Changes

Jump to navigation Jump to search
no edit summary
Line 1: Line 1: −
===Proxy Pass===
+
{{usefulnote}}
 +
==Proxy Pass==
   −
====ProxyPass a domain====
+
===ProxyPass a domain===
    
This section covers ProxyPass directives in the "domains" database
 
This section covers ProxyPass directives in the "domains" database
Line 19: Line 20:  
  db domains delete proxypassdomain.com
 
  db domains delete proxypassdomain.com
 
  signal-event domain-delete proxypassdomain.com
 
  signal-event domain-delete proxypassdomain.com
 +
 +
Note that using the settings above 'TemplatePath' is set to 'ProxyPassVirtualHosts' which will read templates in:
 +
 +
/etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts
 +
 +
It is perfectly possible to use your own templates for more specialised settings:
 +
 +
cp -R /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/MyProxyPassHost
 +
 +
Now you can edit the templates in 'MyProxyPassHost' and use your own advanced settings as you require.
 +
 +
db domains setprop proxypassdomain.com TemplatePath MyProxyPassHost
    
{{Note box|msg=If you have added the internal or external server's domain name as a virtual domain on the SME Server, you must remove it prior to issuing these commands. The server-manager domains panel will show the proxy pass entry but you will not be able to edit it, see [[bugzilla:1612]]}}
 
{{Note box|msg=If you have added the internal or external server's domain name as a virtual domain on the SME Server, you must remove it prior to issuing these commands. The server-manager domains panel will show the proxy pass entry but you will not be able to edit it, see [[bugzilla:1612]]}}
Line 30: Line 43:  
http://forums.contribs.org/index.php?topic=46975.0
 
http://forums.contribs.org/index.php?topic=46975.0
   −
From this forum post by Charlie Brady http://forums.contribs.org/index.php?action=post;quote=245408;topic=49181.0;last_msg=245408 is information about https access & expected behaviour re certificates
+
From this forum post by Charlie Brady http://forums.contribs.org/index.php/topic,49181.msg245408.html#msg245408 is information about https access & expected behaviour re certificates
    
What happens is that the browser connects to the SME server, then negotiates SSL (verifies the certificate and starts encrypting the connection), then sends the request (hostname + URL). Apache in the SME server then proxies the connection (creates the connection to the internal webserver, passes the request, passes back the response). There's no way that the internal server's certificate can be presented to the browser and used to enable encryption.
 
What happens is that the browser connects to the SME server, then negotiates SSL (verifies the certificate and starts encrypting the connection), then sends the request (hostname + URL). Apache in the SME server then proxies the connection (creates the connection to the internal webserver, passes the request, passes back the response). There's no way that the internal server's certificate can be presented to the browser and used to enable encryption.
   −
====ProxyPass a alias/directory/location====
+
===ProxyPass a alias/directory/location===
    
This section covers the db settings in the "accounts" database that generate ProxyPass directives in httpd.conf
 
This section covers the db settings in the "accounts" database that generate ProxyPass directives in httpd.conf
Line 65: Line 78:  
http://forums.contribs.org/index.php/topic,40075.0.html
 
http://forums.contribs.org/index.php/topic,40075.0.html
   −
 
+
===ProxyPass for Exchange Outlook Web Access===
====ProxyPass for Exchange Outlook Web Access====
      
Users wishing to implement this setup are strongly advised to read in full this forum thread http://forums.contribs.org/index.php/topic,40075.0.html from which the following information was obtained.
 
Users wishing to implement this setup are strongly advised to read in full this forum thread http://forums.contribs.org/index.php/topic,40075.0.html from which the following information was obtained.
Line 140: Line 152:     
http://httpd.apache.org/docs/2.0/mod/mod_headers.html
 
http://httpd.apache.org/docs/2.0/mod/mod_headers.html
      
*User feedback & additional information re above method:
 
*User feedback & additional information re above method:
Line 173: Line 184:     
To achieve this, Apache must resolve everything to iBays, except the one virtual host and it's /owa directories.
 
To achieve this, Apache must resolve everything to iBays, except the one virtual host and it's /owa directories.
      
1. Enable SSLProxy:
 
1. Enable SSLProxy:
Line 222: Line 232:  
  # End of Exchange settings
 
  # End of Exchange settings
 
  </VirtualHost>
 
  </VirtualHost>
      
where iis.private.local is the private instance of IIS. and remote.domainA.com is a publically addressable domain that resolves to the public side of the SME server. To be sure this works, you must be able to resolve iis.private.local from the sme server (add a hostname record with correct internal IP address). Ensure the Integrated Authentication is disabled for OWA (leave basic auth on).
 
where iis.private.local is the private instance of IIS. and remote.domainA.com is a publically addressable domain that resolves to the public side of the SME server. To be sure this works, you must be able to resolve iis.private.local from the sme server (add a hostname record with correct internal IP address). Ensure the Integrated Authentication is disabled for OWA (leave basic auth on).
Line 247: Line 256:     
Google
 
Google
 +
 +
==DNS Forwarding==
 +
 +
The dnscache service can be configured to forward all queries for a specific domain to an alternate server, or to block DNS for a domain by configuring forwarding to 'localhost', without affecting any other services or configuration files. See [[Bugzilla:6848]]
 +
 +
This is done using the "domain-remote" record type in the domains db:
 +
 +
To forward all DNS for <domainname> to the specified remote DNS server:
 +
db domains set <domainname> domain-remote a.b.c.d
 +
 +
To block lookups for <domainname>:
 +
db domains set <domainname> domain-remote localhost
 +
[[Category: Howto]]

Navigation menu