859
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − ===Proxy Pass===+ + − ====ProxyPass a domain====+ Line 19:
Line 20: + + + + + + + + + + + + Line 30:
Line 43: − ====ProxyPass a alias/directory/location====+ + + + + Line 61:
Line 78: − + − ====ProxyPass for Exchange Outlook Web Access==== Line 136:
Line 152: − Line 169:
Line 184: − Line 218:
Line 232: − Line 243:
Line 256: + + + + + + + + + + + + +
SME Server:Documentation:ProxyPass (view source)
Revision as of 19:00, 10 October 2019
, 19:00, 10 October 2019no edit summary
{{usefulnote}}
==Proxy Pass==
===ProxyPass a domain===
This section covers ProxyPass directives in the "domains" database
This section covers ProxyPass directives in the "domains" database
db domains delete proxypassdomain.com
db domains delete proxypassdomain.com
signal-event domain-delete proxypassdomain.com
signal-event domain-delete proxypassdomain.com
Note that using the settings above 'TemplatePath' is set to 'ProxyPassVirtualHosts' which will read templates in:
/etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts
It is perfectly possible to use your own templates for more specialised settings:
cp -R /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ProxyPassVirtualHosts /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/MyProxyPassHost
Now you can edit the templates in 'MyProxyPassHost' and use your own advanced settings as you require.
db domains setprop proxypassdomain.com TemplatePath MyProxyPassHost
{{Note box|msg=If you have added the internal or external server's domain name as a virtual domain on the SME Server, you must remove it prior to issuing these commands. The server-manager domains panel will show the proxy pass entry but you will not be able to edit it, see [[bugzilla:1612]]}}
{{Note box|msg=If you have added the internal or external server's domain name as a virtual domain on the SME Server, you must remove it prior to issuing these commands. The server-manager domains panel will show the proxy pass entry but you will not be able to edit it, see [[bugzilla:1612]]}}
http://forums.contribs.org/index.php?topic=46975.0
http://forums.contribs.org/index.php?topic=46975.0
From this forum post by Charlie Brady http://forums.contribs.org/index.php/topic,49181.msg245408.html#msg245408 is information about https access & expected behaviour re certificates
What happens is that the browser connects to the SME server, then negotiates SSL (verifies the certificate and starts encrypting the connection), then sends the request (hostname + URL). Apache in the SME server then proxies the connection (creates the connection to the internal webserver, passes the request, passes back the response). There's no way that the internal server's certificate can be presented to the browser and used to enable encryption.
===ProxyPass a alias/directory/location===
This section covers the db settings in the "accounts" database that generate ProxyPass directives in httpd.conf
This section covers the db settings in the "accounts" database that generate ProxyPass directives in httpd.conf
http://forums.contribs.org/index.php/topic,40075.0.html
http://forums.contribs.org/index.php/topic,40075.0.html
===ProxyPass for Exchange Outlook Web Access===
Users wishing to implement this setup are strongly advised to read in full this forum thread http://forums.contribs.org/index.php/topic,40075.0.html from which the following information was obtained.
Users wishing to implement this setup are strongly advised to read in full this forum thread http://forums.contribs.org/index.php/topic,40075.0.html from which the following information was obtained.
http://httpd.apache.org/docs/2.0/mod/mod_headers.html
http://httpd.apache.org/docs/2.0/mod/mod_headers.html
*User feedback & additional information re above method:
*User feedback & additional information re above method:
To achieve this, Apache must resolve everything to iBays, except the one virtual host and it's /owa directories.
To achieve this, Apache must resolve everything to iBays, except the one virtual host and it's /owa directories.
1. Enable SSLProxy:
1. Enable SSLProxy:
# End of Exchange settings
# End of Exchange settings
</VirtualHost>
</VirtualHost>
where iis.private.local is the private instance of IIS. and remote.domainA.com is a publically addressable domain that resolves to the public side of the SME server. To be sure this works, you must be able to resolve iis.private.local from the sme server (add a hostname record with correct internal IP address). Ensure the Integrated Authentication is disabled for OWA (leave basic auth on).
where iis.private.local is the private instance of IIS. and remote.domainA.com is a publically addressable domain that resolves to the public side of the SME server. To be sure this works, you must be able to resolve iis.private.local from the sme server (add a hostname record with correct internal IP address). Ensure the Integrated Authentication is disabled for OWA (leave basic auth on).
Google
Google
==DNS Forwarding==
The dnscache service can be configured to forward all queries for a specific domain to an alternate server, or to block DNS for a domain by configuring forwarding to 'localhost', without affecting any other services or configuration files. See [[Bugzilla:6848]]
This is done using the "domain-remote" record type in the domains db:
To forward all DNS for <domainname> to the specified remote DNS server:
db domains set <domainname> domain-remote a.b.c.d
To block lookups for <domainname>:
db domains set <domainname> domain-remote localhost
[[Category: Howto]]