web 101

James McDonald james
Tue Jun 13 22:14:32 PDT 2006 

> Roger Oberholtzer wrote:
>> I am setting up a bugzilla on an internal server. I want to access it
>> from an external machine. I can open a port between the outside and this
>> machine. My question is: what is the current smartest way to connect
>> this external port to the internal one? In the past, I used an httpd
>> proxy. That seems a bit dated. The external client is always unknown.
> Well, that will depend on what you're using at the gateway. If you're
> using linux, you problably want to setup DNAT to forward all traffic on
> the external port (80, 443 or whatever you want) from your public IP to
> the IP/port of your internal server.
>
> If you're using apache, make sure you disable UseCanonicalName in
> httpd.conf or you'll external clients might get redirected to the
> internal hostname/port (which, of course, won't be accessible from the
> outside).
>>  It is, of course, important that the connection will only connect to a
>> single specific internal port. Any passwords would be those maintained
>> by Bugzilla. Perhaps this should be an https connection?
>>
> Yes, I'd definitely recommend HTTPS. At least for external access.
>

I use apache reverse proxy on the firewall if it's Linux this is the
config for my https virtual host

<VirtualHost *:443>
	ServerName yourserver.domain.com
	ProxyPreserveHost On
	UseCanonicalName        Off
	SSLEngine on
	SSLProxyEngine on
	SSLVerifyClient none
	SSLCertificateFile conf/ssl.crt
	SSLVerifyDepth 10
	SSLCertificateKeyFile conf/ssl.key
	RewriteEngine  On
	ProxyRequests Off
	ProxyVia On
	RewriteRule     ^(.*)?/iisadmin/? - [F]
	RewriteRule     ^(.*)?/samples/? - [F]
	RewriteRule     ^(.*)?/scripts/? - [F]
	RewriteRule     ^(.*).ida$ - [F]
	RewriteRule     ^(.*).htw$ - [F]
	RewriteRule     ^(.*)./_vti/_. - [F]
	RewriteRule     ^(.*).idq$ - [F]
	RewriteRule     ^(.*).exe$      -       [F]
	RewriteRule     ^(.*)?/winnt/?    -       [F]
        ProxyPass /exchange/ https://internal.bugzilla.local/exchange/
	ProxyPassReverse /exchange/ https://internal.bugzilla.local/exchange/
       ProxyPass /public/ https://internal.bugzilla.local/public/
       ProxyPassReverse /public/ https://internal.bugzilla.local/public/
</VirtualHost>


-- 
James McDonald
Telarah NSW Australia

More information about the Linux-users mailing list