Apache forwarding with proxy and mx mail records

Discussion in 'Server Operation' started by lordshadow, Jun 13, 2008.

  1. lordshadow

    lordshadow New Member

    Hi, I'm totally confused! :)

    I am trying to setup a domain server for which was working untill I changed some settings and now everythings messed and mixed up.

    Specifics: I want to create a system where I can access my main server through my domain server on the internet as it's running a different mail setup and monitoring for my network.

    Outline: Internet WAN -> server1 -> server2 (where server1 is domain server and server2 is main server)

    I found this thread for the proxy: http://www.howtoforge.com/forums/showthread.php?t=3116

    of which I adapted to this on server1:
    Virtual host setup--
    Code:
    OptiplexGX270T:/etc/apache2/sites-available# cat 192.168.1.51
    <VirtualHost  192.168.1.51>
    ServerName gx110.optiplex-networks.com
    ServerAlias *.gx110.*
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://192.168.1.51:80/
    ProxyPassReverse / http://192.168.1.51:80/
    </VirtualHost>
    
    and modified proxy.conf to show:
    Code:
    OptiplexGX270T:/etc/apache2/mods-available# cat proxy.conf
    <IfModule mod_proxy.c>
            #turning ProxyRequests on and allowing proxying from all may allow
            #spammers to use your proxy to send email.
    
            ProxyRequests Off
    
            <Proxy *>
                    AddDefaultCharset off
                    Order deny,allow
                    Deny from all
                    Allow from 192.168.1.51
    
                    # Define the character set for proxied FTP directory listings
                    ProxyFtpDirCharset UTF-8
            </Proxy>
    
            # Enable/disable the handling of HTTP/1.1 "Via:" headers.
            # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
            # Set to one of: Off | On | Full | Block
    
            ProxyVia On
    </IfModule>
    
    Now I have squirrelmail installed which I setup as a virtual host so that mail.mydomain.com will point to it and it works fine internally through the DNS server config in my Cisco router but when I try to access it through internet it used to work but now it says no gateway reply. I haven't modified the router in anyway since changing to the proxy setup.

    Also I have mail.gx110.mydomain.com which is meant to access server2 squirrelmail system and courier-imap system.

    However in my domain setup page, I have put 2 forwarders:

    Hostname Address Record Type
    mail myIPaddrss in A
    mail.gx110 myIP in A

    then mx mail records:

    Hostname Address (e.g. mail.mymailserver.com) Pref
    mail mydomain.com 10
    mail.gx110 mydomain.com 10

    But now even say in IMAP client mail.mydomain.com doesn't work, says "can't find server"??

    I had it setup with MXE record first which was:

    Hostname Address
    mail myIPaddrss

    Then squirrelmail worked at least on my domain server but now I am totally confused and I guess this should have been two seperate posts but I hope both problems will be covered in this one :)

    Thanks
     
  2. lordshadow

    lordshadow New Member

    The WAN stuff to my domain server (server1) seems to be ok now just checked it. It takes a while to kick in and was just me being impatient, but however I still can't access the other server (server2) so this is I think the starting point!

    Thanks again in advance
     
  3. falko

    falko Super Moderator Howtoforge Staff

    I'm sorry, but can you describe the problem in more detail?
     
  4. lordshadow

    lordshadow New Member

    I'm sorry if I didn't make sense! :)

    Basically, what I would like is get into my main server from the internet.

    Now normally this would be simple: open up port 80 on the NAT in the router and it automatically forwards the ports.

    However I already have a domain server hosting web and mail, but what I would like to do is connect through my main server somehow without putting Apache of the main server on a different port as it would mean that I would have to do this for all my mail as well.

    By reading the post above I thought that I could do this by using proxy forwarding method in Apache but I am not sure.

    Basically if I desribe it by diagram: Internet (WAN) -> Router -> server1 -> server2

    for mail and www ports.

    Where server1 is domain server and server2 is main server.

    Is this even possible??
     
