Feature #3363
Proxy pass support
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-httpd | |||
Target version: | v6.7 | |||
Resolution: | NEEDINFO: | No |
Description
Add proxy pass functionality to permit access to internal sites from the outside world.
Example:
I have a domain http://mydomain.com and I would like http://mydomain.com/extra to forward to the internal server.
In SME this is implemented using the db accounts, I'd rather prefer to move proxy pass configuration to a new db.
Reference: https://wiki.contribs.org/SME_Server:Documentation:ProxyPass
Content /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35ProxyPass
{ use esmith::AccountsDB; my $db = esmith::AccountsDB->open_ro; return "" unless $db; foreach my $path ($db->get_all_by_prop(type => 'ProxyPass')) { my $key = $path->key; my $target = $path->prop('Target'); unless (defined $target) { warn("No Target property specified for ProxyPath $key." . " Skipping..."); next; } my $desc = $path->prop('Description'); if (defined $desc) { $OUT .= "# ProxyPass: $key\n"; $OUT .= "# Description: $desc\n"; } $OUT .= "ProxyPass\t/$key\t$target\n"; $OUT .= "ProxyPassReverse\t/$key\t$target\n"; $OUT .= "<Location /$key>\n"; my $proxyHTTP = $path->prop('HTTP') || "yes"; my $proxyHTTPS = $path->prop('HTTPS') || "yes"; if ( $proxyHTTP eq "no" ) { $OUT .= " SSLRequireSSL\n"; } if ( $proxyHTTPS eq "no" ) { $OUT .= ' SSLRequire (%{HTTPS} eq "NULL")' . "\n"; } my $valid = $path->prop('ValidFrom'); if (defined $valid) { # Convert from comma separated list to space separated $valid =~ s/,/ /g; # Make sure that /32 ValidFrom specs don't cause Apache problems. $valid =~ s:/255.255.255.255::g; $OUT .= " order deny,allow\n"; $OUT .= " deny from all\n"; $OUT .= " allow from $valid\n"; } $OUT .= "</Location>\n"; } }
Associated revisions
Create proxypass DB. Added migrate from ns8 action.
proxypass.conf template
Imported from SME 8
ProxyPass: add SSLProxyEngine option. Refs #3363
ProxyPass: add SSLProxyEngine option. Refs #3363
History
#1 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.7
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#3 Updated by Davide Principi over 5 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case 1
- migrate a SME Server / NethService 8
- proxy pass must be migrated into
proxypass
db
Test case 2
- create a proxypass record and signal-event. For instance
db proxypass set pp ProxyPass Description test HTTP yes HTTPS yes Target http://192.168.122.1/proxypasstest signal-event nethserver-httpd-update
#4 Updated by Davide Principi over 5 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-httpd-2.5.2-1.2.g9434157.ns6.noarch.rpm
#5 Updated by Giacomo Sanchietti over 5 years ago
- Assignee set to Giacomo Sanchietti
#6 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
- The proxy pass record has been imported and the configuration applied
Test case 2
Tested all the following scenarios:
exchange=ProxyPass Description=exchange HTTP=yes HTTPS=yes Target=http://192.168.5.246/exchange pp=ProxyPass Description=test HTTP=yes HTTPS=yes Target=https://nethservice.nethesis.it/webmail pp2=ProxyPass Description=test HTTP=yes HTTPS=no Target=http://nethsecurity.nethesis.it/ pp3=ProxyPass Description=test HTTP=no HTTPS=yes Target=http://nethsecurity.nethesis.it/ pp4=ProxyPass Description=test HTTP=no HTTPS=yes Target=https://nethsecurity.nethesis.it/
Please note that if you're forwarding to a server with https, the server must have a valid certificate.
#7 Updated by Giacomo Sanchietti over 5 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-httpd-2.5.3-1.ns6.noarch.rpm
- nethserver-httpd-2.5.3-1.16.gb2b7698.ns7.noarch.rpm
#8 Updated by Giacomo Sanchietti over 5 years ago
Documentation: http://docs.nethserver.org/en/latest/proxy_pass.html