Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
Need an Apache guru to help me out.
I have a network where the end users need access to multiple clients on site, these clients are not directly accessible due to firewall limitations and network lockdown.
We have a server sat on the network that can see all the clients on site, I need to setup our server to proxy the traffic through.
I have setup ProxyPass to the client which works all ok, the end user can get to the login page, but login fails, when a user logs in it forwards the data through the command port which is not on 80, so I need to be able to pass the management ports through to the destination client if you get me?
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
Guess not then  
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
I think its a bad description, can you provide a diagram or be more descriptive in the technical sense?
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Not hugely clued up on mod_proxy but does the client (assuming these are web servers?) login page, attempt to forward the proxy'd end user to the 'command port'? eg - http://proxyserver/login -> http://proxyserver:1234/ etc
If that's the case then two VirtualHosts (Apache proxy) listening on 80 and the 'command port' forwarding to the correct port should work. You also want to make sure you have setup reverse proxies.
It'd also be worth searching, or stick a post up, on StackOverflow site.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by willay
I think its a bad description, can you provide a diagram or be more descriptive in the technical sense?
From what i gathered - end users head to http://proxyserver(:80)/ which proxies them to http://hiddeninternal(:80) the login page but login form takes them http://hiddeninternal:12345 ('command port') which results in the proxy server dishing out a big ol' FUUUU.
If the Apache proxy attempts to take the user to http://proxyserver:12345 then two virtualhosts listening on the two ports should work.
Edit - What happens if you direct the users to the 'command port'? Does your web app then redirect back to port 80 and the login page?
[Edited on 19-12-2012 by Dom]
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
So
There is multiple hosts on a network that you need to access, but due to security limitations you only have access to one host on site? So you want to tunnel all your traffic through that onsite host to access alll the other hosts?
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
Yeah i figured i didnt explain it to well.
ok network diagram 
The clients can see the DVR's by HTTP to their IP's on port 80.
The WAN is locked down so will only allow port 80 access.
When you login to the DVR's it sends the login data through the command port of 5050 and it streams the video feeds through 6050.
Our management server has un-restricted access to the network and can login and stream the video feeds all ok.
We need to proxy the DVR's through our server some how.
I can configure ProxyPass on apache to allow the users to HTTP to the management server like:
http://managementServer/dvr1/
http://managementServer/dvr2/
http://managementServer/dvr3/
this then loads the DVR login pages for each device however you cant login as i am guessing it does not forward the command port data to the destination?
So i need to somehow create a tunnel to the destination dvr,
Hope thats a little better?
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
If you head to http://managementServer/dvr1/ and login does it attempt to redirect you to http://managementServer:5050/dvr1/?
In theory creating another Virtualhost listening to the 5050, rather than the standard '*.80', port and setting up mod_proxy to forward the user to the 5050 port on the DVR address should work.
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
No stays on port 80, but in the background it tries to pass the authentication over port 5050.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Nismo
No stays on port 80, but in the background it tries to pass the authentication over port 5050.
Is the login ajax'd then? What address does it attempt to authenticate over?
Still worth trying as it's on a 30sec job editing the vh conf and restarting Apache.
Have you setup any reverse proxies?
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
tbh im not sure, its a html form.
At the moment they are not setup as VH, i have just added ProxyPass and ProxyPassReverse
|