  5. falko

    falko Super Moderator Howtoforge Staff

  6. lordshadow

    lordshadow New Member

    Thanks alot for the link it gave me alot of ideas :) unfortunately when I tried to implement they didn't work :(

    Ok so the way I understand the link is that if you have machine1 and machine2 and you are trying to get into machine2 from machine1 you need to create a proxy in apache2 virtual host not the apache2.conf file.

    Initially I added this config to machine2:

    Code:
    NameVirtualHost *
    <VirtualHost *>
            ServerAdmin root@localhost
            ServerName gx110.optiplex-networks.com
            ServerAlias *.gx110.*
            DocumentRoot /var/www/
            ProxyRequests Off
    
            <Proxy *>
              Order deny,allow
              Allow from all
            </Proxy>
    
            #ProxyPass / http://gx110.optiplex-networks.com:80/
            #ProxyPassReverse / http://gx110.optiplex-networks.com:80/
            <Directory />
                    Options FollowSymLinks
                    AllowOverride None
            </Directory>
    
    However when the two lines were un-commented I got a proxy error which was caused by a loop since the URL's in the two lines point to themselves! (as we are on machine2 from above :) )

    Anyway so I left the config as is above and I don't get any more errors although I probably don't need the proxy config.

    Now for machine1 I made the following virtual host:

    Code:
    <VirtualHost  gx110.optiplex-networks.com>
    ServerName gx110.optiplex-networks.com
    ServerAlias *.gx110.*
    ProxyRequests Off
    #ProxyPreserveHost On
            <Proxy *>
              Order deny,allow
              Allow from optiplex-networks.com
            </Proxy>
    
    ProxyPass / http://192.168.1.51:80/
    ProxyPassReverse / http://192.168.1.51:80/
    </VirtualHost>
    
    But however from internet it still doesn't pass the URL *.gx110.mydomain.com, it keeps resolving to the local host on machine1 when it's supposed to forward from machine1 to machine2.

    I'm lost! I have no idea why it isn't working as I'm using the same config concept as in your link to ispconfig.
     
  7. falko

    falko Super Moderator Howtoforge Staff

    You need the reverse proxy configuration only on machine 1.
    Any errors in the Apache error log on machine 1?
     
  8. lordshadow

    lordshadow New Member

    Here is what is in the last part of my apache error.log:

    Code:
    [Sun Jun 15 21:52:10 2008] [error] [client 82.132.136.200] File does not exist: /usr/share/squirrelmail/favicon.ico
    [Sun Jun 15 21:53:46 2008] [error] [client 82.132.136.200] File does not exist: /usr/share/squirrelmail/favicon.ico
    [Sun Jun 15 21:56:45 2008] [error] [client 82.132.136.208] File does not exist: /usr/share/squirrelmail/favicon.ico
    [Sun Jun 15 21:57:16 2008] [error] [client 82.132.136.208] File does not exist: /usr/share/squirrelmail/favicon.ico
    [Sun Jun 15 23:17:00 2008] [error] [client 87.252.230.54] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
    [Sun Jun 15 23:17:01 2008] [error] [client 212.57.189.58] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
    [Sun Jun 15 23:17:02 2008] [error] [client 213.227.253.158] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
    [Sun Jun 15 23:17:02 2008] [error] [client 81.214.106.73] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
    [Sun Jun 15 23:17:05 2008] [error] [client 90.189.103.164] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
    [Sun Jun 15 23:17:07 2008] [error] [client 213.172.87.25] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
    [Sun Jun 15 23:24:41 2008] [error] [client 82.132.136.207] File does not exist: /usr/share/squirrelmail/favicon.ico
    [Sun Jun 15 23:26:10 2008] [error] [client 82.132.136.207] File does not exist: /var/www/favicon.ico
    [Sun Jun 15 23:26:52 2008] [error] [client 82.132.136.207] File does not exist: /var/www/cacti
    [Sun Jun 15 23:26:52 2008] [error] [client 82.132.136.207] File does not exist: /var/www/favicon.ico
    [Sun Jun 15 23:40:08 2008] [error] [client 82.132.136.207] File does not exist: /usr/share/squirrelmail/favicon.ico
    [Sun Jun 15 23:40:34 2008] [error] [client 82.132.136.207] File does not exist: /usr/share/squirrelmail/favicon.ico
    [Mon Jun 16 07:20:15 2008] [error] [client 74.6.18.222] File does not exist: /var/www/robots.txt
    [Mon Jun 16 07:36:47 2008] [error] [client 74.6.18.222] File does not exist: /var/www/index_history.html
    [Mon Jun 16 09:01:19 2008] [error] [client 64.238.113.82] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
    [Mon Jun 16 11:33:12 2008] [error] [client 74.6.18.222] File does not exist: /var/www/robots.txt
    [Mon Jun 16 15:30:22 2008] [error] [client 89.169.74.56] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): *
    
