On 9/26/2025 6:03 AM, Frank Gingras wrote:
On Fri, Sep 26, 2025 at 2:57 AM Bret Stern
<[email protected]> wrote:
On 9/25/2025 2:10 PM, Frank Gingras wrote:
On Thu, Sep 25, 2025 at 3:14 AM Bret Stern
<[email protected]> wrote:
Like this?: (on the backend apache host)
Edited loaded module:
vi /etc/httpd/conf.modules.d/00-base.conf
Commented out
#LoadModule access_compat_module modules/mod_access_compat.so
Modified Virtual:
<VirtualHost *:80>
ServerName postfixadmin.sevendogzero.com
<http://postfixadmin.sevendogzero.com>
DocumentRoot /var/www/postfixadmin/public/
ErrorLog /var/log/httpd/postfixadmin_error.log
CustomLog /var/log/httpd/postfixadmin_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/postfixadmin/public/>
Options FollowSymLinks MultiViews
AllowOverride All
# Order allow,deny
# allow from all
</Directory>
</VirtualHost>
Then
sudo systemctl restart httpd
Next step:
Will read this.
https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
Appreciate the direction
On 9/24/2025 8:22 PM, Frank Gingras wrote:
On Wed, Sep 24, 2025 at 9:17 PM Bret Stern
<[email protected]> wrote:
Couple things..I appear to be top posting. What is the
preferred conversation rule. I use Thunderbird. Way back
in the day, I seem to recall a setting
which played to the bottom posting preference.
On the conversation here. I've set a reverse proxy on my
gateway apache server pointing to the backend apache
server, which is running
mail services. (It doesn't have to be that way, I'm just
trying to keep server counts down.)
On the backend apache server here is an example of my
Virthost. However I think the following line should be
"localhost"
current -> ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
replace with something like ->
*ProxyPass* /sample http://localhost:8080/sample
*ProxyPassReverse* /sample http://localhost:8080/sample
<VirtualHost *:80>
ServerName postfixadmin.domain.com
<http://postfixadmin.domain.com>
DocumentRoot /var/www/postfixadmin/public/
ErrorLog /var/log/httpd/postfixadmin_error.log
CustomLog /var/log/httpd/postfixadmin_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/postfixadmin/public/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
I just don't think I get this yet, but very close. I
have three reverse proxy conf that are working for websites.
But this one simply says "File not found". The logs say
error_log
[Tue Sep 23 23:24:19.181827 2025] [proxy_fcgi:error]
[pid 46973:tid 47081] [client 192.168.60.167:47784
<http://192.168.60.167:47784>] AH01071: Got error
'Primary script unknown'
access_log
192.168.60.167 - - [23/Sep/2025:23:24:19 -0700] "GET
/setup.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT
10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Thanks for any help
Bret
On 9/20/2025 1:39 PM, Frank Gingras wrote:
On Sat, Sep 20, 2025 at 3:46 PM Bret Stern
<[email protected]> wrote:
Ok. Is there a recommended place for the TLS, or
either one is fine. Just confiming.
Sounds like I'll need to remove a cert on one of
the servers thinking..Yes/No
Thanks Frank.
On 9/20/2025 12:38 PM, Frank Gingras wrote:
On Sat, Sep 20, 2025 at 3:12 PM Bret Stern
<[email protected]> wrote:
Hi there,
I'm setting up and email server which is
reverse proxyied behind a front
end apache server.
For the same domain...my dns has both a
primary web server server, and
an email server sitting behind a single wan ip.
First question.
Is this possible?
At this point all email is working except
smtp, which I'm thinking is a
certificate problem.
So I have certicates on the email server
apache and the apache server
providing the reverse proxy.
And of course Postfix and Dovecot could have
config issues, but mostly
here I'm looking for verifying my described
concept is
achievable using apache.
Comments or links to feasability and tips are
always appreciated.
Thanks,
Bret
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
Email and HTTP server had nothing to do with each
other, practically. A reverse HTTP proxy can be
used to host a webmail interface to handle those
emails, sure, but then just handle the TLS
termination either on the edge, or the inner server.
For the latter, just use SSLProxyEngine on.
It depends on what the backend interface requires - if
it redirects to https:// automatically, then you'll
need to offload TLS to the proxied server with
SSLProxyEngine on.
Otherwise, you can handle the TLS handshake on the edge
server and speak non-TLS to the inner servers.
First, stop using the Allow/Deny/Order directives, and
unload the mod_access_compat module.
Secondly, Primary script unknown is the error caused by
pointing the URI to a non-existent resource running on
php-fpm. Take a look at
https://cwiki.apache.org/confluence/display/HTTPD/PHP-FPM
In short, if you request /foo a and you use DirectoryIndex
index.php, the request will be converted to /foo/index.php,
which in turn will be proxied to php-fpm, and that resource
*must* existing on the file system, based on the docroot set
in your fpm pool.
You need to replace the 2.2 authz directives with Require, too.
Also, avoid using .htaccess files by setting AllowOverride none.
I believe you mean in this declaration. The docs call this an
authorization container. Not going to pretend I know the syntax.
Is this close?
So whatever the <Require> directive is, the arguments within the
<Require(parameter)> must meet the parameter directive.. am I
getting it sort of?
<Directory /var/www/postfixadmin/public/>
<Require> <-------------------------------do I need an option
here...I would think 'all' can you give me a hint?
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Require>
</Directory>
Ok. I think I got it.
As long as I have the [mod_authz_core] enabled, I can build access logic
with the |<RequireAll>
<https://httpd.apache.org/docs/current/mod/mod_authz_core.html#requireall>|,
|<RequireAny>
<https://httpd.apache.org/docs/current/mod/mod_authz_core.html#requireany>|
and |<RequireNone>
<https://httpd.apache.org/docs/current/mod/mod_authz_core.html#requirenone>
|
|tags with Require statement and arguments. Eg;
|
<RequireAll>(this means all the Require between beginning and ending
RequireAll statements below must be met to allow access
Requiregroup admins (this referes to users on the hosting system?)
Requireldap-group "cn=Administrators,o=Airius" (this can refers to LDAP
dictionaries of users)
</RequireAll>
Pretty cool if I correctly understand it.
|I've never spent much time in the apache world, so now I'm beginning to
understand. I will keep reading and play with the options.|
|
|
There are good examples in the docs:
http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require
Look at the first use case.
