apache port from 80 to 81

[Dmitriy Tarasov]

Hello,

I would like to use squid as a reverse proxy. For that I must change apache port from 80 to 81.
I replaced <VirtualHost |IP|:80> by <VirtualHost |IP|:81> in the /usr/local/directadmin/data/templates/custom/virtual_host.conf
and rewrited all http.conf files with the new template. After that changed
Listen 80 -> Listen 81
Port 80 -> Port 81
In the /etc/httpd/conf/httpd.conf
But
/usr/sbin/apachectl configtest
gives me the next warning
[warn] VirtualHost ip:81 overlaps with VirtualHost ip:81, the first has precedence, perhaps you need a NameVirtualHost directive
Please, advise me what shell I do in order to change apache port from 80 to 81?

Thank you.

 

[jackc]

you need to change /etc/httpd/conf/ips.conf
however you will have problem with using 81 port, your website will be redirect to port 81 by apache, like if you visit www.domain.com/forum will be redirect to www.domain.com:81/forum

 

[Dmitriy Tarasov]

Well, it’s working. I understand that this is not forum devoted to squid but may be someone knows the answer.
I’m trying to use squid/2.5 as a reverse proxy. In order to not disturb my users for a start I leave apache at 80 port and install squid at 81 port and everything works well.
This is a main items of squid config:
http_port 81
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_with_proxy off
httpd_accel_single_host off
cache_effective_user apache
cache_effective_group apache
http_access allow all

But when I change squid’s port to 80 and apache’s port to 81:
http_port 80
httpd_accel_host virtual
httpd_accel_port 81
httpd_accel_uses_host_header on
httpd_accel_with_proxy off
httpd_accel_single_host off
cache_effective_user apache
cache_effective_group apache
http_access allow all

I’m getting error from squid
“Access denied”

Please, help to solve the problem.

 

[Dmitriy Tarasov]

The problem was solved. It was necessary to add into squid.conf:
acl Safe_ports port 81

 

[Dmitriy Tarasov]

I managed to run Apache at 81 port and Squid at 80 port. Now Squid works as a reverse proxy. But when I add new domain, Apache’s port is changed from 81 to 80 in the
/etc/httpd/conf/ips.conf
and after that I can not start apache.
I have
/usr/local/directadmin/data/templates/custom/ips_virtual_host.conf
but that file does not have the first several lines that changes in the /etc/httpd/conf/ips.conf
NameVirtualHost ip:80
NameVirtualHost ip:443
Could you, please, advise me how can I make these lines invariable. I need Apache’s port stayed the same and equal 81 after I add new domain:
NameVirtualHost ip:81
NameVirtualHost ip:443

 

[jackc]

comment out Include /etc/httpd/conf/ips.conf in httpd.conf
and add
NameVirtualHost ip:81
NameVirtualHost ip:443
after it.
Didn't you run into the problem that apache will forward port to 81?
like if you visit www.domain.com/forum will be redirect to www.domain.com:81/forum? I'm sure this problem exists since it's described in squid's documentation and I had this problem when I was using squid.

 

[Dmitriy Tarasov]

Wonderful! Jackc, thanks a lot. I commented out
Include /etc/httpd/conf/ips.conf in httpd.conf
and included body of ips.conf into httpd.conf
It seems to me that now everything works without problem.
I am using Invision Power Board and do not see redirects to www.domain.com:81/forum?
The version of squid is 2.5

 

[Dmitriy Tarasov]

I would like Apache listens on port 80 but just for 127.0.0.1
In httpd.conf I added
BindAdderess 127.0.0.1
This is main items of squid config:

http_port 80
httpd_accel_host 127.0.0.1
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_with_proxy off
httpd_accel_single_host off
cache_effective_user apache
cache_effective_group apache

After restart of squid and apache I get “access denied”.
Does anyone know acl’s settings that allow to use loopback interface?

 

[jackc]

acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 80
http_access deny !Safe_ports
http_access allow all

maybe this would work?

 

[Dmitriy Tarasov]

I use recommended minimum configuration:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # squid, http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny !Safe_ports
http_access allow all

And it does not work. I get “access denied”.
Does anyone know acl’s settings that allow to use loopback interface with squid as reverse proxy?

 

[jackc]

I'm not sure about squid 2.5, I use 2.6, I don't need any special setting to use loopback in 2.6.