server 5.0-Nano
Reverse Proxy.

Deployment

If you have been following this tutorial your development PC will contain a front-end proxy server and two back-end servers Subversion (SVN) and MediaWiki.

I assume you have fired-up all servers and can brows both back-end servers via the proxy.

This page looks at relocating each back-end server to PC's connected to an Intranet and putting the proxy server online.

Overview

The Intranet in reality is a home wireless network each PC has been configured to use fixed IP addresses.

The following table shows all servers we have created along with their final IP destinations.

SERVER PC IP ADDRESS FUNCTION
server_a 192.168.1.6 Proxy server
server_b   Original test server not used
server_c 192.168.1.7 Subversion server
server_d 192.168.1.5 MediaWiki server

Note 1: Subversion server is using port 83 hence complete IP address is 192.168.1.7:83

Note 2: MediaWiki server is using port 84 hence complete IP address is 192.168.1.5:84

Top

Back-end Servers

Currently the back-end servers are locked down to localhost (127.0.0.1) access.

Before moving the back-end servers we need to allow the front-end server access.

All that is required is a single line added to each server’s .htaccess file

  • Edit file C:\server_c\UniServer\www\.htaccess
  • Edit file C:\server_d\UniServer\www\.htaccess
  • Add line Allow from 192.168.1.6 located as shown below:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.1.6

Replace IP addess 192.168.1.6 with the one corresponding to your proxy server.

Note: To find IP address on the PC running the proxy open a command prompt and type ipconfig /all .

Top

Test

Move the back-end servers to their new location

  • Start the two back-end servers
  • From the proxy PC type http://192.168.1.5:84/wiki/ - confirm Wiki is accessible
  • From the proxy PC type http://192.168.1.7:83/svn/ - confirm subversion is accessible

Note: Replace the above IP addesses and port numbers that match your configuration.

Top

Configure Proxy Server

With the back-end servers up and running configuring the proxy server requires substituting each localhost with corresponding back-end IP address as shown below:

Edit file 1: C:\server_a\UniServer\usr\local\apache2\conf\httpd.conf

Include conf/proxy_html.conf
NameVirtualHost *
<VirtualHost *>
  ServerName localhost:80
  DocumentRoot C:/server_a/UniServer/www

ProxyRequests off
<Proxy *>
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
</Proxy>

ProxyPass /info/ http://localhost:82/
ProxyHTMLURLMap http://localhost:82 /info
<Location /info/>
  ProxyPassReverse  http://localhost:82/
  #SetOutputFilter proxy-html
  SetOutputFilter INFLATE;proxy-html;DEFLATE
  ProxyHTMLURLMap /          /info/
  ProxyHTMLURLMap /info      /info
</Location>

ProxyPass /svn/ http://192.168.1.7:83/svn/
<Location /svn/ >
  ProxyPassReverse /svn/
   <LimitExcept GET PROPFIND OPTIONS REPORT>
     Order deny,allow
     Deny from all
   </LimitExcept>
</Location>

ProxyPass         /wiki/  http://192.168.1.5:84/wiki/
ProxyHTMLURLMap http://192.168.1.5:84/wiki /wiki
<Location /wiki/>
 ProxyPassReverse http://192.168.1.5:84/wiki/
 SetOutputFilter INFLATE;proxy-html;DEFLATE
 ProxyHTMLURLMap /           /wiki/
 ProxyHTMLURLMap /wiki       /wiki
</Location>

</VirtualHost>

Edit file 2: C:\server_a\UniServer\usr\local\apache2\conf\ssl.conf

RequestHeader edit Destination ^https://(.*)$ http://$1
ProxyPass /svn/ http://192.168.1.7:83/svn/
<Location /svn/ >
  ProxyPassReverse /svn/
   <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
     Order Deny,Allow
     Allow from all
     Satisfy Any
   </Limit>
</Location>

Top

Test Configuration

To check the configuration:

  • Re-Start server_a
  • Type http://localhost/wiki/ -- Wiki main page displayed.
  • Type http://localhost/svn/ -- Subversion repositories displayed.
  • Use SVN Client -- Brows repository and perform a check-out of working copy.
  • Type https://localhost/svn/ -- Subversion repositories displayed.

Note: Point your SVN client to https://localhost/svn/ - Temporary accept server certificate

  • Use SVN Client -- Perform a check-out of working copy and try a commit.
  • Use SVN Client -- Perform either copy or move a file within the repository.

Note: Any repository change will require a name and password (challenged only once per session)

Top

Put Proxy Server Online

Edit file C:\server_a\UniServer\www\.htaccess comment out the lines as shown;

#Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1

Finally edit file C:\server_a\UniServer\usr\local\apache2\conf\httpd.conf

Remove this section:

<Proxy *>
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
</Proxy>

Important, must keep this line ProxyRequests off

Final Vhost section

Final Vhost section looks like:

Include conf/proxy_html.conf
NameVirtualHost *
<VirtualHost *>
  ServerName localhost:80
  DocumentRoot C:/server_a/UniServer/www

ProxyRequests off

ProxyPass /info/ http://localhost:82/
ProxyHTMLURLMap http://localhost:82 /info
<Location /info/>
  ProxyPassReverse  http://localhost:82/
  #SetOutputFilter proxy-html
  SetOutputFilter INFLATE;proxy-html;DEFLATE
  ProxyHTMLURLMap /          /info/
  ProxyHTMLURLMap /info      /info
</Location>

ProxyPass /svn/ http://192.168.1.7:83/svn/
<Location /svn/ >
  ProxyPassReverse /svn/
   <LimitExcept GET PROPFIND OPTIONS REPORT>
     Order deny,allow
     Deny from all
   </LimitExcept>
</Location>

ProxyPass         /wiki/  http://192.168.1.5:84/wiki/
ProxyHTMLURLMap http://192.168.1.5:84/wiki /wiki
<Location /wiki/>
 ProxyPassReverse http://192.168.1.5:84/wiki/
 SetOutputFilter INFLATE;proxy-html;DEFLATE
 ProxyHTMLURLMap /           /wiki/
 ProxyHTMLURLMap /wiki       /wiki
</Location>

</VirtualHost>

Top

Summary

That completes this tutorial series.

Note: All example code is intended to provide a starting point only.

One final point what do you do with that redundant IIS server? Well believe it or not it has its uses see next page.

Top


Ric