Hi,
We have a linux box hosted at an ISP which has been running various
sites on Apache for some time. I’m in the process of porting the sites
on it to nginx. At the moment I just have the default (’_’) nginx
server proxy_pass-ing everything to Apache on a local high port like so:
server {
listen x.x.x.x:80;
server_name _ default;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-Remote-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
and I’m just implementing new specific server {} blocks identified
with server_name for each site as I go. All the sites work fine, so
far so good.
The Apache setup is configured to act as a forward proxy, restricted
to our network and with basic auth, as we occasionally need to check
how things look from outside our network, or to be able to look back
at our network from outside.
I’ve added the local address in the Allow from list in the Apache
proxy config, but I can’t seem to get it to allow proxy requests for
remote URLs; it just says 403. It allows proxy requests for sites
hosted on that machine, but nothing else. I’m fairly sure the Apache
config is otherwise good, as we’ve been using it like this for a while
and it hasn’t changed other than the new local Allow address.
Perhaps it’s something to do with host-header mangling, or similar …
Is there a way to get this to work? I guess we could open port 8080 on
the firewall so that we can access the Apache proxy directly, but I’m
interested to know if there’s another way.
Thanks,
Igor
Hello Igor,
Friday, September 26, 2008, 5:37:28 PM, you wrote:
Hi,
We have a linux box hosted at an ISP which has been running various
sites on Apache for some time. I’m in the process of porting the sites
on it to nginx. At the moment I just have the default (’_’) nginx
server proxy_pass-ing everything to Apache on a local high port like so:
server {
-
listen x.x.x.x:80;
-
server_name _ default;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
$remote_addr;
$remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
and I’m just implementing new specific server {} blocks identified
with server_name for each site as I go. All the sites work fine, so
far so good.
The Apache setup is configured to act as a forward proxy, restricted
to our network and with basic auth, as we occasionally need to check
how things look from outside our network, or to be able to look back
at our network from outside.
I’ve added the local address in the Allow from list in the Apache
proxy config, but I can’t seem to get it to allow proxy requests for
remote URLs; it just says 403. It allows proxy requests for sites
hosted on that machine, but nothing else. I’m fairly sure the Apache
config is otherwise good, as we’ve been using it like this for a while
and it hasn’t changed other than the new local Allow address.
Perhaps it’s something to do with host-header mangling, or similar …
Is there a way to get this to work? I guess we could open port 8080 on
the firewall so that we can access the Apache proxy directly, but I’m
interested to know if there’s another way.
Hi Denis, thanks for your suggestions. I tried all these but they
didn’t make any difference.
(Incidentally X-Real-Remote-IP is used in one of our applications, but
I tried both with and without, and neither worked.)
Any other thoughts?
Thanks very much,
Igor
On piÄ…, wrz 26, 2008 at 12:10:51 +0100, Igor C. wrote:
Hi Denis, thanks for your suggestions. I tried all these but they
didn’t make any difference.
(Incidentally X-Real-Remote-IP is used in one of our applications, but
I tried both with and without, and neither worked.)
Any other thoughts?
Have you tried mod_rpaf for apache? It might make a difference.
http://stderr.net/apache/rpaf/
Best regards,
Grzegorz N.
Thanks Grzegorz, I didn’t know about that, I’ll give it a try.
best
igor