mod_proxy with Apache 2.0

[harro]

Hi all,

today I upgraded my Apache from 1.3.x to the Apache 2.0.58 Server, using the DirectAdmin instructions at: http://www.directadmin.com/features.php?id=441

All went well, except that the mod_proxy is not available anymore. I use it to give access to the control panel on port 80. This worked great under Apache 1.3.x.

Trying to start my httpd gives an error that the ProxyRequest line in my /usr/local/directadmin/data/conf/httpd.conf is not recognised.

There is no reference in the /etc/httpd/conf/httpd.conf file to mod_proxy (as described in the instructions to use mod_proxy at: http://help.directadmin.com/item.php?id=84 )

I looked on the Apache website but found only a description of what mod_proxy does, not how to get it. I tried to include --enable-proxy in the file:

configure.apache_2

in the customapache directory, but that gives me an error too:

/usr/local/directadmin/customapache/configure.apache_2: line 23: --enable-proxy: command not found

*** There was an error while trying to configure Apache 2. Check the configure.apache_2 file

So the question is... how do I get mod_proxy to work again with Apache 2.0 ? I don't understand enough of the way it's set up to figure it out. (why was it not included by DA in the config file like it was in the older Apache files?)

Thanks for any thoughts you have to point me in the right direction!

Harro

 

[chatwizrd]

--enable-proxy should work fine.

Try first

./build clean

Then rerun the command to install apache2. Usually a build clean will remove the temp files that cause problems like this. You can also go in the apache2 source folder in there (Example: /usr/local/directadmin/customapache/httpd-2.2.0) and try

./configure --help | grep proxy

This should tell you the correct extension to use.

 

[harro]

Thank you Chatwizrd!

It turned I made a typo in the config file (I didn't catch on to the '\\' at the end of each line...). At least you triggered me to look in a different way. The mod_proxy is now compiled into the Apache 2.0.58

Problem that has now appeared is that mod_proxy doesn't work as it did with Apache 1.3.x.
I get the following error in the /httpd/error.log and a blank screen when I go to https://cp.aethertree.com (I only configured the controlpanel access on the SSL port):

[Thu May 18 22:49:53 2006] [error] SSL Proxy requested for shared.domain:80 but not enabled [Hint: SSLProxyEngine]
[Thu May 18 22:49:53 2006] [error] proxy: failed to enable ssl support for 127.0.0.1:2222 (localhost)
[Thu May 18 22:49:54 2006] [notice] child pid 18854 exit signal Segmentation fault (11)

I did update open_SSL, but didn't see any errors when I did (but I might have missed something?)

It worked like a charm with Apache 1.3.x, as per instructions from DA. So does anyone know whether I need to change more than just to include the mod_proxy at compilation-time?

Does anyone else use the non-port 2222 access to the control panel with Apache 2.0.x?

Thanks!

Harro

 

[harro]

To reply to my own question... I did some searching on Google and some experimenting. I made it work, don't know whether this is an elegant solution:

I had to add the line "SSLProxyEngine on" to each instance of the 'redirect' in all the users' httpd.conf files. (sigh)

The result is:

<VirtualHost |IP|:443>
ServerName cp.|DOMAIN|
ProxyRequests Off
ProxyPass / https://localhost:2222/
ProxyPassReverse / https://localhost:2222/
SSLProxyEngine on
</VirtualHost>

Where the bold text is an addition to the instructions put down by DA in:
http://help.directadmin.com/item.php?id=84

I tried to put the "SSLProxyEngine on" in the main /etc/httpd/conf/httpd.conf, but that had no effect. But it works now...

Harro

 

[Brian S]

I can't seem to get reverse proxy working on Apache 2. Here's what I have in httpd.conf:

<VirtualHost 11.22.33.44:80>
        ServerName cp.users2.domain.com
        ProxyRequests Off
        ProxyPass / [url]https://localhost:2222/[/url]
        ProxyPassReverse / [url]https://localhost:2222/[/url]
        SSLProxyEngine on
</VirtualHost>
<VirtualHost 11.22.33.44:443>
        SSLProxyEngine on
        ServerName cp.users2.domain.com
        ProxyRequests Off
        ProxyPass / [url]https://localhost:2222/[/url]
        ProxyPassReverse / [url]https://localhost:2222/[/url]
        SSLProxyEngine on
</VirtualHost>

The page loads fine. If I enter an incorrect password, DirectAdmin passes along the error message. But if I login correctly, it takes me back to the login page. Worked fine in Apache 1.3. Any ideas?

Thanks,

Brian

 

[harro]

Hi Brian,

I am not sure it makes sense to put an SSL proxy reference in the non-SSL section (the first virtualhost part, with the :80 as port). SSL is used when connecting through https (port 443).

It may or may not be the cause, depending mostly on whether you access your website through http:// (might cause a problem) or https:// (seems ok).

Another thought: to enable DA login to work via SSL, you have to set the SSL=1 in the directadmin.conf file (don't know the filename off the top of my head).

Good luck!

Harro

 

[Brian S]

I only have SSL enabled, that's why it's making the SSL connection even on the non-SSL proxy. DirectAdmin works fine, it's just not logging me in when setup through the reverse proxy.

Thanks,

Brian

 

[Brian S]

I don't why, but either Apache or DirectAdmin keep forwarding to the non-SSL connection, and that was mucking things up. Putting a Redirect in the non-SSL VirtualHost didn't work. But, putting check_referer=0 in directadmin.conf and doing a URL Rewrite seems to work.

<VirtualHost 11.22.33.44:80>
        ServerName cp.users2.domain.com
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost 11.22.33.44:443>
        SSLProxyEngine on
        ServerName cp.users2.domain.com
        ProxyRequests Off
        ProxyPass / https://11.22.33.44:2222/
        ProxyPassReverse / https://11.22.33.44:2222/
</VirtualHost>