How to set up a reverse proxy using Apache 2.0.x and have it rewrite urls.
This is particularly useful if you’re using an Identity server internally and want to be able to access the server externally. You can set up an Apache reverse proxy server in your DMZ and allow it to do so. If you use Identity Server 6.3 or higher, you will not need to do this.
The sole purpose for this article is because we needed a workaround for a customer due to a problem with the older version of Identity server where for the logout button uses an absolute url rather than a relative url and it causes the link to be inaccessible.
Because the customer was doing this on Linux, the instructions here will be for Linux and will differ from what you would do in Solaris. If you wanted to do this in Solaris, you would need either more sources or you could install the binaries from http://www.blastwave.org or http://www.sunfreeware.org.
To start with, you will need Apache 2.0.x installed. You can verify this with:
rpm -qav | grep httpd
or
rpm -qav | grep apache (depending on which Linux distribution you have)
My output shows I have httpd-2.0.52-3.1 installed.
You will want to check to see that your Apache installation also includes the mod_proxy modules. You can check this with:
rpm -qil httpd
My output shows:
/usr/lib/httpd/modules/mod_proxy.so
/usr/lib/httpd/modules/mod_proxy_connect.so
/usr/lib/httpd/modules/mod_proxy_ftp.so
/usr/lib/httpd/modules/mod_proxy_http.so
Redhat Linux and Trustix Secure Linux both have these by default. I obviously can’t speak for all the other Linux distributions out there. If you don’t have these, you don’t want to continue. You will probably want to either find an rpm that has these or go and download the source and compile Apache with them.
Now, here comes the fun stuff. You will need to compile a new module – mod_proxy_html. You can download the module from: http://apache.webthing.com/mod_proxy_html/
You may want to follow this as a guide: http://www.apacheweek.com/features/reverseproxies
There are a few dependencies you will need to compile this module. For instance, you will definitely need a compiler and some libraries. Here’s a small list that I have installed on my box. You may need more.
gcc
httpd-devel-2.0.52-3.1
libxml2-2.6.16-3.i386.rpm
libxml2-devel-2.6.16-3.i386.rpm
zlib-devel-1.2.1.2-1.i386.rpm
To compile the module, run:
apxs -c -I/usr/include/libxml2 -i mod_proxy_html.c
After doing this, you should find the module located where your apache modules are stored like:
ls -l /usr/lib/httpd/modules/mod_proxy_html.so
-rwxr-xr-x 1 root root 59627 Apr 8 18:02 /usr/lib/httpd/modules/mod_proxy_html.so
Congratulations! You now have the module installed. You now have to configure it.
In my case, the apache configuration file is located in /etc/httpd/conf/httpd.conf
Here, I add where the modules are:
———————————————————————————————–
LoadFile /usr/lib/libxml2.so.2
LoadModule proxy_html_module modules/mod_proxy_html.so
———————————————————————————————–
Then, later in the file:
———————————————————————————————–
ProxyHTMLLogVerbose On
LogLevel Debug
ProxyRequests off
ProxyPass /amserver http://sapphire.atac.ebay.sun.com/amserver
ProxyPassReverse /amserver http://sapphire.atac.ebay.sun.com/amserver
ProxyPass /amconsole http://sapphire.atac.ebay.sun.com/amserver
ProxyPassReverse /amconsole http://sapphire.atac.ebay.sun.com/amserver
SetOutputFilter proxy-html
ProxyHTMLURLMap http://sapphire.atac.ebay.sun.com http://megatron.atac.ebay.sun.com i
———————————————————————————————–
What I’m doing here is rewrite the url for any requests that go into amconsole or amserver to go and grab the data from the sapphire machine. Any urls that are within the pages that point to sapphire will be rewritten as megatron.
All you have to do now is restart apache.
/usr/sbin/apachectl restart
That’s it! You now should be able to access http://megatron.atac.ebay.sun.com/amserver or
http://megatron.atac.ebay.sun.com/amconsole and get the same login screen and be able to navigate the entire Identity Server or whatever else you put behind the proxy.
For issues, be sure to look at your Apache access and error logs and you can visit the following links:
http://apache.webthing.com/mod_proxy_html/
http://www.apacheweek.com/features/reverseproxies
List of command line commands to access POP3 and IMAP4. POP3 Start, Run, type ‘cmd’, Select ‘ok’. Telnet IMAP4 Start, Run, type ‘cmd’, Select ‘ok’. Telnet How to compile rpm from src.rpm 1) download src.rpm 2) rpm -ivh file.src.rpm 3) cd /usr/src/ 4) rpmbuild -bb file.spec new rpm should be in /usr/src/distro/rpms/… other RPM commands: rpm -ivh file.rpm (install) rpm -Uvh file.rpm (upgrade) rpm -qav (list rpms installed) rpm -qil (list files in an installed rpm) rpm -qilp file.rpm (list files that are included in the rpm) rpm -qf /path/to/somefile (find rpm that installed the file) rpm -qav | grep name (look to see if some rpm is installed) taken from: http://www.rpatrick.com/tech/makecert/ Following is a quick listing of the commands you need to use when setting up an SSL key for Apache that doesn’t require a passphrase to be entered during normal operations, and includes a self-signed certificate so you needn’t bother with cert requests and CAs. The sequence of events is to create a 3DES key, remove the passphrase, and then generate a self-signed certificate. The following commands are to be entered via the command line, with each openssl statement requiring interactive input. Performed on Red Hat Linux, these instructions ought to also work on other flavors of Unix with OpenSSL and Apache installed. openssl genrsa -des3 -out pass.key 1024 cp server.key /etc/httpd/conf/ssl.key/ apachectl restart Verifying that Apache has the correct SSL directives and is using the correct key and certificate created above is left as an exercise for the webmaster. If your system has a Makefile or symlink in the Apache conf directory, you can opt to pursue an earlier method to this madness using the below steps (provided here only for completeness): cd /etc/httpd/conf Optionally, if you need a server.pem file for a given application, such as courier-imapd, use the following to create the .pem file from the previously created certificate and key: cat server.key server.crt >server.pem Using the above method you can enjoy the encryption protection provided by SSL without having to pay a commercial vendor to sign your server keys. If you don’t like the popup presented by some applications (e.g. web browsers) about an untrusted certificate, simply follow the process provided by your application to import or install the certificate, at which point you will no longer have to deal with future dialog boxes regarding an untrusted site. You’ll want to download xinetd from here: https://github.com/xinetd-org/xinetd Just my notes from an old version: Here is how I’ve gotten a couple of cdroms / usb memory sticks / hard drives to work. 1) modprobe usb-ohci 2) modprobe usb-storage 3) tail /var/log/messages 4) Now that we know that it’s sdb1, That’s it. Your files should be in /mnt/usb. To check, just run ls /mnt/usb In a case that you don’t have /dev/sdb1 there, which is what happened to me once with a Dell CDrom, I had to mknod the device. date hostname kernel: sr0: scsi3-mmc drive: 10x/10x cd/rw ….. Unfortunately, if you type: “mount /dev/sr0 /mnt/mountpoint”, it will say: With that, /dev/sr0 existed and hence I was able to run: or, I could run: That’s it!List of command line commands to access POP3 and IMAP4.
Type:
Set local_echo : This is so you can see what you type.
Open London 110 : London can be replaced with the ip address of the Exchange server.
User administrator : Administrator is the user account.
Pass password : password is the password of the user.
Stat : gives you the number of messages and total size of your mailbox.
List : Lists each message number and gives you its size.
Retr message number : message number is the number of the individual message, the message will be displayed.
Dele message number : message will be deleted from your mailbox.
Quit : end of session.
Type:
Set local_echo : This is so you can see what you type.
Open London 143 : London can be replaced with the ip address of the Exchange server.
0000 login administrator password : login with username and password.
0001 select “inbox” : select the folder you want to view.
0002 fetch 1 all : retrieves the first message header information.
0003 logout : logout.RPM commands
Apache SSL Self-Signed Certificates Without Passphrase
openssl rsa -in pass.key -out server.key
openssl req -new -key server.key -x509 -out server.crt -days 999
cp server.crt /etc/httpd/conf/ssl.crt/
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
chmod go-rwx /etc/httpd/conf/ssl.key/server.key
make testcertcompiling xinetd on Solaris 8
./configure
make
make install perl /usr/local/sbin/xconv.pl < /etc/inetd.conf > /tmp/xinetd.conf then modify your /etc/rc2.d/S72inetsvc
/usr/sbin/inetd -s &
to
/usr/local/sbin/xinetd& mv /tmp/xinetd.conf /etc/xinetd.conf
then make appropriate changes in /etc/xinetd.conf service ftp
{
socket_type = stream
wait = no
protocol = tcp
user = root
server = /usr/local/sbin/in.proftpd
bind = 192.168.0.3
}
service telnet
{
flags = NAMEINARGS
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
server_args = in.telnetd
}How to get USB devices to work in Linux or the ESX console
Or
modprobe usb-uhci
(one of them should work, one may fail)
Or
dmesg
and you should see something like this:
Feb 8 14:50:56 supp15 kernel: Initializing USB Mass Storage driver…
Feb 8 14:50:56 supp15 kernel: usb.c: registered new driver usb-storage
Feb 8 14:50:56 supp15 kernel: scsi1 : SCSI emulation for USB Mass Storage devices
Feb 8 14:50:56 supp15 kernel: Vendor: SanDisk Model: Cruzer Mini Rev: 0.4
Feb 8 14:50:56 supp15 kernel: Type: Direct-Access ANSI SCSI revision: 02
Feb 8 14:50:56 supp15 kernel: VMWARE SCSI Id: Supported VPD pages for sdb : 0x1f 0x0
Feb 8 14:50:56 supp15 kernel: VMWARE SCSI Id: Could not get disk id for sdb
Feb 8 14:50:56 supp15 kernel: :VMWARE: Unique Device attached as scsi disk sdb at scsi1, channel 0, id 0, lun 0
Feb 8 14:50:56 supp15 kernel: Attached scsi removable disk sdb at scsi1, channel 0, id 0, lun 0
Feb 8 14:50:56 supp15 kernel: scsi_register_host starting finish
Feb 8 14:50:56 supp15 kernel: SCSI device sdb: 2001888 512-byte hdwr sectors (976 MB)
Feb 8 14:50:56 supp15 kernel: sdb: Write Protect is off
Feb 8 14:50:56 supp15 kernel: sdb: sdb1 Feb 8 14:50:56 supp15 kernel: scsi_register_host done with finish
Feb 8 14:50:56 supp15 kernel: USB Mass Storage support registered.
Create the mountpoint directory:
mkdir /mnt/usb
Mount the device:
mount /dev/sdb1 /mnt/usb
After plugging the usb cdrom into the machine, /var/log/messages showed:
“mount: special device /dev/sr0 does not exist” and that doesn’t do us any good. So what I did after that was:
cd /dev
mknod sr0 b 11 0
mount /dev/sr0 /mnt/mountpoint
ln -s /dev/sr0 /dev/cdrom
and run:
mount /dev/cdrom /mnt/mountpoint