Apache Rewrite or Proxy to internal server
You're very close!
A couple notes:
-
RewriteCond %{HTTP_HOST} ^mysub.domain.com/*
- TheHTTP_HOST
variable only containsmysub.domain.com
, not the rest of the path.This rule actually matches, but accidentally - there's no
/
character there, but the*
modifier applies to the/
character, meaning "repeat the/
0 to infinite times".Apache uses perl-compatible regex - to match the exact host, it should look like this:
RewriteCond %{HTTP_HOST} ^mysub\.domain\.com$
-
RewriteRule .* http://192.168.x.x/ [P,L]
- This is only loading the home page since it's not including the rest of the passed path - this must be manually done when using the[P]
flag ofRewriteRule
.This should work:
RewriteRule (.*) http://192.168.x.x/$1 [P,L]
-
The
ProxyPass
setup is almost right, except it's being overridden by the setup in the.htaccess
file, so it's not being used. Using.htaccess
is bad for performance and potentially problematic for security - see the recommendation in the Apache documentation here.Probably the best approach is to delete the
.htaccess
file outright, and just useProxyPass
. Change your config a small bit...<Location /> ProxyPass http://192.168.x.x/ ProxyPassReverse http://192.168.x.x/ </Location>
...and move it from your
httpd.conf
over to within the<VirtualHost>
block that's serving the subdomain.With the matching trailing slashes and no more
.htaccess
, this should do the trick!
Related videos on Youtube
JoshP
Updated on September 18, 2022Comments
-
JoshP over 1 year
First off, this is my first go at apache, so please forgive my beginingingismness :)
My basic setup is as such:
mysub.domain.com
gets sent to my static IP via a CNAME entry at godaddy's DNS manager. It hits my Ubuntu 10 LTS server running Apache2.I have a virtual host entry that directs that request to the proper
/var/www/mysub
folder. I don't have any content in there, but I added a line to the "It Works" page so I'd know if I got there successfully. I also have a Mac Mini running a wiki server on the same local network as the Ubuntu server.I'd like
mysub.domain.com
to hit my Mini server instead of the/var/www/mysub
folder.After much reading on this site and others, I've managed to do it... kind of.
I have the following in my
/var/www/mysub/.htacess
, which I found in another SF question (forgot to copy the link).RewriteEngine on RewriteCond %{HTTP_HOST} ^mysub.domain.com/* RewriteRule .* http://192.168.x.x/ [P,L]
This works insomuch as it does redirect
mysub.domain.com
to the Mini's front page. But of course, so does every subsequent link click on the Mini page. I think I understand why it's doing it (anything that starts withmysub.domain.com
gets directed to what is essentially the front page of the wiki server, and since subsequent links on the wiki server also includemysub.domain.com
, it always ends up in the same place)I just don't know what to do different. To be perfectly honest, I don't actually understand the syntax of those Rewrite lines.
I've seen countless examples of config entries and tried some of them, but without really understanding the syntax, it's kind of shooting in the dark.
This was a useful post, and after reading this question, I tried adding this to my
/apache2/httpd.conf
file<Location /> ProxyPass http://192.168.x.x ProxyPassReverse http://192.168.x.x </Location>
No luck.
Clearly, I have some learning to do, but it would seem to me that what I want to do is probably quite simple. What am I missing?
EDIT PER COMMENTS
My
/etc/apache2/httpd.conf
fileServerName localhost <VirtualHost *:80> ServerName domain.com ServerAlias www.domain.com DocumentRoot /var/www/domain </VirtualHost> <VirtualHost *:80> ServerName mysub.domain.com DocumentRoot /var/www/mysub <Location /> ProxyPass http://192.168.x.x/ ProxyPassReverse http://192.168.x.x/ </Location> </VirtualHost>
... and my
sites-available/mysub
file...<VirtualHost *:80> ServerAdmin [email protected] ServerName mysub.domain.com DocumentRoot /var/www/mysub #ProxyRequests Off <Location /> ProxyPass http://192.168.1.50/ ProxyPassReverse http://192.168.1.50/ </Location> <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/mysub> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/www/mysub/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory>
Output of
apache2ctl -S
VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:80 is a NameVirtualHost default server 66-152-109-110.tvc-ip.com (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost 66-152-109-110.tvc-ip.com (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost domain.com (/etc/apache2/sites-enabled/domain:1) port 80 namevhost mysub.domain.com (/etc/apache2/sites-enabled/mysub:1) Syntax OK
-
Tom Marthenal over 11 yearsNice first question :-).
-
JoshP over 11 years@TomMarthenal Cheers!
-
-
JoshP over 11 yearsThanks so much for the answer! I've axed the
.htaccess
file. I've altered the<Location>
block with the trailing slashes. The URL still just directs me to the/var/www/mysub
"It Works" page. One thing I may be doing wrong here... My<VirtualHost>
block is IN myhttpd.conf
file. When you say to move it, is my<VirtualHost>
block in the wrong place? -
ravi yarlagadda over 11 years@Josh The "typical" way to create a virtual host on an Ubuntu system is to create a file like
/etc/apache2/sites-available/site-name
then runa2ensite site-name
to enable it (which creates a symlink in/etc/apache2/sites-enabled
). It still works just fine inhttpd.conf
, though. Go ahead and move the<Location>
block into the<VirtualHost>
block and restart Apache. If that doesn't do the trick, can you provide the<VirtualHost>
block, as well as the output fromapache2ctl -S
? (edit the extra info into your question as opposed to putting it in a comment, for formatting) -
JoshP over 11 yearsI actually do have it created in
sites-available
and linked to-enabled
. I'll post both in the question. Is it wrong to have the site defined in both places? -
ravi yarlagadda over 11 years@Josh You'll only want it defined in one location - that may be part of the problem.
-
ravi yarlagadda over 11 years@Josh Yeah - if that. I think
httpd.conf
is empty, by default. -
JoshP over 11 yearsOk,
httpd.conf
is now empty. Still no go. ACK lol :) -
JoshP over 11 yearsI won't keep you all night :) I super appreciate your tutelage. I've gotten a lot narrowed down even if I don't reach the finish.
-
JoshP over 11 yearsdon't know where that IP comes from. Those errors don't look minor lol.
-
ravi yarlagadda over 11 years@Josh Aha, that's it. There's a different instance of Apache that's sitting on port 80 and not shutting down, so the restarts aren't taking effect. Find it and kill it with
ps
, or just restart the server to get a clean environment. -
ravi yarlagadda over 11 yearsNo problem! When you get the chance, take a dig in
/var/log/apache2/error_log
- it should have some interesting info. -
JoshP over 11 yearsOK, no more errors on restart! Had to do with hostnames defined differently in different places. The error log was indeed interesting. Didn't see anything about these issues, but lots of file not found coming from what are presumably bots looking for vulnerabilities.
-
JoshP over 11 yearsAnd finally, I think the apache bit is running fine now. I'm still running into the
You don't have permission to access / on this server
403 error, but I'm thinking that's an issue with permissions on the mini server. Does that sound right? Seems like I've got some more learning to do :) -
ravi yarlagadda over 11 years@Josh Great! Yeah, that 403 is likely coming from the other server - those will always generate a log entry, so you should be able to check the log to determine what's causing that response code. Normally, it's either a configuration that's specifically preventing access to that resource or path, or a permission issue - the error log should tell you which!