Category Archives: How-to

Simple Apache reverse proxy example

Tags :

Category : How-to

Get Social!

Background

Apache can be used as a reverse proxy to relay HTTP/ HTTPS requests to other machines. This is common practice and comes with two main benefits:

  • Security – Your Apache instance can be put in a DMZ and exposed to the world while the web servers can sit behind it with no access to the outside world.
  • Reduce load – You can reduce the load on the web servers with various methods such as web caching at the proxy, load balancing and deflecting traffic for invalid requests.

The interesting stuff – ProxyPass

To set up Apache as a reverse proxy server you will need to enable mod_proxy. Some other common mods you may need are below.

  • mod_proxy
  • mod_http
  • mod_headers
  • mod_html

To enable mods in Ubuntu/ Debian you need to make sure they are installed, then enabled. For example, installing and enabling mod_proxy would look like this:

apt-get install libapache2-mod-proxy-html a2enmod mod_proxy

Once these mods are enabled, we can begin editing the Apache config. The locations of these vary depending on your Linux distribution. For RHEL based distributions, this will be your httpd.conf; for Debian based, sites-available/default.

Inside your VirtualHost tag create a Location tag which matches the external path you wish to use. For this example we will use /.

<Location />
    # commands go here
</Location>

Inside the Location tag add the proxy options ProxyPass and ProxyPassReverse followed by the site address which will be the target of the proxy. You will also need a couple of lines to allow access.

    ProxyPass http://mywebsite.jamescoyle.net/
    ProxyPassReverse http://mywebsite.jamescoyle.net/
    Order allow,deny
    Allow from all

Outside of the location tags, towards the top of the virtual host add a few extras:

    ProxyHTMLStripComments on
    ProxyRequests off
    SetOutputFilter proxy-html
    ProxyHTMLDoctype XHTML

If you will be proxying SSL traffic, you will also need to add:

    SSLProxyEngine on

Restart apache or reload the settings for the changes to take effect:

    service apache2 reload

You will now have a working proxy – all requests sent to / will be fetched from http://mywebsite.jamescoyle.net.

Example Apache reverse proxy VirtualHost

The below example shows an Apache VirtualHost which is listening on port 80. The confiiguration accepts requests on which match the www.jamescoyle.net hostname and proxys the requests to the backend server mywebsite.jamescoyle.net.

<VirtualHost *:80>
    ServerAdmin [email protected]
    ProxyRequests off
    DocumentRoot /var/www
    SSLProxyEngine on
    ProxyPreserveHost On

    ServerName www.jamescoyle.net

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel error

    <Location />
        ProxyPass http://mywebsite.jamescoyle.net/
        ProxyPassReverse http://mywebsite.jamescoyle.net/
        Order allow,deny
        Allow from all
    </Location>

</VirtualHost>

Apache 2 catch all virtualhost

Tags :

Category : How-to

Get Social!

Background

Apache VirtualHosts are something of a must for running multiple sites with different web address, all under the same physical server. Using VirtualHost tags you can easily direct traffic for www.domain1.com to one location, and www.domain2.com to another even when both domains point to the same IP address.

I am not going to detail VirtualHost directives here, however I will tell you about the recent issue I had with subdomains and this very blog. A long time ago I had a subdomain redirect.jamescoyle.net which is no longer in use. At the time, Google got hold of this and kindly indexed it for search. The trouble was that redirect.jamescoyle.net points to the same IP address as www.jamescoyle.net even though it is no longer in use. Apache used to be set up to handle the two sub-domains differently but the VirtualHost entry for redirect has since been removed. This means that Google now has an index of this blog on both www.jamescoyle.net and redirect.jamescoyle.net – not ideal to say the least.

What I needed was something which took users of www.jamescoyle.net to this blog, and redirect all other sub-domains to it. After trying numerous directives and ServerName/ ServerAlias options I stumbled upon the answer.

The Interesting Stuff

Apache will respect any ServerName or ServerAlias option until a domain is used which doesn’t match any VirtualHost. When this happens, the very first VirtualHost for that port (usually port 80 for http) is used as a ‘catch all’.

For RHEL based flavours of Linux, it would make sense to add the ‘catch all’ as the first VirtualHost entry in httpd.conf. For Debian based distributions, the default and default-ssl would be the place as these files have a symlink starting with 000 meaning it will likely be loaded first.

To illustrate the resulting configuration, see the below (albeit simplified) files in sites-available/

NameVirtualHost *:80 
<VirtualHost *:80>
 DocumentRoot /var/www
 Redirect permanent / http://www.jamescoyle.net/ 
</VirtualHost>
<VirtualHost *:80>
 ServerName www.jamescoyle.net
 DocumentRoot /var/www
 <Directory /var/www/>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride None
 Order allow,deny
 allow from all
 </Directory>
</VirtualHost>

All requests for www.jamescoyle.net will be managed by the second entry and all other domains will be managed by the first and redirected to www.jamescoyle.net. Give it a go: abcdefg.jamescoyle.net

Install Proxmox

Tags :

Category : How-to

Get Social!

What is Proxmox?proxmox logo grad

Proxmox is a hypervisor which can host hardware virtualized virtual machines as well as OpenVZ containers. See the OpenVZ wiki for more information on containers and how they differ to the hardware virtualisation environments.

