Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th June 2008, 16:08
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default Apache forwarding with proxy and mx mail records

Hi, I'm totally confused!

I am trying to setup a domain server for which was working untill I changed some settings and now everythings messed and mixed up.

Specifics: I want to create a system where I can access my main server through my domain server on the internet as it's running a different mail setup and monitoring for my network.

Outline: Internet WAN -> server1 -> server2 (where server1 is domain server and server2 is main server)

I found this thread for the proxy: http://www.howtoforge.com/forums/showthread.php?t=3116

of which I adapted to this on server1:
Virtual host setup--
Code:
OptiplexGX270T:/etc/apache2/sites-available# cat 192.168.1.51
<VirtualHost  192.168.1.51>
ServerName gx110.optiplex-networks.com
ServerAlias *.gx110.*
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.1.51:80/
ProxyPassReverse / http://192.168.1.51:80/
</VirtualHost>
and modified proxy.conf to show:
Code:
OptiplexGX270T:/etc/apache2/mods-available# cat proxy.conf
<IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
        #spammers to use your proxy to send email.

        ProxyRequests Off

        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Deny from all
                Allow from 192.168.1.51

                # Define the character set for proxied FTP directory listings
                ProxyFtpDirCharset UTF-8
        </Proxy>

        # Enable/disable the handling of HTTP/1.1 "Via:" headers.
        # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
        # Set to one of: Off | On | Full | Block

        ProxyVia On
</IfModule>
Now I have squirrelmail installed which I setup as a virtual host so that mail.mydomain.com will point to it and it works fine internally through the DNS server config in my Cisco router but when I try to access it through internet it used to work but now it says no gateway reply. I haven't modified the router in anyway since changing to the proxy setup.

Also I have mail.gx110.mydomain.com which is meant to access server2 squirrelmail system and courier-imap system.

However in my domain setup page, I have put 2 forwarders:

Hostname Address Record Type
mail myIPaddrss in A
mail.gx110 myIP in A

then mx mail records:

Hostname Address (e.g. mail.mymailserver.com) Pref
mail mydomain.com 10
mail.gx110 mydomain.com 10

But now even say in IMAP client mail.mydomain.com doesn't work, says "can't find server"??

I had it setup with MXE record first which was:

Hostname Address
mail myIPaddrss

Then squirrelmail worked at least on my domain server but now I am totally confused and I guess this should have been two seperate posts but I hope both problems will be covered in this one

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 13th June 2008, 16:49
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Now I have squirrelmail installed which I setup as a virtual host so that mail.mydomain.com will point to it and it works fine internally through the DNS server config in my Cisco router but when I try to access it through internet it used to work but now it says no gateway reply. I haven't modified the router in anyway since changing to the proxy setup.

Also I have mail.gx110.mydomain.com which is meant to access server2 squirrelmail system and courier-imap system.

However in my domain setup page, I have put 2 forwarders:

Hostname Address Record Type
mail myIPaddrss in A
mail.gx110 myIP in A

then mx mail records:

Hostname Address (e.g. mail.mymailserver.com) Pref
mail mydomain.com 10
mail.gx110 mydomain.com 10

But now even say in IMAP client mail.mydomain.com doesn't work, says "can't find server"??

I had it setup with MXE record first which was:

Hostname Address
mail myIPaddrss
The WAN stuff to my domain server (server1) seems to be ok now just checked it. It takes a while to kick in and was just me being impatient, but however I still can't access the other server (server2) so this is I think the starting point!

Thanks again in advance
Reply With Quote
  #3  
Old 14th June 2008, 19:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,723 Times in 2,563 Posts
Default

Quote:
Originally Posted by lordshadow View Post
I still can't access the other server (server2) so this is I think the starting point!

Thanks again in advance
I'm sorry, but can you describe the problem in more detail?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 14th June 2008, 21:07
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm sorry if I didn't make sense!

Basically, what I would like is get into my main server from the internet.

Now normally this would be simple: open up port 80 on the NAT in the router and it automatically forwards the ports.

However I already have a domain server hosting web and mail, but what I would like to do is connect through my main server somehow without putting Apache of the main server on a different port as it would mean that I would have to do this for all my mail as well.

By reading the post above I thought that I could do this by using proxy forwarding method in Apache but I am not sure.

Basically if I desribe it by diagram: Internet (WAN) -> Router -> server1 -> server2

for mail and www ports.

Where server1 is domain server and server2 is main server.

Is this even possible??
Reply With Quote
  #5  
Old 15th June 2008, 13:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,723 Times in 2,563 Posts
Default

I'm not sure if this is possible for SMTP, but for HTTP, this link might give you the idea: http://www.howtoforge.com/apache_rev...roxy_ispconfig
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 15th June 2008, 21:08
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks alot for the link it gave me alot of ideas unfortunately when I tried to implement they didn't work

Ok so the way I understand the link is that if you have machine1 and machine2 and you are trying to get into machine2 from machine1 you need to create a proxy in apache2 virtual host not the apache2.conf file.

Initially I added this config to machine2:

Code:
NameVirtualHost *
<VirtualHost *>
        ServerAdmin root@localhost
        ServerName gx110.optiplex-networks.com
        ServerAlias *.gx110.*
        DocumentRoot /var/www/
        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        #ProxyPass / http://gx110.optiplex-networks.com:80/
        #ProxyPassReverse / http://gx110.optiplex-networks.com:80/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
However when the two lines were un-commented I got a proxy error which was caused by a loop since the URL's in the two lines point to themselves! (as we are on machine2 from above )

Anyway so I left the config as is above and I don't get any more errors although I probably don't need the proxy config.

