Apache configuration

Hello all,

I am struggling a little with Apache and rewrite rules; I generally
expect a hazing period with anything new, and this is about right.  It
would be nice to have the whole thing simpler than it is, largely
because I fear missing something and leaving a gaping whole for hackers.
 Many posts and blogs insist the configuration is in fact easy to do,
even going so far as to offer sample files.  Often there are warnings
about parts of the configuration that are beyond the scope of the post -
fair enough.

Case in point: see

 
http://lists.squeakfoundation.org/pipermail/seaside/2007-November/015167.html


Quoting it, "Here's the modified httpd.conf file to run Fred:".  See
text below for easy reference.

Now for my dumb question of the week: is that the entire configuation
file, as in put that in place of httpd.conf and the thing runs?  Clearly
changes would be required, but if things truly can be that simple, it
seems as though one could create a largely "relocatable" config file,
and/or some Smalltalk code to write one to meet specs.  I have tried
such simple files w/o success, and cannot easily tell whether the file
is missing parts, or if the parts are buggy.  Any ideas?  Is it really
as simple as indicated below??

Bill


# "Stolen" from above-referenced archived message :)
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module
/usr/lib/apache2/modules/mod_proxy_http.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

ServerName www.goodsexnetwork.com
NameVirtualHost 192.168.1.101:80
<virtualhost 192.168.1.101:80>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
DocumentRoot /var/www
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ <a href="https://%">https://%{SERVER_NAME}/$1 [L,R]
</virtualhost>

NameVirtualHost 192.168.1.101:443
<virtualhost 192.168.1.101:443>
ServerName www.goodsexnetwork.com
RewriteEngine on
ProxyRequests off
ProxyPreserveHost on
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /var/www/ssl
ProxyPass /seaside/fred http://localhost:9090/seaside/fred 
ProxyPassReverse /seaside/fred http://localhost:9090/seaside/fred 
RewriteRule ^/$ http://localhost:9090/seaside/fred/$1 [P,L]
</virtualhost>




Wilhelm K. Schwab, Ph.D.
University of Florida
Department of Anesthesiology
PO Box 100254
Gainesville, FL 32610-0254

Email: [hidden email]
Tel: (352) 273-6785
FAX: (352) 392-7029

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Hi Bill,

On Fri, 03 Oct 2008 19:28:35 -0400
"Bill Schwab" <[hidden email]> wrote:

>  Many posts and blogs insist the configuration is in fact easy to do,

just like Smalltalk programming, it is easy, if you are used to it.
Once you've configured a dozen apaches, it'll be easy as pie.

> http://lists.squeakfoundation.org/pipermail/seaside/2007-November/015167.html
>
> Now for my dumb question of the week: is that the entire configuation
> file, as in put that in place of httpd.conf and the thing runs?  

No, it is not. Depending on where you run your apache and which version
it is, the changes might need to be done in httpd.conf or somewhere in a
subdirectory called sites-available or vhosts.d.

> Clearly
> changes would be required, but if things truly can be that simple, it
> seems as though one could create a largely "relocatable" config file,

If you know how your local apache does things, it is already
"relatively" relocatable.


> # "Stolen" from above-referenced archived message :)
> LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
> LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
> LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
> LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

Search your local apache config for other LoadModule statements.
You might even find the entries for the required modules there, albeit
commented out. If not, make sure that the paths are correct and add
them.

> ServerName www.goodsexnetwork.com

This line outside of any VirtualHost directive declares a "global" name
for the server, which is going to be relevant if somebody accesses the
server by IP only, ie. without using a hostname apache can use to
further process the request.

> NameVirtualHost 192.168.1.101:80

This line usually looks like "NameVirtualHost *:80" which basically
tells apache to setup the following virtual hosts for requests on
http port 80.

> <virtualhost 192.168.1.101:80>
> ServerName www.goodsexnetwork.com
> RewriteEngine on
> ProxyRequests off
> DocumentRoot /var/www
> RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
> RewriteRule ^/(.*)$ <a href="https://%">https://%{SERVER_NAME}/$1 [L,R]
> </virtualhost>

"If you can't file the requested filename, ask the https server". This
is a policy decision: Any *files* accessible under DocumentRoot are
sent over http connections, everything else is handled by seaside
over https.

This VirtualHost block contains the core elements you will need for any
apache proxy to seaside.

As reference, here's what a site under development looks like on one of
my machines:

<VirtualHost *:80>
ServerName whatever
ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
  Order deny,allow
  Allow from all
</Proxy>

<Location />
  AuthType Basic
  AuthName "Intranet-Demo"
  AuthBasicProvider dbm
  AuthDBMUserFile /etc/apache2/passwd
  AuthDBMGroupFile /etc/apache2/passwd
  Require group whatever

  ProxyPass http://127.0.0.1:8008/
  ProxyPassReverse http://127.0.0.1:8008/
</Location>
</VirtualHost>

The "special effect" here is that I have put it behind simple http
based authentication, so that only a few users can access the site.

Another sample configuration:

<VirtualHost *:80>
    ServerAdmin [hidden email]
    DocumentRoot "/var/www/ab/htdocs"
    ServerName ab
    ServerAlias ab.domain.com
    ErrorLog "/var/log/apache2/ab-error.log"
    CustomLog "/var/log/apache2/ab.log" common

    <Directory "/var/www/ab/htdocs">

        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride None
        Order allow,deny
        Allow from all

    </Directory>

  ProxyRequests Off
  ProxyPreserveHost On

  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  RewriteLog /var/log/apache2/ab-rewrite.log
  RewriteLogLevel 0
  RewriteEngine On

  RewriteRule ^/?$ http://127.0.0.1:8109/seaside/whatever/Storage [P,L]
 
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule ^/(.+)$ http://127.0.0.1:8109/$1 [P,L]

</VirtualHost>

In this case, I also have some legacy CGI-based stuff and some other
pages on that virtual host and I obviously had difficulties in setting
up the rewrite rules as I'm still prepared for activating rewrite
logging.

I have a redirection for folks accessing the url
"http://ab.domain.com/" to be redirected to the entry point of the
seaside application. The final two Rewrite... lines let apache handle
availabe files (in this case: .js, .css, images) and pass the "real"
requests on to seaside.

HTH
s.
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside