A simple Apache reverse proxy
You can customize a Xen image with httpd and the mod_proxy_html module to provide a simple reverse proxy. mod_proxy_html parses proxied pages in order to correct non-relative URLs to be relative to the proxy server’s URL scheme.
Here is what you need:
- yum install httpd to get Apache.
- yum install httpd-devel to get the apxs tool.
- yum install mod_ssl to get SSL support.
- yum install libxml2-devel to get libxml2 which is used by mod_proxy_html to parse documents.
- Get mod_proxy_html.c from http://apache.webthing.com/mod_proxy_html/
- Run apxs -c -I/usr/include/libxml2 -i mod_proxy_html.c to build and install the module.
Now you have everything you need to run a reverse proxy. Edit /etc/httpd/conf/httpd.conf and add:
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
to load the module and libxml2.
Finally, add <Location> directives and the required configuration for proxying. Here is an example:
ProxyRequests off
ProxyPass /inside/ http://inside.somewhere.org/
ProxyHTMLURLMap http://inside.somewhere.org/ /inside
RewriteEngine On
SSLProxyEngine on
<Location /inside/>
SSLRequireSSL
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /inside/
ProxyHTMLURLMap /inside /inside
RequestHeader unset Accept-Encoding
AuthName “Inside Somewhere”
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://xxx.xxx.xxx.xxx:389/o=people
AuthzLDAPAuthoritative off
require valid-user
</Location>
This configuration does several things. The internal site http://inside.somewhere.org is made available on this server at https://this.server.name/inside/. https is made to be required to access the site, as is authentication against an LDAP directory. In order for the SSLProxyEngine directive to work, this entire configuration must be nested within a <VirtualHost>. I simply add it to the default SSL virtual host in /etc/httpd/conf.d/ssl.conf.