Reverse proxy : Différence entre versions

Version du 16 mai 2012 à 22:41

voici comment configurer complétement un reverse proxy avec authentification a partir d'une base de donnée mysql.

installation des modules apache

RPM mod_auth_mysql-2.6.1-2.2

a compiler ou directement disponibles

1. proxy_connect_module
2. deflate_module
3. xml2enc_module
4. proxy_html_module

configuration des templates

pour charger les modules

mkdir --parent /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
vi  20_Load_modules_proxy

coller dedans

# added jpp mod reverse
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule deflate_module modules/mod_deflate.so
LoadFile /usr/lib/libxml2.so
#LoadModule xml2enc_module  modules/mod_xml2enc.so
LoadModule proxy_html_module modules/mod_proxy_html.so

#AddDefaultCharset Off
#xml2EncAlias iso-8859-1 FR fr fr_FR FR_fr
#xml2EncDefault iso-8859-1


ProxyHTMLLinks  a               href
ProxyHTMLLinks  area            href
ProxyHTMLLinks  link            href
ProxyHTMLLinks  img             src longdesc usemap
ProxyHTMLLinks  object          classid codebase data usemap
ProxyHTMLLinks  q               cite
ProxyHTMLLinks  blockquote      cite
ProxyHTMLLinks  ins             cite
ProxyHTMLLinks  del             cite
ProxyHTMLLinks  form            action
ProxyHTMLLinks  input           src usemap
ProxyHTMLLinks  head            profile
ProxyHTMLLinks  base            href
ProxyHTMLLinks  script          src for
ProxyHTMLLinks  iframe          src

ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \

               onmouseover onmousemove onmouseout onkeypress \
               onkeydown onkeyup onfocus onblur onload \
               onunload onsubmit onreset onselect onchange

pour le reverse

vi  99reverse_perso

coller dedans

#securisation
 ProxyRequests On
ProxyPreserveHost Off
#http://www.destination.com/
   ProxyPass /rrs/ http://www.destination.com/
   ProxyPassReverse /rrs/ http://www.destination.com/
#SetOutputFilter        INFLATE;DEFLATE
ProxyHTMLEnable On
ProxyHTMLExtended On
 ProxyHTMLURLMap url\(http://www.destination.com([^\)]*)\) url(http://www.monserveur.org/rrs$1) Rihe
   ProxyHTMLURLMap http://www.destination.com /rrs
   #ProxyRequests Off
   #SetOutputFilter proxy-html
    #ProxyHTMLURLMap  www.destination.com(.*) www.monserveur.org/rrs$2 [R]

Alias /rrs /home/e-smith/ibays/rrs/html/
<Location /rrs>
    #SSLRequireSSL

 ProxyPassReverse /
    #SetOutputFilter INFLATE;proxy-html;DEFLATE;
     #SetOutputFilter   INFLATE;DEFLATE
ProxyHTMLEnable On
ProxyHTMLExtended On
#SetOutputFilter proxy-html

ProxyHTMLURLMap url\(http://www.destination.com([^\)]*)\) url(http://www.monserveur.org/rrs$1) Rihe
ProxyHTMLURLMap  ^/ /rrs/ [R]
RequestHeader unset Accept-Encoding

   Options +Indexes
   AllowOverride None
   order deny,allow
   deny from all
   allow from all
   AuthName "Uniquement pour les membres AFC"
   AuthType Basic
       AuthMYSQLEnable on
       AuthMySQLHost localhost
       AuthMySQLUser authentifuser
       AuthMySQLPassword  7qpPd3Z7DJTAEpbr
       AuthMySQLDB afc_site
       AuthMySQLUserTable "pn_users,pn_group_membership"
       AuthMySQLNameField pn_uname
       AuthMySQLPasswordField  pn_pass
       AuthMySQLUserCondition  "pn_users.pn_uid = pn_group_membership.pn_uid and (pn_group_membership.pn_gid IN (2,3,4) )"
       AuthMySQLPwEncryption  md5
   Require valid-user
   Satisfy all
   AddType application/x-httpd-php .php .php3
   php_flag  magic_quotes_gpc  on
   php_flag  track_vars        on

#    ProxyPass /rrs http://www.destination.com
#    ProxyPassReverse /rrs http://www.destination.com

</Location>

petites modifications pour le charset

il se peut qu'en forçant le charset a iso-8859-1 votre manager ne soit plus affiché correctement. Il y a en effet un oubli de déclaration du charset dans deux templates, ce qui transforme ce petit monde en hyeroglyphes.

un template a modifier

ce template permet d'avoir la page central correctement

mkdir --parents /etc/e-smith/templates-custom/etc/e-smith/web/common/head.tmpl
touch 21Charset
echo '<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">' >21Charset

un script a modifier

bien qu'il ne soit as conseillé de modifier un script géré par un paquet ( perte en cas de mise a jour) voici comment avoir votre menu visible sans souci

cd /usr/lib/perl5/site_perl/esmith
cp cgi.pm cgi.pm.old
vi cgi.pm

cherchez les lignes :

   # the -CLASS thing gets sent as a body class, not in the header
   print $q->start_html (-TITLE        => 'Mitel Networks server manager',
                         -AUTHOR       => 'bugs@e-smith.com',
                         -META         => {'copyright' => 'Copyright 1999-2005 Mitel Networks Corporation'},
                         -SCRIPT       => "$script",
                         -CLASS        => "$bodyStyle",
                         -STYLE        => {
                               -code => '@import url("/server-common/css/'.$cssFile.'");',
                               -src => '/server-common/css/sme_core.css'
                               });

modifiez en ( ajoutez la ligne -HEAD):

   # the -CLASS thing gets sent as a body class, not in the header
   print $q->start_html (-TITLE        => 'Mitel Networks server manager',
                         -AUTHOR       => 'bugs@e-smith.com',
                         -META         => {'copyright' => 'Copyright 1999-2005 Mitel Networks Corporation'},
                         -HEAD         => '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">',
                         -SCRIPT       => "$script",
                         -CLASS        => "$bodyStyle",
                         -STYLE        => {
                               -code => '@import url("/server-common/css/'.$cssFile.'");',
                               -src => '/server-common/css/sme_core.css'
                               });

sauvegardez vos changements et voila;

Sources