5.0 KiB
Reverse Proxy
Freitag, 16. Juni 2017
09:39
Beispiele und Ideen :
Apache :
You'll have to create two virtual hosts for apache one for each subdomain, acting as a reverse proxy to the specified ip.
something along the lines of
NameVirtualHost *:80
<VirtualHost *:80>
ServerName sub1.example.com
ErrorLog "var/log/sub1_error_log"
CustomLog "var/log/sub1_access_log" common
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.10.10.10/
ProxyPassReverse / http://10.10.10.10/
</VirtualHost>
<VirtualHost *:80>
ServerName sub2.example.com
ErrorLog "var/log/sub2_error_log"
CustomLog "var/log/sub2_access_log" common
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.20.20.20/
ProxyPassReverse / http://10.20.20.20/
</VirtualHost>
Apache reverse proxy :
https://www.leaseweb.com/labs/2014/12/tutorial-apache-2-4-transparent-reverse-proxy/
Here's what I ended up doing.
In IPTables, added
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.22.33:3128
to send all HTTP requests to the squid server.
On the squid, invoked the transparent proxy
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
httpd_accel_single_host off
Which works great. I plan on forcing our DSL & dialup customers to use the firewall as their gateway, pushing the transparent proxy on them without using browser mods.
Sharepoint over Apache Reverse Proxy :
Suche : sharepoint über apache
https://thesharepointfarm.com/2014/06/sharepoint-apache-mod_proxy/
Und
Und
http://turbogears.org/1.0/docs/Install/RedirectHttpsRequests.html
Und
http://www.schakko.de/2009/10/05/sharepoint-mit-apache-als-reverse-proxy-veroffentlichen/
Und
http://www.apachetutor.org/admin/reverseproxies
Und
Bei Login Problemen https://serverfault.com/questions/581272/apache-reverse-proxy-for-sharepoint-remembers-credentials
Und
http://itgration.blogspot.de/2016/12/apache-reverse-proxy-to-sharepoint-2013.html
Und
Http und Https rewriting http://vault.openmonkey.com/articles/2007/08/12/integrating-an-apache-reverse-proxy-and-sharepoint
Und
Für jeden Host einen EIntrag
<VirtualHost *:443>
ServerAdmin email@domain1.com
ServerName www.domain1.com
CustomLog logs/ssl_www.domain1.com-combined_log combined
SSLEngine on
SSLCertificateKeyFile conf/ssl.key/www.domain1.com.key
SSLCertificateFile conf/ssl.crt/www.domain1.com.crt
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLProxyCheckPeerName off
ProxyRequests off
ProxyPreserveHost on
ProxyPass / https://10.10.10.10:443/
ProxyPassReverse / https://10.10.10.10:443/
</VirtualHost>
Aus <https://serverfault.com/questions/891518/apache-sni-hosting-and-reverse-proxy>
Congratulations! You have successfully enabled https://remote.ralfkoop.de,
https://portal.ralfkoop.de, and https://oos.ralfkoop.de
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=remote.ralfkoop.de
https://www.ssllabs.com/ssltest/analyze.html?d=portal.ralfkoop.de
https://www.ssllabs.com/ssltest/analyze.html?d=oos.ralfkoop.de
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/remote.ralfkoop.de/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/remote.ralfkoop.de/privkey.pem
Your cert will expire on 2019-09-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le