Forum
ReverseProxy for all content
Heiko
24 June 2013, 19:57
Hallo Hugo,
Szenario: Hiawatha should be frontend with ReverseProxy for the full content. Maybe caching.
Behind are some other webservers. In the test is one Hiawatha frontend and a second is backend for the content.
The first Hiawatha has Firetable with outgoing ip.
The config is:
But I get only get 503.
Should ^/.* or ^.* not send all incl. index.[html|php] to the backend[1..2].net ?
Whats wrong in my thinking. Did I forget anything?
Thanks for your Help.
Hiawatha version: 9.2
Operating System: Debian Wheezy
Szenario: Hiawatha should be frontend with ReverseProxy for the full content. Maybe caching.
Behind are some other webservers. In the test is one Hiawatha frontend and a second is backend for the content.
The first Hiawatha has Firetable with outgoing ip.
The config is:
VirtualHost {
Hostname = frontend1.net
WebsiteRoot = /var/www/hiawatha1
ReverseProxy ^/.* http://backend2.net/
}
VirtualHost {
Hostname = frontend2.net
WebsiteRoot = /var/www/hiawatha2
ReverseProxy ^.* http://backend2.net/
}
But I get only get 503.
Should ^/.* or ^.* not send all incl. index.[html|php] to the backend[1..2].net ?
Whats wrong in my thinking. Did I forget anything?
Thanks for your Help.
Hiawatha version: 9.2
Operating System: Debian Wheezy
Hugo Leisink
24 June 2013, 20:43
Have you tested the backends? Can the 503 because of a non-available FastCGI PHP server? At the frontend, does backend[12].net resolve to the right IP address?
Martijn
24 June 2013, 21:17
What happens when you use the ip of backend[12] instead of hostname?
Another thing to check. Does de backend webserver have hostnames set as a host / virtualhost?
Taken from the manpage:
When <hostname> is an IP address, the value of the Host HTTP header is unchanged. Otherwise, it is replaced with the value of <hostname>
Is it possible to check http://backend[12].net via the browser? If so does that work?
Another thing to check. Does de backend webserver have hostnames set as a host / virtualhost?
Taken from the manpage:
When <hostname> is an IP address, the value of the Host HTTP header is unchanged. Otherwise, it is replaced with the value of <hostname>
Is it possible to check http://backend[12].net via the browser? If so does that work?
Heiko
24 June 2013, 21:51
1. yes backends are available from web (http:...)
2. there was no PHP in hiawatha.conf active
3. dns-resolv ok, ping was 100% lost. I looks like being baned from FreeBSD pf.conf <brutforce>
--> changing ReverseProxy ^.* http://backend2.net/ to ReverseProxy ^.* http://www.google.de/ was successful in the test
@Martijn IP should work too, later it will an IP 10.0.0.0/8 on eth1 this constellation was only for test.
Problem solved.
Question. will hiawatha protect the backends with dos-detection and ip-ban, with sql-inject-detect and the full programm before it
sends the requests to the backend IPs? I think Hiawtha will, the question is only for being sure. Thanks to Hugo and Martijn.
2. there was no PHP in hiawatha.conf active
3. dns-resolv ok, ping was 100% lost. I looks like being baned from FreeBSD pf.conf <brutforce>
--> changing ReverseProxy ^.* http://backend2.net/ to ReverseProxy ^.* http://www.google.de/ was successful in the test
@Martijn IP should work too, later it will an IP 10.0.0.0/8 on eth1 this constellation was only for test.
Problem solved.
Question. will hiawatha protect the backends with dos-detection and ip-ban, with sql-inject-detect and the full programm before it
sends the requests to the backend IPs? I think Hiawtha will, the question is only for being sure. Thanks to Hugo and Martijn.
Heiko
24 June 2013, 22:21
Flushing <brutforce> in pf soleved problem to backend2 too.
Hugo Leisink
24 June 2013, 22:38
The SQL injecfion and DoS protection also works for the reverse proxy.
Heiko
24 June 2013, 22:53
Thats great. 
Thank you.
Thank you.This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
