Gary Finch

Q: What is the recommended way to setup a web proxy to another server on the LAN?

Hi,

 

I use Server to handle incoming web traffic but also have another server running that I want to use externally.

 

I have it working by directly editing the site config file and adding the ProxyPass and ProxyPassReverse directives but these get overwritten when the site config is changed in the Server.app

 

I would like to implement this in a way that will not get overwritten and is more robust.

 

Any advise would be very welcome.

 

Thanks

 

Gary

Mac mini, OS X Server

Posted on May 20, 2016 3:21 AM

Close

Q: What is the recommended way to setup a web proxy to another server on the LAN?

  • All replies
  • Helpful answers

  • by Kevin Neal,Solvedanswer

    Kevin Neal Kevin Neal May 25, 2016 5:58 AM in response to Gary Finch
    Level 3 (513 points)
    Servers Enterprise
    May 25, 2016 5:58 AM in response to Gary Finch

    I'm in no way an expert on this, but I think you can do what you are asking using the WebApp feature.

     

    You make a plist in webapps folder and a conf file in the apache folder and then using Server.app, edit your website and click on the Edit Advanced Settings button and tick the webapp that you created. This shouldn't then get over written if you make any changes.

     

    The conf file contents would have the proxy information in it:

     

    # from http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass

    RewriteEngine On

    RewriteCond %{HTTPS} =off

    RewriteRule . - [E=protocol:http,E=port:8000]

    RewriteCond %{HTTPS} =on

    RewriteRule . - [E=protocol:https,E=port:8010]

    ProxyPassReverse / http://secondserver.example.com:8000/

    ProxyPass / http://secondserver.example.com:8000/

     

    and the plist would be something like this:

     

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <!-- See man pages for webapp.plist(5) and webappctl(8) for information about this example webapp.plist -->

    <plist version="1.0">

    <dict>

      <key>includeFiles</key>

      <array> <!-- Include files are activated in virtual host when webapp is started -->

      <string>/Library/Server/Web/Config/apache2/httpd_yourwebapp.conf</string> <!-- Name should match your conf file-->

      </array>

      <key>name</key>

      <string>com.example.secondserverwebapp</string>

      <key>displayName</key> <!-- Name shown in Server app -->

      <string>SecondServerWebApp</string>

      <key>installationIndicatorFilePath</key> <!-- The presence of this file indicates web app is installed -->

      <string>/Library/Server/Web/Config/apache2/httpd_yourwebapp.conf</string>

      <key>sslPolicy</key> <!-- Determines webapp SSL behavior -->

      <integer>0</integer> <!-- 0: default, UseSSLWhenEnabled -->

      <!-- 1: UseSSLAlways -->

      <!-- 2: UseSSLOnlyWhenCertificateIsTrustable -->

      <!-- 3: UseSSLNever -->

      <!-- 4: UseSSLAndNonSSL -->

    </dict>

    </plist>

     

     

    This may not be completely right but may point you in the right direction, hopefully someone with more knowledge will chip in in the meantime

  • by Gary Finch,

    Gary Finch Gary Finch May 25, 2016 6:00 AM in response to Kevin Neal
    Level 1 (144 points)
    Servers Enterprise
    May 25, 2016 6:00 AM in response to Kevin Neal

    Thank you .... I did make a WebApp. The config is actually simpler than the example but that really helped.

     

    Thanks again