使用 Apache 代理将流量转发到tinyproxy
我需要找到一种方法将端口 80 上的一些流量代理到在单独端口上运行的tinyproxy。 我们有一个客户端在非常严格的防火墙后面工作,仅开放端口 80(并且无法访问 meebo.com 等网站)。 我希望我可以为我们的域创建一个 CNAME 并在 apache 上创建一个虚拟主机,捕获对新 CNAME 的请求并将流量转发到在同一机器上运行的tinyproxy。
我知道 tinyproxy 已设置并正常工作,但是,当我尝试通过 Apache 传递流量时,我什至看不到任何流量。
有人有建议的解决方案吗? 这是我的 VirtualHost 条目:
<VirtualHost *:80>
ServerName sub.domain.com
ProxyPass / http://127.0.0.1:50001/
ProxyPassReverse / http://127.0.0.1:50001/
</VirtualHost>
其中 Tinyproxy 在端口 50001 上运行。
I need to find a way to proxy some traffic on port 80 to tinyproxy running on a separate port. We have a client working behind a very strict firewall with only port 80 open (and cannot get to sites like meebo.com, etc). I was hoping I could create a CNAME to our domain and a virtual host on apache, catch the request for that new CNAME and forward the traffic right to tinyproxy running on the same box.
I know tinyproxy is setup and working correctly, however, when I try to pass in my traffic through Apache, I don't even see any traffic.
Does anyone have a proposed solution? Here is my VirtualHost entry:
<VirtualHost *:80>
ServerName sub.domain.com
ProxyPass / http://127.0.0.1:50001/
ProxyPassReverse / http://127.0.0.1:50001/
</VirtualHost>
where Tinyproxy is running on port 50001.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为这是不可能的。
ProxyPass 用于网络服务器的不透明代理 - 不重定向到代理。 但它可能有效,除了 AFAIK VirtualHost 只能通过 http 请求中的 Host: 标头来识别 - 因此仅适用于真实请求。
换句话说 - 客户端将为他们想要访问的站点设置一个 Host: 标头,因此您的 virtualHost 永远不会被使用。
I don't think it's going to be possible.
ProxyPass is for opaque proxying of web-servers - not redirecting to a proxy. But it might have worked except that AFAIK VirtualHost can only be identified by the Host: header in the http request - so only works for the real request.
In other words - the clients will set a Host: header for the site they want to reach, so your virtualHost is never used.
澄清一下,您的域的主机名是 http://sub.domain.com/.. .,并且您已验证 Tinyproxy 在通过 tinyproxyhost:50001 请求时可以为您的网站提供服务?
我会考虑在网关上使用 iptables 有选择地将发往端口 80 上的 sub.domain.com 的 NAT 请求发送到端口 50001 上的tinyproxyhost。假设 sub.domain.com 的地址为 12.34.56.78,并且 tinyproxy 正在 10.11.12.13 上运行:
iptables -t nat -A PREROUTING -p tcp -d 12.34.56.78 --dport 80 -j DNAT \ --to 10.11.12.13:50001如果您确实想继续使用 Apache,您确定已完全启用 mod_proxy 吗? 确保您的配置中也包含以下内容:
当您尝试访问 http://sub.domain.com 在此配置中? 您在 Apache
access_log和error_log中得到什么输出?To clarify, the host-name of your domain is http://sub.domain.com/..., and you've verified that Tinyproxy serves your site when requested through tinyproxyhost:50001?
I would consider using iptables on your gateway to selectively NAT requests destined for sub.domain.com on port 80 to tinyproxyhost on port 50001. Assuming sub.domain.com is at address 12.34.56.78, and that tinyproxy is running on 10.11.12.13:
iptables -t nat -A PREROUTING -p tcp -d 12.34.56.78 --dport 80 -j DNAT \ --to 10.11.12.13:50001If you really want to continue using Apache for this, are you sure you've enabled mod_proxy completely? Ensure you have the following in your config too:
What happens when you try to access http://sub.domain.com in this configuration? What output do you get in your Apache
access_loganderror_log?