Proxy: Creating a proxy with Apache
Introduction
With Apache’s mod_proxy, there are several use cases. I will propose two scenarios here.
Scenario 1
Here’s the situation! I’m in a computer school where (like in many schools) only port 80 is open, and the class isn’t always interesting.
So what can you do to access your SSH server, play World of Warcraft, or download heavily from eMule?
Well, Uncle Tom has a super pattern for you who wants to break the laws: the APACHE MOD_PROXY PLATINUM EDITION!
Here we’re working on Debian, but the configuration is essentially the same on other systems as long as you’re using Apache2’s mod_proxy.
Scenario 2
In this scenario, I want to redirect incoming traffic on my standard port (80) to an application (on the same machine or not) using URL rewriting. The advantage is that with mod_proxy, there’s no need to use RewriteEngine & Co! The proxy module can handle most of the rewriting, especially hiding the port number (useful for applications running on Tomcat).
Installation
|
|
Then activate modules:
|
|
And restart Apache.
Configuration
Scenario 1
Debian
First, we’ll configure the mod_proxy in question.
Here’s my detailed /etc/apache2/mods-available/proxy.conf
file:
|
|
Next, we create the “htpasswd” file (e.g., for the user toto)
|
|
Now we just need to load the modules
|
|
Then restart Apache2
|
|
OpenBSD
With OpenBSD, no specific installation is needed since Apache is installed by default. Just add this to the configuration:
|
|
Then restart the service:
|
|
Obviously, this allows everyone access, so make sure to add some security.
Personally, my Apache is bound to a port that only the local network and people connected via VPN can access.
PuTTY: Tunneling SSH
So now we have a nice proxy, but how to make the most of it?
We’ll use PuTTY to simplify things, as it’s one of the few cross-platform SSH clients that offers all the functions we need: Tunneling + HTTP Proxy.
The principle is as follows:
- Establish an SSH connection on port 22
- Go through this proxy server which authorizes connections on port 22
- Using SSH, we establish encrypted local tunnels that redirect to different services
- We access the services on localhost through the tunnels
Here’s how I configure my PuTTY client to play World of Warcraft:
{Session Menu}
- Host Name:
- Port: 22
{Proxy Menu}
- Proxy type: HTTP
- Proxy hostname:
- Port: 80
- Username:
- Password:
{SSH / Tunnels Menu}
- Local Ports accept connections from other hosts: ON
- Source port:
(ex. 3724) - Destination: <ip:port of the service you want to forward> (ex. eu.logon.worldofwarcraft.com:3724)
Click on “add” to add others e.g., 5900:vnc; 143:imap; 25:smtp (for WoW, don’t forget this one)
Source port: "6112"
Destination: "80.239.185.41:6112"
That’s good! For World of Warcraft, all that’s left is to modify the “realmlist.wtf” file and put:
set realmlist localhost
As a famous philosopher would say: “And the show begins!”
Scenario 2
Here I’ll use the example of a “myapp” tool running on Tomcat, port 8080. First, I need to tell Tomcat that it will be “proxified,” and then I need to set up the proxy part on Apache.
Tomcat
On the server side, you’ll need to modify the connector for the application in question to add the proxy parameters:
|
|
We’re telling Tomcat that our site will be accessible from myapp.mycompany.lan on port 80. You can restart your Tomcat now.
Apache
We’ll activate the proxy module:
|
|
Then configure it for our site. We’ll use a VirtualHost for our application:
|
|
The ProxyPass part tells where to redirect the proxy. Here the Apache proxy and Tomcat are running on the same machine, which is why the URLs point to localhost.
All that’s left is to restart Apache, and your service that was originally available at this address: http://myapp.mycompany.lan:8080/ will be available at: http://myapp.mycompany.lan/
Resources
Last updated 29 Mar 2012, 07:16 CEST.