#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Location
    Zaragoza (Spain)
    Posts
    15
    Rep Power
    0

    Dynamic reverse proxy setup


    Hello,

    I have multiple raspberry devices running a web service at different geographical locations.
    These devices can connect on demand to a main server opening a reverse SSH tunnel, where an apache server is running.

    Once the tunnel is stablished I can manually edit my server's VirtualHost and set reverse proxy directives to access the websites hosted in those devices through a folder in my main server.

    ServerName my.server.com
    ProxyPass /remote1/ http://127.0.0.1:10001/


    eg. If the remote device has opened a tunnel to server's port 10001 I can call http://my.server.com/remote1/ the see the website host in the remote device.

    I think I can use RewriteMap to read from a text file with two columns, folder and destination port, and populate this proxy automatically

    remote1 10001
    remote2 10002
    remote3 10003


    Unfortunately I'm not an expert with mod_rewrite and it's giving me a big headache to achieve this.

    Could anyone help, please?
    Also, if somebody know a better/simpler solution to this matter, ideas are welcomed!

    Thank you in advance!
  2. #2
  3. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    Is there a reason you want to try and configure it dynamically rather than just setup the necessary proxy lines for each device ahead of time regardless? If the device isn't connected you'd just get a 502 error, otherwise it'd proxy the connection.


    RewriteMap sounds like it'd work looking at the manual. It'd probably be setup something like this, though I've never tried personally:
    Code:
    RewriteMap lookup "txt:/path/to/proxy-list.txt"
    RewriteRule "/(remote\d+)" "http://127.0.0.1:${lookup:$1}/" [P]
    I'm unsure if you'd have to reload apache after modifying the proxy-list.txt file.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Location
    Zaragoza (Spain)
    Posts
    15
    Rep Power
    0
    Thanks for the quick response kicken,

    The reason is I need it to be an automatic process. I have a good amount of remote devices that will "call home" on demand when needed,
    through a remote SSH tunnel, but they won't be always connected.
    I have some software running on the main server that will receive a command like "tell the device X to connect, I need to configure something on it".
    That device will open the rSSH tunnel and the apache map file will be updated with the new proxy map pair (remoteX --> tunnel port)

    In fact, the map file's first column won't be remoteX (remote1, remote2...) but hashes, and a hash can match any free port, so writing manually the Proxy directives doesn't work
    The paired hashes/ports will be stored in a DB so when the connection is done and the map file updated, my app will redirect the user to the URL to access the device.

    I've tried your code and there's a little problem:
    When I call http://my.server.com/remote1/ the browser redirects to http://127.0.0.1:10001 (the browser computer's localhost), which is not exactly what I need.

    I have managed to get this code almost working

    RewriteEngine On
    ProxyPassInterpolateEnv On
    RequestHeader set X_FORWARDED "yes"
    RewriteMap foldertoport txt:/etc/httpd/proxylist
    RewriteRule ^/(.*)/ - [E=PORT::${foldertoport:$1}] [R,L,NC]
    RewriteRule ^/(.*)/ - [E=HASH:$1] [R,L,NC]
    ProxyPass /${HASH}/ http://127.0.0.1${PORT}/ interpolate
    ProxyPassReverse /${HASH}/ http://127.0.0.1${PORT]/ interpolate


    If proxylist file contains this record:

    uht4t7yg45354g 10001

    Then I call http://my.server.com/uht4t7yg45354g/

    The HTML of the index page at the remote device's web service is loaded okay, but all the calls to resources
    (calls to non root stored files like /css/* /js/*, etc... ) drop a 502 error with a Reason: DNS lookup failure for: 127.0.0.1:
    So the page doesn't work 100%

    I'm missing something...

    PS The good thing of using map files is you don't have to restart the apache after modifying it.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Location
    Zaragoza (Spain)
    Posts
    15
    Rep Power
    0
    Well, I've managed to solve the problem. The RewriteRule, using ^/(.*)/ as match expression, was searching the full requested URL when trying to find a match in the proxylist records instead of only checking the first folder.

    Obviously it was not finding it so that's why the error DNS lookup failure for: 127.0.0.1:
    The last colon was the clue, it was not being able to find a matching port to use.

    So this changes in the RewriteRule directives have made the trick

    RewriteMap foldertoport txt:/etc/httpd/proxylist
    RewriteRule ^/([a-zA-Z0-9]*)/ - [E=PORT::${foldertoport:$1}]
    RewriteRule ^/([a-zA-Z0-9]*)/ - [E=HASH:$1]
    ProxyPass /${HASH}/ http://127.0.0.1${PORT}/ interpolate


    The remote device's management website loads perfectly now from the main server's apache.

    Regards!

IMN logo majestic logo threadwatch logo seochat tools logo