Compare Proxmox against other Hypervisors: http://www.proxmox.com/products/proxmox-ve/comparison

System Requirements

Recommended

  • Dual or Quad Socket Server (Quad/Six/Hexa Core CPUs)
  • CPU: 64bit (Intel EMT64 or AMD64)
  • Intel VT/AMD-V capable CPU/Mainboard (for KVM Full Virtualization support)
  • 8 GB RAM is good, more is better (grab as much as possible)
  • Hardware RAID with batteries protected write cache (BBU) or flash protection
  • Fast hard drives, best results with 15k rpm SAS, Raid10
  • Two Gbit NIC (for bonding), additional NIC´s depending on the preferred storage technology and cluster setup
  • Fencing hardware (only needed for HA)

Minimum (for testing)

  • CPU: 64bit (Intel EMT64 or AMD64)
  • Intel VT/AMD-V capable CPU/Mainboard (for KVM Full Virtualization support)
  • Minimum 1 GB RAM
  • Hard drive 10 GB
  • One NIC

Download Proxmox

Use the below URL to find and download the latest version of Proxmox ISO. You will then need to burn the ISO to a blank CD or DVD.

http://www.proxmox.com/downloads/category/iso-images-pve

Install Proxmox

Make sure the CD Rom is in the CD tray and turn on your computer. You must have the CD Rom as one of the first bootable devices which can be set in your BIOS.

When the installation CD loads, you will be presented with the below screen. Press Return to begin loading the installer.

The next screen is the License Agreement. Click on Accept to continue.

If you only have one hard disk in your machine, simply click Next at the below screen.

If you have more than one disk, select the disk to install Proxmox to and click Next.

Enter your Country which should set your Time zone and Keyboard layout to match. Then click Next.

Enter a Password for the root account and E-Mail. Then click Next.

Enter the Hostname (FQDN) for the proxmox server as well as the IP AddressNetmaskGateway and DNS Server. If you have DHCP on your network, these settings will be filled in with values from the DHCP server.

Click Next to begin installing Proxmox.

When the install completes, click Reboot to restart your machine and complete your Proxmox install.

When your server has rebooted you will be sent to the login screen. Here you can use the account root and the password you entered during the installation.

Congratulations – your Proxmox server is ready to use. You can access the web interface using the IP address you entered during the installation, https and port 8006.

Example: https://10.10.10.200:8006/

 

Login to Proxmox web GUI

Tags :

Category : How-to

Get Social!

You can access the Proxmox web GUI from a web browser using the https protocol, your Proxmox server IP or hostname and the default port 8006 (https://[proxmox-server-ip]:8006).

Example: https://10.10.10.200:8006

If you are not sure of your Proxmox server IP, you can view the screen of your host server shortly after boot where your IP will be displayed.

Enter root as the User name and the Password which you entered during the install.

 

Add test repository to Proxmox

Tags :

Category : How-to

Get Social!

Proxmox has a test repository (repo) which can be used to deliver the latest software and updates using apt-get or aptitude.

This repo contains test software which the Proxmox dev team are currently working on and as such may contain bugs, be feature incomplete or contain security vulnerabilities. This is not recommended for production Proxmox servers and should be kept to your development/ test servers.

Login to your Proxmox console as root either using the web GUI console or directly via ssh.

Using vi, edit the apt sources file

vi /etc/apt/sources.list

Find the line which contains deb http://download.proxmox.com/debian squeeze pve and append pvetest so that it looks like the below image.

 

Run the following command to update apt-get with the latest repository

aptitude update

And finally to upgrade your system to the latest test version, run the upgrade command and type y.

aptitude upgrade

To remove the pvetest repository, simply edit the /etc/apt/sources.list file and remove the pvetest repo which you just added. Then run aptitude update.

Setup Active Directory Authentication in Proxmox 2

Tags :

Category : How-to

Get Social!

Proxmox 2 makes setting up AD authentication simple if you have the AD server names. AD only provides the authentication and does not import or automatically create each user. You will still need to add each user to Proxmox before they can login.

Click on the Datacenter folder on the left hand side and click Authentication. Click Add and then Active Directory Server.

Enter the following details into the Add: Active Directory Server dialogue box and click Add.

  • Realm: the name to use for this authentication server.
  • Domain: AD domain name which holds the users which will be used for authentication.
  • Comment: optional attribute – note this will show up on the main login dialogue box.
  • Default: tick to make this the default authentication method.
  • Server: AD server IP or hostname
  • Fallback Server: secondary AD server IP or hostname
  • Port: keep as Default unless your AD server port has changed.
  • SSL: keep unticked unless you require SSL communication to the AD server.

Click the Groups tab and then Create to create a new group on your proxmox server for your AD users. Enter a Name for this group and click Create.

Click the Permissions tab, then click Add and Group Permission.

Enter the settings as per below and click Add.

  • Path: the path on the server tree which this group can access. ‘/’ is the top of the hierarchy and can therefore access the full server.
  • Group: the group you created in the previous step.
  • Role: the role, or access level users of this group will have.
  • Propagate: use these permissions for any child objects.

You can now Logout and log back in as an Active Directory user. Make sure your Realm is set to the Realm you created in the first steps of this tutorial.

If you need to log back in without AD, set your login Realm to Linux PAM standard authentication.

« Previous Page

Visit our advertisers

Search

Quick Poll

How often do you change the password for the computer(s) you use?
Results

Recent Posts

Visit our advertisers

Site Links
Blog
Rated Sites

JamesCoyle.net Limited