-
Notifications
You must be signed in to change notification settings - Fork 130
ReverseProxy
Reverse proxy allows you to access your mh web pages from an external site without having to expose your mh machine directly to the internet.
In the following diagram, the different components can be on the same machine.
``EXTERNAL USER ====> FIREWALL ====> APACHE ====> MH``
Let's assume that MH is located at 10.0.0.1:8080 and that the firewall is configured to forward requests for port 80 to the apache server.
Once we are done, mh will be accessable to all users at ``http://external.ip.address/mh/``. It is highly recommended to add some password protection to this access. See the standard Apache documentation for instructions on how to restrict access to the directive.
To get this to work, you need to get mod_proxy_html from http://apache.webthing.com/mod_proxy_html/. There is a good general tutorial at http://www.apacheweek.com/features/reverseproxies.
Here is the apache config file snippet:
code format="apache" LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule headers_module modules/mod_headers.so LoadFile /usr/lib/libxml2.so LoadModule proxy_html_module modules/mod_proxy_html.so
ProxyRequests off ProxyPass /mh/ http://10.0.0.1:8080/ ProxyHTMLURLMap http://10.0.0.1:8080 /mh
ProxyPassReverse / SetOutputFilter proxy-html ProxyHTMLURLMap / /mh/ ProxyHTMLURLMap /mh /mh RequestHeader unset Accept-Encoding
Instead of installing mod_proxy_html, it's possible to use Apache2::ModProxyPerlHtml under mod_perl. I'm running Apache 2.2 under Centos 5.7 and I found that this is available through the package manager as perl-Apache2-ModProxyPerlHtml.noarch. Installing this with Yum also set up mod_perl in Apache, so installation was a breeze. The author of ModProxyPerlHtml claims that:
//Apache2::ModProxyPerlHtml is very simple and has far better parsing/replacement of URL than the original C code. It also support meta tag, CSS, and javascript URL rewriting and can be use with compressed HTTP. You can now replace any code by other, like changing images name or anything else.//
Installing through yum enabled all the necessary modules. Here is a copy of the config I used to proxy misterhouse through Apache.
code format="apache" RewriteEngine On
- Add ending '/' if not provided
PerlInputFilterHandler Apache2::ModProxyPerlHtml
PerlOutputFilterHandler Apache2::ModProxyPerlHtml
SetHandler perl-script
PerlSetVar ProxyHTMLVerbose "On"
ProxyPassReverse /
PerlAddVar ProxyHTMLURLMap "/ /misterhouse/"
PerlAddVar ProxyHTMLURLMap "http://localhost:8080 /misterhouse"
As jerod discovered, there are some changes with Apache 2.4 that need to be made for the reverse proxy to work.
The reason why the ProxyHTMLURLMap directive doesn't work in 2.4 is because when /mod_proxy_html/ was incorporated into Apache 2.4, the default settings were changed and the documentation doesn't make this very clear. You now have to manually specify every HTML tag that you want ProxyHTMLURLMap to act on. Therefore, add the following config:
ProxyHTMLLinks a href
ProxyHTMLLinks area href
ProxyHTMLLinks link href
ProxyHTMLLinks img src longdesc usemap
ProxyHTMLLinks object classid codebase data usemap
ProxyHTMLLinks q cite
ProxyHTMLLinks blockquote cite
ProxyHTMLLinks ins cite
ProxyHTMLLinks del cite
ProxyHTMLLinks form action
ProxyHTMLLinks input src usemap
ProxyHTMLLinks head profile
ProxyHTMLLinks base href
ProxyHTMLLinks script src for
ProxyHTMLLinks iframe src
ProxyHTMLLinks frame src
ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
onmouseover onmousemove onmouseout onkeypress \
onkeydown onkeyup onfocus onblur onload \
onunload onsubmit onreset onselect onchange
While you can do this in your /sitename.conf/ file along with the rest of your site's config., I think a cleaner solution would be to make a new file at /etc/apache2/conf-available/proxy-html.conf and then activate it with
$sudo ln -s /etc/apache2/conf-available/proxy-html.conf /etc/apache2/conf-enabled/proxy-html.conf*
Now that that is done, use the following config. in your enabled site file:
ProxyRequests off
ProxyHTMLEnable On
ProxyPass /mh/ http://ip:port/
ProxyPassReverse /mh/ http://ip:port/
ProxyHTMLURLMap / /mh/
Make sure that you have proxy_http.load, proxy_html.load, and xml2enc.load all symbolically linked in your /etc/apache2/mods-enabled directory from the mods-available directory.