Sunday, November 16, 2014

apache 2.2 - VirtualServer reverseproxy works locally, but not from client

Setup: 2 Webservers pointed to 127.0.0.1:8080 and :8081. Curl validates they work as expected.
Apache with the following virt hosts:



NameVirtualHost 192.168.1.1:80



  ServerAdmin foo@bar.com
  ProxyPass             /       http://127.0.0.1:8080/
  ProxyPassReverse      /       http://127.0.0.1:8080/
  ServerName 192.168.1.1
  ServerAlias http://192.168.1.1


NameVirtualHost 192.168.1.2:80



  ServerAdmin foo@bar.com
  ProxyPass             /       http://127.0.0.1:8081/
  ProxyPassReverse      /       http://127.0.0.1:8081/
  ServerName 192.168.1.2
  ServerAlias http://192.168.1.2




On the server I can curl to the virtualhosts and receive appropriate responses. (curl 192.168.1.1 gives me the webservers response from localhost:8080, etc)



remote hosts cannot however connect to 192.168.1.1 or .2 at all. What am I missing?



Re: comments



Yes, the default directory Directive is still in place.



# Deny access to root file system


        Options None
        AllowOverride None
        Order Deny,Allow
        deny from all



No apache logs are generated when trying to reach 192.168.1.1 remotely. They do get generated when curl from local.



If I point the webservers to *:8080 and *:8081 instead of binding to localhost, I can access them from a remote host via 192.168.1.1 and 192.168.1.2 if i specify the 8080 and 8081 ports (both ports work on both IP's, which is what I'm trying to avoid with apache reverse proxy bind to 80 on each interface)




Edit2:



curl verbose output: (similar for second webserver, and for 127.0.0.1:portnum)



[user@host mingle_12_2_1]$ curl -v 192.168.1.1
* About to connect() to 192.168.1.1 port 80
*   Trying 192.168.1.1... connected
* Connected to 192.168.1.1 (192.168.1.1) port 80
> GET / HTTP/1.1

> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 192.168.1.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Tue, 16 Oct 2012 16:22:08 GMT
< Server: Jetty(6.1.19)
< Cache-Control: no-cache
< Location: http://192.168.1.1/install
< X-Runtime: 130

< Content-Type: text/html; charset=utf-8
< Content-Length: 94
< Connection: close
Closing connection #0
You are being redirected.


log from the request local



192.168.1.1 - - [16/Oct/2012:12:22:08 -0400] "GET / HTTP/1.1" 302 94



no apache access log or error log generated when requests from remote clients.



Edit3



curl and logs to both virtual hosts are literally identical, except for the IP address used. Working w/ security admins to get the locked down rules for more info. I appreciate you guys' time.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...