Now for machine1 I made the following virtual host:

Code:
<VirtualHost  gx110.optiplex-networks.com>
ServerName gx110.optiplex-networks.com
ServerAlias *.gx110.*
ProxyRequests Off
#ProxyPreserveHost On
        <Proxy *>
          Order deny,allow
          Allow from optiplex-networks.com
        </Proxy>

ProxyPass / http://192.168.1.51:80/
ProxyPassReverse / http://192.168.1.51:80/
</VirtualHost>
But however from internet it still doesn't pass the URL *.gx110.mydomain.com, it keeps resolving to the local host on machine1 when it's supposed to forward from machine1 to machine2.

I'm lost! I have no idea why it isn't working as I'm using the same config concept as in your link to ispconfig.
Reply With Quote
  #7  
Old 16th June 2008, 14:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,723 Times in 2,563 Posts
Default

You need the reverse proxy configuration only on machine 1.
Any errors in the Apache error log on machine 1?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 16th June 2008, 15:22
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Here is what is in the last part of my apache error.log:

Code:
[Sun Jun 15 21:52:10 2008] [error] [client 82.132.136.200] File does not exist: /usr/share/squirrelmail/favicon.ico
[Sun Jun 15 21:53:46 2008] [error] [client 82.132.136.200] File does not exist: /usr/share/squirrelmail/favicon.ico
[Sun Jun 15 21:56:45 2008] [error] [client 82.132.136.208] File does not exist: /usr/share/squirrelmail/favicon.ico
[Sun Jun 15 21:57:16 2008] [error] [client 82.132.136.208] File does not exist: /usr/share/squirrelmail/favicon.ico
[Sun Jun 15 23:17:00 2008] [error] [client 87.252.230.54] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
[Sun Jun 15 23:17:01 2008] [error] [client 212.57.189.58] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
[Sun Jun 15 23:17:02 2008] [error] [client 213.227.253.158] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
[Sun Jun 15 23:17:02 2008] [error] [client 81.214.106.73] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
[Sun Jun 15 23:17:05 2008] [error] [client 90.189.103.164] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
[Sun Jun 15 23:17:07 2008] [error] [client 213.172.87.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
[Sun Jun 15 23:24:41 2008] [error] [client 82.132.136.207] File does not exist: /usr/share/squirrelmail/favicon.ico
[Sun Jun 15 23:26:10 2008] [error] [client 82.132.136.207] File does not exist: /var/www/favicon.ico
[Sun Jun 15 23:26:52 2008] [error] [client 82.132.136.207] File does not exist: /var/www/cacti
[Sun Jun 15 23:26:52 2008] [error] [client 82.132.136.207] File does not exist: /var/www/favicon.ico
[Sun Jun 15 23:40:08 2008] [error] [client 82.132.136.207] File does not exist: /usr/share/squirrelmail/favicon.ico
[Sun Jun 15 23:40:34 2008] [error] [client 82.132.136.207] File does not exist: /usr/share/squirrelmail/favicon.ico
[Mon Jun 16 07:20:15 2008] [error] [client 74.6.18.222] File does not exist: /var/www/robots.txt
[Mon Jun 16 07:36:47 2008] [error] [client 74.6.18.222] File does not exist: /var/www/index_history.html
[Mon Jun 16 09:01:19 2008] [error] [client 64.238.113.82] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Mon Jun 16 11:33:12 2008] [error] [client 74.6.18.222] File does not exist: /var/www/robots.txt
[Mon Jun 16 15:30:22 2008] [error] [client 89.169.74.56] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
Of machine1.

Quote:
You need the reverse proxy configuration only on machine 1
Did I understand correctly that I need this line:
Code:
#ProxyPass / http://gx110.optiplex-networks.com:80/
but not this one:
Code:
#ProxyPassReverse / http://gx110.optiplex-networks.com:80/
on machine2, while machine1 stays as posted above??

Last edited by lordshadow; 16th June 2008 at 15:24.
Reply With Quote
  #9  
Old 19th June 2008, 00:19
lordshadow lordshadow is offline
Member
 
Join Date: Apr 2008
Posts: 89
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Ok since I was still getting the same result I thought of using the exact same principle from the howto in the link given earlier.

I changed Apache's listening port to 81

My deafult file in apache2/sites-enabled now looks like this:

Code:
NameVirtualHost *
<VirtualHost *>
        ServerAdmin root@localhost
        ServerName gx110.optiplex-networks.com
        ServerAlias gx110.*
        DocumentRoot /var/www/
        ProxyRequests Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        ProxyPass / http://gx110.optiplex-networks.com:81/
        ProxyPassReverse / http://gx110.optiplex-networks.com:81/
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from All
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

#ServerName gx110.optiplex-networks.com
#ServerAlias *.gx110.*
#ProxyRequests On
#ProxyPreserveHost On
#ProxyPass / http://192.168.1.51/
#ProxyPassReverse / http://192.168.1.51/


</VirtualHost>
I also changed the mods-enabled/proxy.conf so that the begining now looks like:

Code:
<IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
        #spammers to use your proxy to send email.

        ProxyRequests Off

        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Deny from all
                Allow from All
I'm sure I'm missing something as the proxy doesn't work either let alone externally from another machine which is what I tried to do in the begining.

Upon http://gx110.mydomain.com I get: Unable to connect

but if I input http://gx110.mydomain.com:81 I get:

Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /.

Reason: Max-Forwards has reached zero - proxy loop?

What have I missed or messed up??? I really hope someone can help!

Last edited by lordshadow; 19th June 2008 at 00:25.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 22:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.