This article focuses on the method of installing the web server Apache with proxy and rewrite rules on the enterprise firewall, as well as the specific steps to compile and set up Apache. After a successful installation, the flexible virtual host settings allow external users to access multiple web servers on the internal LAN through the firewall.
First, the test environment and network structure
The test environment used in this article is Redhat Linux 7.2, Apache 1.3.24, the company domain name is assumed to be company.com.
The typical network structure of the company is shown in the figure.
Note: Two NICs are installed on the firewall in the figure. The external public address of the e0 port is 1.2.3.4, and the internal reserved address of the e1 port is 192.168.2.1. There are three Web servers A, B, and C inside the LAN. The corresponding domain names are weba.company.com, webb.company.com, and webc.company.com, all using internal reserved addresses.
Second, the operation steps
As shown in the figure, the company connected to the Internet through a dedicated line, installed a firewall, there are three Web servers inside the LAN, all have internal reserved addresses, but hope They are able to provide external web services.
1. Set DNS
Set the DNS of the internal 3 web servers on the firewall (also the company's DNS server), the IP address is 1.2.3.4. Thus, when parsing weba.company.com, webb.company.com, and webc.company.com on the Internet, they all point to the same IP address, which is the external interface address of the firewall, 1.2.3.4.
2. Download Apache
Download the latest version of Apache 1.3.24 to /root from the Apache website (http://www.apache.org) at http://www.apache.org/dist /httpd/apache_1.3.24.tar.gz.
3. Change the source code to make the maximum number of allowed connection connections exceed 256
Since Apache allows up to 256 connections by default, the number of connections on a busy website may not be To meet the needs, especially the Apache reverse proxy on the firewall allows external users to access multiple internal web servers. You can change the src/include/httpd.h file by following the steps below.
#cd/root Switch directory to /root
#tar xvfz apache_1.3.24.tar.gz Unpack the Apache source file to /root
#cd apache_1.3.24 Enter apache_1.3.24 directory
#vi src/include/httpd.h Edit httpd.h file with vi
After entering vi src/include/httpd.h command , continue to enter /256 and press Enter to search for the number 256, change it to 1024 and save and exit.
Note:
1 To support simultaneous requests of up to 1024 clients, not only need to change the source files mentioned above, but also need to set /usr/local/apache after compiling and installing /conf/httpd.conf file, change the parameter after the MaxClients line to 1024.
2 If you are only testing, or if there are not many people using it, you can not modify the httpd.h file.
4. Compile Apache //This article is transferred from www.45it.com computer software and hardware application network
Compilation code as shown in code 1.
Code 1
#cd apache_1.3.24
#./configure --prefix=/usr/local/apache
--enable-module=most
- -enable-shared=max
--enable-module=proxy
--enable-shared=proxy
--enable-module=rewrite
--enable-shared=rewrite Set the installation default directory
Compile Most Modules
Set Module to DSO (Dynamic Shared Object) Mode
Start Agent Module
Install Agent Module for DSO Mode
Start Rewrite Function Module
Install Rewrite Function Module for DSO Mode
Note: When compiling Apache, you must compile most modules and set them to DSO mode. Start the proxy and rewrite modules at the same time, and also set it to DSO mode.
#make
#make install
will install all the required files for Apache to the /usr/local/apache directory.
5. Set the domain-based virtual host in the httpd.conf file
Locate the httpd.conf file in the /usr/local/apache directory and add the following to this file.
NameVirtualHost 1.2.3.4:80
VirtualHost 1.2.3.4:80
ServerAdmin [email protected]
DocumentRoot /usr/local/apache/htdocs
ServerName default.company. Com
ErrorLog /usr/local/apache_http/logs/error_log
CustomLog /usr/local/apache_http/logs/access_log combined
UseCanonicalName Off
ProxyRequests Off
RewriteEngine on
RewriteCond % {HTTP_HOST}.*.company.com$
RewriteRule ^/(.*)$ http://%{HTTP_HOST}/$1 [P,L]
/VirtualHost
Notes:
1 The domain-based reverse proxy virtual host is set up, so that when you access the host with IP address 1.2.3.4 from the outside, and the domain name behind the URL address is company.com, Apache can The user's request is forwarded to the web server inside the LAN, and the response packet is rewritten to remove the proxy protocol part.
The 2ServerName line can be specified arbitrarily.
The 3ProxyRequest Off line is used to disable Apache from proxying services on the host with IP address 1.2.3.4 and port 80. Apache is used as a transparent proxy server here.
4RewriteEngine on one line is used to start Apache to modify the response packet function, otherwise the following RewriteCond and RewriteRule will not work.
6. Adding records to the /etc/hosts file
In the above virtual host rewrite rules, the rewritten URL is the same as the URL you requested. Our idea is to put the following 3 domain names into In the /etc/hosts file of the firewall, Apache will get the content from the internal 3 web servers and return it to the external users. The corresponding domain name records are as follows.
192.168.2.2 weba.company.com
192.168.2.3 webb.company.com
192.168.2.4 webc.company.com
III. Summary
Thus, when an external user visits http://weba.company.com, the request is sent to the firewall's Apache, and the Apache reverse proxy on the firewall will be directly based on the records defined in the /etc/hosts file. The content is obtained from the web server whose IP address is 192.168.2.2 and returned to the external user, thereby completing the external web server weba.company.com to provide external access.
After configuring Apache, if you need to add more internal web servers to provide external access services, just set the IP address of its DNS server to 1.2.3.4 and the /etc/hosts file. Add the corresponding record.
You can try it, but dont do bad things. Fortunately, I need a password to modify m
Now let us use the two digital tubes on the experiment board to do a cycle to display the 00~99 numb
The web server avoids some unnecessary troubles. You can not display the version information of apa
2011 is the 20th anniversary of Linux and the 18th anniversary of the Debian release. Linux has expe
The number of desktop Linux users has dropped sharply
Teach you how to increase hard disk space in Linux virtual machine
A brief history of Linux operating system development
Linux forced delete non-empty directory command
Linux administrators must not know the top ten PHP security points
Shell automatic interaction method
11 Linux terminal commands let you use it even better
OpenIPMP test environment installation basic tutorial under Windows
Live555 can't get ip address solution under LINUX
How to install Win7 dual system under Win8
Windows 7 Fast Sharing Internet Wireless Network Connection
Win7 system headset sound is too small solution
How to use Win10's own video recording function?
Win7 security aspects of the detailed explanation
Network daddy" see your kids online 3
Win7 boot blue screen error protectsrv.sys how to do?
Operate Windows 7 Recycle Bin in the taskbar notification area