Feature #3363

Proxy pass support

Added by Giacomo Sanchietti over 3 years ago. Updated over 3 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-httpd
Target version:v6.7
Resolution: NEEDINFO:No

Description

Add proxy pass functionality to permit access to internal sites from the outside world.

Example:

I have a domain http://mydomain.com and I would like http://mydomain.com/extra to forward to the internal server.

In SME this is implemented using the db accounts, I'd rather prefer to move proxy pass configuration to a new db.

Reference: https://wiki.contribs.org/SME_Server:Documentation:ProxyPass

Content /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35ProxyPass

{
    use esmith::AccountsDB;
    my $db = esmith::AccountsDB->open_ro;
    return "" unless $db;
    foreach my $path ($db->get_all_by_prop(type => 'ProxyPass'))
    {
    my $key = $path->key;
    my $target = $path->prop('Target');
    unless (defined $target)
    {
        warn("No Target property specified for ProxyPath $key." .
        " Skipping...");
        next;
    }
    my $desc = $path->prop('Description');
    if (defined $desc)
    {
        $OUT .= "# ProxyPass: $key\n";
        $OUT .= "# Description: $desc\n";
    }
    $OUT .= "ProxyPass\t/$key\t$target\n";
    $OUT .= "ProxyPassReverse\t/$key\t$target\n";
    $OUT .= "<Location /$key>\n";

    my $proxyHTTP = $path->prop('HTTP') || "yes";
    my $proxyHTTPS = $path->prop('HTTPS') || "yes";

    if ( $proxyHTTP eq "no" )
    {
        $OUT .= "    SSLRequireSSL\n";
    }

    if ( $proxyHTTPS eq "no" )
    {
        $OUT .= '    SSLRequire (%{HTTPS} eq "NULL")' . "\n";
    }

    my $valid = $path->prop('ValidFrom');
    if (defined $valid)
    {
        # Convert from comma separated list to space separated
        $valid =~ s/,/ /g;
        # Make sure that /32 ValidFrom specs don't cause Apache problems.
        $valid =~ s:/255.255.255.255::g;
        $OUT .= "    order deny,allow\n";
        $OUT .= "    deny from all\n";
        $OUT .= "    allow from $valid\n";
    }
    $OUT .= "</Location>\n";
    }
}

Associated revisions

Revision a3d58c3b
Added by Davide Principi over 3 years ago

Create proxypass DB. Added migrate from ns8 action.

Revision 94341570
Added by Davide Principi over 3 years ago

proxypass.conf template

Imported from SME 8

Revision 0ca05b9f
Added by Giacomo Sanchietti over 3 years ago

ProxyPass: add SSLProxyEngine option. Refs #3363

Revision db7603ee
Added by Giacomo Sanchietti over 3 years ago

ProxyPass: add SSLProxyEngine option. Refs #3363

History

#1 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.7
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#3 Updated by Davide Principi over 3 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case 1

  • migrate a SME Server / NethService 8
  • proxy pass must be migrated into proxypass db

Test case 2

  • create a proxypass record and signal-event. For instance
    db proxypass set pp ProxyPass Description test HTTP yes HTTPS yes Target http://192.168.122.1/proxypasstest
    signal-event nethserver-httpd-update
    

#4 Updated by Davide Principi over 3 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-httpd-2.5.2-1.2.g9434157.ns6.noarch.rpm

#5 Updated by Giacomo Sanchietti over 3 years ago

  • Assignee set to Giacomo Sanchietti

#6 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90
Test case 1
  • The proxy pass record has been imported and the configuration applied

Test case 2
Tested all the following scenarios:

exchange=ProxyPass
    Description=exchange
    HTTP=yes
    HTTPS=yes
    Target=http://192.168.5.246/exchange
pp=ProxyPass
    Description=test
    HTTP=yes
    HTTPS=yes
    Target=https://nethservice.nethesis.it/webmail
pp2=ProxyPass
    Description=test
    HTTP=yes
    HTTPS=no
    Target=http://nethsecurity.nethesis.it/
pp3=ProxyPass
    Description=test
    HTTP=no
    HTTPS=yes
    Target=http://nethsecurity.nethesis.it/
pp4=ProxyPass
    Description=test
    HTTP=no
    HTTPS=yes
    Target=https://nethsecurity.nethesis.it/

Please note that if you're forwarding to a server with https, the server must have a valid certificate.

#7 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in 6.7 updates:
  • nethserver-httpd-2.5.3-1.ns6.noarch.rpm
Released in 7 updates:
  • nethserver-httpd-2.5.3-1.16.gb2b7698.ns7.noarch.rpm

Also available in: Atom PDF