Set up external WWW and file server with Apache reverse proxy_PHP tutorial

Introduction: A machine uses a dedicated line to connect to the Internet as a firewall. There is a WWW server
(Redhat 6.1, Apache 1.3.9) on the internal network segment. It is hoped that this machine can provide a WWW server and apache
-based to the outside world. File services. For the outside world to publicly access the WWW server, or for foreign branches to download required files.
Advantages: The internal WWW server and file service are completely isolated from the outside world and are not directly connected to the outside. The Apache service running on the
firewall provides internal proxy access, which enhances security and at the same time
The Apache service running on the firewall uses name-based virtual host technology so that the
homepage on the firewall will not be accessed. It complies with the principle that as a firewall, the fewer services required to run, the more secure it is.

Implementation method: The Apache server (192.168.11.2) on the internal network segment stores the company's homepage for public access by internal
and external users, and sets the /home/ftp/pub directory as a file Storage area, use
http://download.yourdomain.com/pub/ to access.
Set up apache reverse proxy technology on the firewall, and the firewall will proxy access to the internal network segment.

Steps:
1. Apache server settings on the internal network segment

apache uses the default configuration. The main directory is /home/httpd/html, the host domain name is sun.yourdomain.com,
and the alias is www.yourdomain.com, and set srm.conf and add a line of alias definition as follows:
Alias ​​/pub /home/ ftp/pub/

And change the default application type definition as follows:
DefaultType application/octet-stream

Finally add an entry in /etc/httpd/conf/access.conf Definition

Options Indexes
AllowOverride AuthConfig
order allow,deny
allow from all

Note: Options Indexes allow if the index.html file cannot be found List directories/files.
AllowOverride AuthConfig allows basic username and password authentication.
In this case, you need to put .htaccess in the /home/ftp/pub directory with the following content:
-------
[root@shopu pub]# more .htaccess
AuthName Branch Office Public Software Download Area
AuthType Basic
AuthUserFile /etc/.usrpasswd
require valid-user
------
Then use #htpasswd -c /etc/ .usrpasswd user1
Create different external user names and passwords that allow access to file services under /pub.


2. Reverse proxy configuration on firewall:
Add the following lines to /etc/httpd/conf/httpd.conf

NameVirtualHost 1.2.3.4

# 1.2.3.4 is the permanent IP address on the Internet of the firewall’s external network card


servername www.yourdomain.com
errorlog /var/log/httpd/error_log
transferlog /var/ log/httpd/access_log
rewriteengine on
proxyrequests off
usecanonicalname off
rewriterule ^/(.*)$ http://192.168.11.2/$1 [P,L]


servername download.yourdomain.com
errorlog /var/log/httpd/download/error_log
transferlog /var/log/httpd/download/access_log
rewriteengine on
proxyrequests off
usecanonicalname off
rewriterule ^/(.*)$ http://192.168.11.2/$1 [P,L]


Note: Set the DNS on the firewall to download.yourdomain. comwww.yourdomain.com all points to the
external network card address of the firewall. www.yourdomain.com To find your company homepage, use
http://download.yourdomain.com/pub/...Participate in the fundraiser?/a>


You need to create the directory /var/log/httpd/download/ on the apache host in the internal network segment, otherwise
an error will occur. In addition, you can also set the attribute of /home/httpd/html/index.html on the firewall host to
750

http://www.bkjia.com/PHPjc/314738.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/314738.htmlTechArticleIntroduction: A machine uses a dedicated line to connect to the Internet as a firewall, and there is a WWW server (Redhat6) on the internal network segment .1, Apache1.3.9) I hope this machine can provide external WWW servers and...