    Of machine1.

    Did I understand correctly that I need this line:
    Code:
    #ProxyPass / http://gx110.optiplex-networks.com:80/
    
    but not this one:
    Code:
    #ProxyPassReverse / http://gx110.optiplex-networks.com:80/
    
    on machine2, while machine1 stays as posted above??
     
    Last edited: Jun 16, 2008
  9. lordshadow

    lordshadow New Member

    Ok since I was still getting the same result I thought of using the exact same principle from the howto in the link given earlier.

    I changed Apache's listening port to 81

    My deafult file in apache2/sites-enabled now looks like this:

    Code:
    NameVirtualHost *
    <VirtualHost *>
            ServerAdmin root@localhost
            ServerName gx110.optiplex-networks.com
            ServerAlias gx110.*
            DocumentRoot /var/www/
            ProxyRequests Off
    
            <Proxy *>
              Order deny,allow
              Allow from all
            </Proxy>
    
            ProxyPass / http://gx110.optiplex-networks.com:81/
            ProxyPassReverse / http://gx110.optiplex-networks.com:81/
            <Directory />
                    Options FollowSymLinks
                    AllowOverride All
            </Directory>
            <Directory /var/www/>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride All
                    Order allow,deny
                    allow from All
                    # This directive allows us to have apache2's default start page
                    # in /apache2-default/, but still have / go to the right place
                    #RedirectMatch ^/$ /apache2-default/
            </Directory>
    
            ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
            <Directory "/usr/lib/cgi-bin">
                    AllowOverride None
                    Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                    Order allow,deny
                    Allow from all
            </Directory>
    
            ErrorLog /var/log/apache2/error.log
    
            # Possible values include: debug, info, notice, warn, error, crit,
            # alert, emerg.
            LogLevel warn
    
            CustomLog /var/log/apache2/access.log combined
            ServerSignature On
    
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    
    #ServerName gx110.optiplex-networks.com
    #ServerAlias *.gx110.*
    #ProxyRequests On
    #ProxyPreserveHost On
    #ProxyPass / http://192.168.1.51/
    #ProxyPassReverse / http://192.168.1.51/
    
    
    </VirtualHost>
    
    I also changed the mods-enabled/proxy.conf so that the begining now looks like:

    Code:
    <IfModule mod_proxy.c>
            #turning ProxyRequests on and allowing proxying from all may allow
            #spammers to use your proxy to send email.
    
            ProxyRequests Off
    
            <Proxy *>
                    AddDefaultCharset off
                    Order deny,allow
                    Deny from all
                    Allow from All
    
    I'm sure I'm missing something as the proxy doesn't work either let alone externally from another machine which is what I tried to do in the begining.

    Upon http://gx110.mydomain.com I get: Unable to connect

    but if I input http://gx110.mydomain.com:81 I get:

    Proxy Error
    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /.

    Reason: Max-Forwards has reached zero - proxy loop?

    What have I missed or messed up??? I really hope someone can help!
     
    Last edited: Jun 19, 2008

Share This Page