|
|
|
Proxy configuration
You can configure an Apache Web server as a reverse proxy server for routing to multiple Project Zero applications. This allows multiple Zero applications to be accessed using a namespace at a single Web server address. The following sections of this article provide information about how to configure an Apache Web server as a reverse proxy server.
Zero application configuration
There are no special configuration requirements in order for a Project Zero application to be placed behind a reverse proxy server, if an application uses only page relative URIs and follows the guidelines described in the URIUtils article. Using only page relative links is considered a best practice, and allows the most flexibility for relocating applications behind a reverse proxy, or even multiple chains of proxies.
However, sometimes using absolute URIs is unavoidable. In these cases, you can configure an external URI prefix. This value is pulled from the global context and is used for creating absolute URIs through the URIUtils APIs. This string should contain the complete path to the Project Zero application from the point of view of a user (from the browser of a user). For example, if the remote proxy is accessible using the http://www.projectzero.org/, address and you follow the instructions in the Configuring a proxy server section for routing to a Project Zero application using the namespace employeedemo, then add the following line the zero.config file:
/config/externalUriPrefix = "http://www.projectzero.org/employee.demo"
For a complete description of the externalUriPrefix value, see the Global context reference.
Configuring a proxy server
You can configure Apache as a reverse proxy server for routing to Zero applications using the mod_proxy module as described in the following section.
Mod_Proxy
You can configure the Apache Web Server as a proxy server by including the mod_proxy module and appropriate directives in the httpd.conf configuration file of the server.
In the following example, the Project Zero sample application employee.demo is placed behind an Apache server configured as a reverse proxy and the following modifications are made to the httpd.conf configuration file of the Apache server.
1. Add the LoadModule directives for the mod_proxy, mod_proxy_http, and mod_rewrite modules as shown in the following example:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
2. Add the ProxyRequest off line as shown in the following example:
ProxyRequests Off
3. Add the Proxy stanza as shown in the following example:
<Proxy>
Order deny,allow
Allow from all
</Proxy>
4. Enable URL rewriting as shown in the following example:
RewriteEngine on
5. For each application that is to be placed behind the Apache server, add a ProxyPass statement, where the namespace of the application is determined, as shown in the following example:
ProxyPass /employeedemo/ http://localhost:8080/
6. For each application for which there is a ProxyPass statement, add a ProxyPassReverse statement, as shown in the following example:
ProxyPassReverse /employeedemo/ http://localhost:8080/
This allows the Apache server to rewrite the header information correctly before passing the response back to the client. The values in this line must exactly match the values in the corresponding ProxyPass statement.
7. The application can be reached using the namespace URL with an ending slash, but a URL without a trailing slash results in a 404 Not Found error. To correct this, for each application that has ProxyPass and ProxyPassReverse statements, add a rewriting rule with a trailing slash, as shown in the following example:
RewriteRule /employeedemo$ /employeedemo/ [R]
After these steps are taken, the Employee Demo application used in the example is accessible from the Apache server with the following URL: http://{hostname}/employeedemo.
The complete configuration section is shown in the following example:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
ProxyRequests Off
<Proxy>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
ProxyPass /employeedemo/ http://localhost:8080/
ProxyPassReverse /employeedemo/ http://localhost:8080/
RewriteRule /employeedemo$ /employeedemo/ [R]
Using Apache/ModProxy to proxy AJAX requests
You might want to access services on third party servers from JavaScript running in the client Web browser. Because of security restrictions, it might not be possible to reach these third party services unless a reverse proxy is configured in the original domain from which the application was retrieved.
You can add a snippet in the Apache httpd.conf file to proxy any URL beginning with "/ajax/projectzero.org" or "/ajax/www.projectzero.org" to the address beginning after /ajax/. You could configure this with nothing after /ajax/, but that would allow your proxy to be used by any user to access any site anonymously, so the best practice is to provide a white list of accessible sites.
This particular proxy configuration example forwards all requests that do NOT match the AJAX proxy criteria to a Project Zero server running at http://localhost:8080/:
- Follow steps 1 and 4 from the Configuring a proxy server section.
- Add the following snippet to the the Apache
httpd.conf file:
ProxyPassReverse /ajax/ http://
RewriteRule ^/ajax/((www\.)?projectzero.org)? http://$1 [P,L]
ProxyPass / http://localhost:8080/
You can find information on all of these directives in the Apache documentation.
|
