Saturday, August 28, 2010

Apache reverse proxying for port 80 and SSL


Here is a sample working configuration I setup for one of our sites, you want to use Apache Reverse proxying or some type of reverse proxying anytime you are using multiple types of technology since it prevents you from having to use sub domains. Using this technique is better also because you can use cookies to pass to other applications for things such as single signon, plus you give the users a better experience as everything appears to come from one website. Performance is also another benefit you get since the reverse proxying does provide some level of caching for you.

Another big benefit is SEO (Search Engine Optimization) since you will have more pages indexed under this configuration than if you used subdomains.

The only downside of course, is increased complexity, but if you are running multiple web applications for your company, you are increasing complexity away, so you might as well do it properly.

Here is a sample config, with some descriptions. We have an e-Commerce server (Tradepoint) but will also be using Dotnetnuke and wordpress as well, with the configuration below we end up dealing with SSL Reverse proxying (You do need to put the SSL Cert on the apache box and then use SSLProxyEngine On) to forward the SSL proxy requests to the servers in the back. As well the servers in the back already have SSL turned on.

I also setup a static hosts file on the Proxy server so that you can point back to the back e-commerce. So in this examples the dns entry for every other machine will be 00040. test.com that might point to 192.168.100.2 (apache) but on the proxy server, I point ooo40. test.com to 192.168.100.3 (ecommerce).





<VirtualHost *:80>
ServerAdmin support@test.com
ServerName ooo40.test.com
DocumentRoot /var/www/ooo
ErrorLog /var/log/apache2/ test-error.log
CustomLog /var/log/apache2/ test-access.log combined
RewriteEngine On
ProxyTimeout 3600
ProxyRequests off
ProxyPreserveHost off
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
#Allow from .example.com
</Proxy>

ProxyPass /dnn http://ooo40dnn. test.com/dnn
ProxyPassReverse /dnn http://ooo40dnn. test.com/dnn

ProxyPass /blogs http://ooo40wp. test.com:83/
ProxyPassReverse /blogs http://ooo40wp. test.com:83/

ProxyPass /forums http://ooo40wp. test.com:83/
ProxyPassReverse /forums http://ooo40wp. test.com:83/

ProxyPass /affiliates http://ooo40wp. test.com:83/
ProxyPassReverse /affiliates http://ooo40wp. test.com:83/

ProxyPass / http://ooo40. test.com/
ProxyPassReverse / http://ooo40. test.com/

RequestHeader unset Accept-Encoding


RewriteRule /blogs$ /blogs/ [R]

ProxyHTMLURLMap http://ooo40wp. test.com:83 /blogs
<Location /blogs>
SetOutputFilter proxy-html
ProxyPassReverse /
ProxyHTMLURLMap / /blogs/
RequestHeader unset Accept-Encoding
</Location>
<Location /blogs/>
SetOutputFilter proxy-html
ProxyPassReverse /
ProxyHTMLURLMap / /blogs/
RequestHeader unset Accept-Encoding
</Location>

ProxyHTMLURLMap http://ooo40dnn. test.com/dnn /dnn
<Location /dnn/>
SetOutputFilter proxy-html
ProxyPassReverse /dnn
ProxyHTMLURLMap /dnn /dnn/
RequestHeader unset Accept-Encoding
</Location>
<Location /dnn>
SetOutputFilter proxy-html
ProxyPassReverse /dnn
ProxyHTMLURLMap /dnn /dnn/
RequestHeader unset Accept-Encoding
</Location>

</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

SSLProxyEngine on
ProxyPass / https://ooo40. test.com/
ProxyPassReverse / https://ooo40. test.com/
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
#Allow from .example.com
</Proxy>
</VirtualHost>






No comments: