Koozali.org: home of the SME Server

ANNOUNCE: ProxyPass rpm for 5.5+

Abe Loveless

ANNOUNCE: ProxyPass rpm for 5.5+
« on: April 05, 2003, 07:50:06 PM »
I have updated Darrell May's proxypass contrib.  I have tested with SME 5.6, successfully.  I believe all other versions will probably work alright as well.


I made a pretty small change to the httpd.conf template fragment VirtualDomains/50ProxyPass.  In the rpm, this file is located at RPM-SOURCE-PATH/opt/proxypass/SME/5.5/50ProxyPass.


Here is the entire file:


{
tie my %domains, 'esmith::config', '/home/e-smith/domains';

my $target = db_get_prop(\%domains, "$virtualHost", "ProxyTarget") || "";

if ("$target" ne "")
        {
        $result .= "\n";
        $result .= "    #-----------------------------------\n";
        $result .= "    # Added to ProxyPass virtual domain \n";
        $result .= "    #-----------------------------------\n";
        $result .= "\n";
        $result .= "    ProxyPass\t/\t$target\n";
        $result .= "    ProxyPassReverse\t/\t$target\n";
        $result .= "\n";
        $result .= "\ \n";
        }
}


The original did not include the line that "ties" %domains to the domains config db (line 2).  In earlier versions, I'm sure this was done earlier in the "expand-template" process.  But, since the newer versions are using more wild cards for the apache config (All aliases seem to be built around 0.0.0.0 and the port number, rather than specific IP's as in previous
releases.)

So, the problem was occurring because the db_get_prop was not returning a value.  As I said above, I believe this fix will work for SME 5.5 and 5.6. The 5.1.2 servers actually get a different 50ProxyPass file, which I did not alter.

Here's the url (noarch and src rpms): http://tech-geeks.org/contrib/loveless/beta/proxypass/

Once a few people have posted results, I think it should probably be moved back to Darrell's contrib area on contribs.org.

Feedback welcome, of course.

Boris

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #1 on: April 06, 2003, 12:38:11 PM »
Just tested it successfuly with SME 5.6.
Yahoo-o-o!
Now I don't have to use version 5.1.2 then I need ProxyPass anymore.
Thanks alot.

Ashley Shaw

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #2 on: April 08, 2003, 08:05:44 PM »
Hi there

I used proxypass incorrectly and I have made a bit of a booboo. I wanted to set internal queries for www.tractorproductions.com to the outside, which I have now realised that I only needed to put the correct DNS settings in.  As soon as I had made a ProxyPass entry  as follows:

Path:   empty

Target:   www.tractorproductions.co.za

description: Tractorproductions Website

enable access via http:    yes

The result of this is that I no longer have access to any websites hosted on the server itself (including server-manager).  From outside the network the message is "You are not authorized to view this page"
This is disasterous............please do you have any suggestions.

Thanks
Ashley

Abe Loveless

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #3 on: April 08, 2003, 08:30:57 PM »
Ahhh... that would be bad.  :)

Try this from the console

   /sbin/e-smith/db accounts delete

Mine was called test, so here is what I entered:
   /sbin/e-smith/db accounts delete /test/

Then re-expand the templates:
   /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
   /sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf

Then restart apache
   service httpd restart

That help?

Ashley Shaw

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #4 on: April 09, 2003, 12:08:06 AM »
Thanks alot, you have saved me. Would you care to explain why you took each of those steps. I understand some of it but it would be nice to understand all of it.   :-)

Thanks a million
Ashley

Abe Loveless

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #5 on: April 09, 2003, 12:42:14 AM »
Sure...  The config information for the proxypass is stored in one of 2 of the internal e-smith config databases.  The ProxyPass for an individual directory info is stored in the "accounts" database (/home/e-smith/accounts).  The ProxyPass for VirtualDomain info is added to the virtual domain's record in the "domains" database (/home/e-smith/domains).

From your description of the various options, I could tell that you had tried to update a specific directory on the main server, rather than a virtual domain.

So, the first step is to use the command line to delete the ProxyPass info from the "accounts" database.  (/sbin/e-smith/db accounts.... )

Now that the config info has been removed, we need to force the server to rebuild all of the config files with the current config info.  I'm sure you've come across other posts referring to the e-smith templates and templates-custom.  When the templates are expanded, the system checks the config databases and builds the appropriate config files for each service.

Since 2 services were affected by our change (standard web services and the admin web services), we had to expand both of those templates using "/sbin/e-smith/expand-template...".

And finally, now that the httpd config files have been regenerated, we need to restart the httpd service to force it to re-read the config files.

Hope that helps a little.

Ashley Shaw

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #6 on: April 09, 2003, 01:33:59 AM »
That is wonderful, I am going to go back to other rearch and testing know that much more, and sorting it out that much quicker. YOU ARE THE MAN. Thanks alot to the community for such a great forum.......

Cheers
Ashley

Ashley Shaw

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #7 on: April 09, 2003, 06:57:17 PM »
Hi there again

I tried what you (Abe Loveless) showed me yesterday and it worked just fine. Today of course is another kettle of fish. I get the error message "This page cannot be displayed" from inside the LAN and from externally I receive the same message  when trying to connect to any webpage whatsoever (ibays, primary, sysadmin tools, etc). Could you possibly suggest any form of trouble shooting method to use to locate the problem.

