Help me understand how to use ProxyPass
UPDATE: I added a revised question after playing around with it two answers below.
Hi there,
If you're reading this you're probably familiar with Apache's mod_proxy and its ProxyPass function. Like many others, I have the issue of having an application that I can access from outside our internal network, but that application itself accesses other internal apps on different machines, and when you get into remote access with this setup, things go wonky.
So, my setup is very simple, I have:
Machine #1 has remote access enabled, I access it through a host name and it spits out the PHP application running on it.
Machine #2 is a new application running Django, it uses an entirely different backend (even auth), it is hosted on a seperate machine. In our intranet, we access it through a simple named hostname which basically links to the internal 192.168.0.101 ip.
I've tried playing with ProxyPass to set it up so for example, a pass to /new would send it to the new application:
ProxyPass /new http://192.168.0.101/
This kind of works, it gets the request to the other app, but it breaks because my Django app wants to redirect to /auth/login/, which it instantly does not recognize. If I modify the url myself to be foo.net/new/auth/login I get my login page, but as you can guess doing this throughout browsing is not convenient.
So how can I get ProxyPass to work as I want? Do I need to do something with Apache so it always writes /new before url's in the other app, or is this something I should modify within my Django app?
Any tips and pointers as well would be greatly appreciated. Thanks for your time
Solution 1:
You should modify your django application to expect to be at /new/auth/login instead of /auth/login. Generally your proxy passes should look like so:
ProxyPass /path http://192.168.0.101/path
ProxyPassReverse /path http://192.168.0.101/path
That combined with your Django app expecting to be at /new/ should fix your issues.
Solution 2:
Use a VirtualHost. For example, set the A name of your server (e.g. sub.external.com) to your server IP (e.g. 123.456.678)
Due to security, you need to explicitly forward HTTP_HOST if using ProxyPass in settings.py, per Ticket #6880:
USE_X_FORWARDED_HOST = True
Then add the following to Apache /etc/httpd/httpd.conf:
# Virtual hosts
Include /etc/httpd/extra/httpd-vhosts.conf
Add your VirtualHost to /etc/httpd/extra/httpd-vhosts.conf:
NameVirtualHosts *:80
<VirtualHost *:80>
ServerName sub.external.com
ProxyPass / http://127.0.0.1:8000/
</VirtualHost>
Now, you'll be able to access your site from http://sub.external.com without having to worry about "paths"
Solution 3:
Thanks for your responses, I'm answering my own question as it needs some revisions after playing with this.
First off, App#2 runs off http://192.168.0.101 .. it does not run off http://192.168.0.101/path so that ProxyPass wont quite work
So after talking with some #apache guys from irc, I found that I need to do something like this:
RewriteCond %{HTTP_HOST} ^app2.myremotedns.com*
RewriteRule .* http://192.168.0.101/ [P]
What this does is send a rewrite rule for any requests to app2.myremotedns.com to be sent to the internal ip via proxy.
This works somewhat but has three issues:
-
With login required on all the pages, If I access anything remotely on app2, it redirects to /auth/login .. however, due to the current Rewrite setup, I get a redirect loop before Firefox just stops trying the path. I guess this might have something to do with Django's redirect methods but I'm not quite sure.
-
If I disable login, the pages kind of work, but not fully. I seem to be able to fetch the index page of App#2 but nothing else really
-
Static media is all broken, but this is probably a simple fix .. not worried about it right now.
So, I have a more complex issue then I imagined... :)