Reverse Proxy Server 2: Deployment
|
Reverse Proxy Server: Introduction | Basics | mod proxy html | mod proxy html 2 | SVN 1 | SVN 2 | SVN 3 | SVN 4 | Wiki | Deployment | IIS back-end server
|
|
| Uniform Server 5.0-Nano Reverse Proxy. |
Deployment
If you have been following this tutorial your development PC will contain a front-end proxy server and two back-end servers Subversion (SVN) and MediaWiki.
I assume you have fired-up all servers and can brows both back-end servers via the proxy.
This page looks at relocating each back-end server to PC's connected to an Intranet and putting the proxy server online.
Overview
The Intranet in reality is a home wireless network each PC has been configured to use fixed IP addresses.
The following table shows all servers we have created along with their final IP destinations.
| SERVER | PC IP ADDRESS | FUNCTION |
|---|---|---|
| server_a | 192.168.1.6 | Proxy server |
| server_b | Original test server not used | |
| server_c | 192.168.1.7 | Subversion server |
| server_d | 192.168.1.5 | MediaWiki server |
Note 1: Subversion server is using port 83 hence complete IP address is 192.168.1.7:83
Note 2: MediaWiki server is using port 84 hence complete IP address is 192.168.1.5:84
Back-end Servers
Currently the back-end servers are locked down to localhost (127.0.0.1) access.
Before moving the back-end servers we need to allow the front-end server access.
All that is required is a single line added to each server’s .htaccess file
- Edit file C:\server_c\UniServer\www\.htaccess
- Edit file C:\server_d\UniServer\www\.htaccess
- Add line Allow from 192.168.1.6 located as shown below:
Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from 192.168.1.6
Replace IP addess 192.168.1.6 with the one corresponding to your proxy server.
Note: To find IP address on the PC running the proxy open a command prompt and type ipconfig /all .
Test
Move the back-end servers to their new location
- Start the two back-end servers
- From the proxy PC type http://192.168.1.5:84/wiki/ - confirm Wiki is accessible
- From the proxy PC type http://192.168.1.7:83/svn/ - confirm subversion is accessible
Note: Replace the above IP addesses and port numbers that match your configuration.
Configure Proxy Server
With the back-end servers up and running configuring the proxy server requires substituting each localhost with corresponding back-end IP address as shown below:
Edit file 1: C:\server_a\UniServer\usr\local\apache2\conf\httpd.conf
Include conf/proxy_html.conf
NameVirtualHost *
<VirtualHost *>
ServerName localhost:80
DocumentRoot C:/server_a/UniServer/www
ProxyRequests off
<Proxy *>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
ProxyPass /info/ http://localhost:82/
ProxyHTMLURLMap http://localhost:82 /info
<Location /info/>
ProxyPassReverse http://localhost:82/
#SetOutputFilter proxy-html
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLURLMap / /info/
ProxyHTMLURLMap /info /info
</Location>
ProxyPass /svn/ http://192.168.1.7:83/svn/
<Location /svn/ >
ProxyPassReverse /svn/
<LimitExcept GET PROPFIND OPTIONS REPORT>
Order deny,allow
Deny from all
</LimitExcept>
</Location>
ProxyPass /wiki/ http://192.168.1.5:84/wiki/
ProxyHTMLURLMap http://192.168.1.5:84/wiki /wiki
<Location /wiki/>
ProxyPassReverse http://192.168.1.5:84/wiki/
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLURLMap / /wiki/
ProxyHTMLURLMap /wiki /wiki
</Location>
</VirtualHost>
Edit file 2: C:\server_a\UniServer\usr\local\apache2\conf\ssl.conf
RequestHeader edit Destination ^https://(.*)$ http://$1
ProxyPass /svn/ http://192.168.1.7:83/svn/
<Location /svn/ >
ProxyPassReverse /svn/
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
Order Deny,Allow
Allow from all
Satisfy Any
</Limit>
</Location>
Test Configuration
To check the configuration:
- Re-Start server_a
- Type http://localhost/wiki/ -- Wiki main page displayed.
- Type http://localhost/svn/ -- Subversion repositories displayed.
- Use SVN Client -- Brows repository and perform a check-out of working copy.
- Type https://localhost/svn/ -- Subversion repositories displayed.
Note: Point your SVN client to https://localhost/svn/ - Temporary accept server certificate
- Use SVN Client -- Perform a check-out of working copy and try a commit.
- Use SVN Client -- Perform either copy or move a file within the repository.
Note: Any repository change will require a name and password (challenged only once per session)
Put Proxy Server Online
Edit file C:\server_a\UniServer\www\.htaccess comment out the lines as shown;
#Order Deny,Allow #Deny from all #Allow from 127.0.0.1
Finally edit file C:\server_a\UniServer\usr\local\apache2\conf\httpd.conf
Remove this section:
<Proxy *> Order deny,allow Deny from all Allow from 127.0.0.1 </Proxy>
Important, must keep this line ProxyRequests off
Final Vhost section
Final Vhost section looks like:
Include conf/proxy_html.conf
NameVirtualHost *
<VirtualHost *>
ServerName localhost:80
DocumentRoot C:/server_a/UniServer/www
ProxyRequests off
ProxyPass /info/ http://localhost:82/
ProxyHTMLURLMap http://localhost:82 /info
<Location /info/>
ProxyPassReverse http://localhost:82/
#SetOutputFilter proxy-html
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLURLMap / /info/
ProxyHTMLURLMap /info /info
</Location>
ProxyPass /svn/ http://192.168.1.7:83/svn/
<Location /svn/ >
ProxyPassReverse /svn/
<LimitExcept GET PROPFIND OPTIONS REPORT>
Order deny,allow
Deny from all
</LimitExcept>
</Location>
ProxyPass /wiki/ http://192.168.1.5:84/wiki/
ProxyHTMLURLMap http://192.168.1.5:84/wiki /wiki
<Location /wiki/>
ProxyPassReverse http://192.168.1.5:84/wiki/
SetOutputFilter INFLATE;proxy-html;DEFLATE
ProxyHTMLURLMap / /wiki/
ProxyHTMLURLMap /wiki /wiki
</Location>
</VirtualHost>
Summary
That completes this tutorial series.
Note: All example code is intended to provide a starting point only.
One final point what do you do with that redundant IIS server? Well believe it or not it has its uses see next page.
 |
Ric |