The server in question 196.22.182.234 - www.tractorfilms.co.za

If anyone out there has a suggestion I would love to here it!

Thanks
Ashley Shaw

Abe Loveless

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #8 on: April 09, 2003, 07:08:22 PM »
That's weird.  Try un-installing the rpm.

"rpm -e dmc-proxypass"

Then expand the templates and restart httpd, as in the post above.

Let me know what that does, (if anything)

Ashley Shaw

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #9 on: April 09, 2003, 10:42:35 PM »
This is what I typed and the output

[root@tractorserver root]# rpm -e dmc-proxypass*
error: package dmc-proxypass* is not installed

I also tried to make server-manager available from external (relation to lan) with the following comand

/sbin/e-smith/db configuration setprop httpd-admin ValidFrom 0.0.0.0/255.255.255.255

according to a howto "How to use SSL to remotely access the server manager" the following command will give me access followed by restarting httpd

/sbin/e-smith/db configuration setprop httpd-admin ValidFrom IP/Subnet[,IP/Subnet]

In my command I put IP/Subnet = 0.0.0.0/255.255.255.255 to allow access from anywhere. I was doing this as a test. I was unable to access server-manager from externally afterwards. I found out today that I was unable to access any webpages on this server.

I think that this might just have been the issue after repairing my proxypasserror.

If you could shed any light on this matter now that would be great!

Cheers till l8er
Thanks

Abe Loveless

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #10 on: April 10, 2003, 06:52:27 PM »
Oops... I don't think you needed that * after dmc-proxypass when you did the uninstall of the rpm.

Try "rpm -q dmc-proxypass", that should query the system and let you know which version is installed.  Then to uninstall, you would use "rpm -e dmc-proxypass"

There is a PowerPoint slide concerning working with rpm's in this presentation:
http://tech-geeks.org/contrib/mdrone/charleston2003/e-smith/e-smith_CaringFor.ppt

It might help you out a little.

Let me know if it still doesn't work.

Ashley Shaw

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #11 on: April 10, 2003, 07:59:23 PM »
I found this entry in httpd.conf, which is what  proxypass I think has entered:
-------------------------------------------------------------------------------------
Listen 0.0.0.0:80
# ProxyPass:
# Description: Tractor Productions Website
ProxyPass       /       http://www.tractorproductions.com
ProxyPassReverse        /       http://www.tractorproductions.com

    order deny,allow
    deny from all
    allow from 127.0.0.1 192.168.0.0/255.255.255.0

-------------------------------------------------------------------------------------
I put these commands in on your suggestion:

--------------------------------------------------------------------------------------
 /sbin/e-smith/db accounts delete / http://www.tractorproductions.com

Then re-expand the templates:
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf

Then restart apache
service httpd restart
--------------------------------------------------------------------------------------
Maybe this sheds some light on my problem

Cheers
Ash

Abe Loveless

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #12 on: April 10, 2003, 08:28:53 PM »
Ok... let's go about this a little different way.  (Remember, this is not the recommended way.)

Open the accounts db in pico

"pico -w /home/e-smith/accounts"

Look through the file for entries that say something about proxypass.  Mine was located very near the top.

When you find it, do CTRL K to cut the whole line.  Then, CTRL X to exit, press y to save, and enter to keep the existing filename.

Now, expand the template and restart apache.  Take a look in your httpd.conf file to verify whether the offending entry has been removed.

Ashley Shaw

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #13 on: April 11, 2003, 11:42:12 AM »
Hi there Abe

I have got it all working again. How can I ensure that these modifications that have been made will remain in place? What templates would I need to edit for the "accounts" file,  the template-fragments for this file seem to be eluding me. I haven't seen anything that has been put back into the "accounts" file since I have edited it, this leeds me to believe that there aren't any template fragments for this. Also, once I had removed the entry in the "accounts" file the entry in httpd.conf file had dissappeared, could you explain why this is?

Thanks to Abe Loveless for all of your assistance thus far. I have seen your name on numerous postings and it is great that people in the community are so wonderfully helpful. Thanks again!

Cheers
Ashley

Abe Loveless

Re: ANNOUNCE: ProxyPass rpm for 5.5+
« Reply #14 on: April 11, 2003, 06:57:29 PM »
Yeah, as I said... that was the "bad" way to do it.  The config files in /home/e-smith/{accounts, domains, configuration} are all automatically updated through the server's configuration.  The correct way to modify this file is through the use of the /sbin/e-smith/db commands that I referenced in an earlier post.

There are no templates for these files... and even if there were, I definitely wouldn't modify them.  These files contain the data that the templates use when generating the system's files.

That's why the lines were removed from httpd.conf after you deleted the data from the accounts db and expanded the template.

The data won't return in this file, unless you actually re-create the proxypass entry.  So, if you've got the proxypass panel removed.... you should be ok.

That help?  Let me know if you have anything else... I'm happy to help.