wiredfool

Manila behind Apache

This article is an addition to an article that I wrote about a year and a half ago. One of the limitations to this approach is that was only complete for older sites that didn’t use Frontier’s virtual domain system. This was noted by Michael Zajac in a post to the Frontier-osx discussion group. His solution was to hardwire a host name from a script at config.mainresponder.callbacks.controlAccess.rewriteHost, which is called early in a Mainresponder response. My updated method builds on this and goes somewhat further towards a more complete integration – allowing all normal Frontier webserver actions: virtual hosting in Frontier and Apache, control panel access, working referer checking, and IP address control.

***The Key Change

There are two key changes that I’ve made: I trust a couple of the extra headers that the Apache proxy module adds about the real client and I’ve moved the callback to user.webserver.prefilters to allow all of the responders to work normally.

The proxy module adds the client and host info to the request in X-Forwarded headers.

X-Forwarded-For: 216.231.55.35
X-Forwarded-Host: leek.wiredfool.com

These should only really be trusted if there is no way that any untrusted user can access an http port directly on your system, either on the main or the management port. I suspect that the only danger would be due to ip spoofing.
Download my user.webserver.prefilters callback here. This filter sets the client ip and host information from the extra request headers. (note that something similar could be done with any proxy that adds this sort of headers)

***The full apache config file

This is the full working config file for wiredfool.com, in all it’s gems/static/dynamic glory. I’ve stored this at /etc/httpd/users/wiredfool.conf so that is it not going to get tromped on in any Apple updates. The only changes to the main httpd.conf file are to uncomment the mod_proxy lines.

#This prevents running an open proxy.

    ProxyRequests Off

 
NameVirtualHost 216.231.55.38
 
AddType  application/octet-stream  .root
AddType  application/x-frontier-tabl  .fttb
 
# static portions...
 

    DocumentRoot "/Frontier/Guest Databases/www/pictures"
    ServerName static.wiredfool.com

 

    DocumentRoot "/Frontier/Guest Databases/www/gems/wiredfool"
    ServerName gems.wiredfool.com

 
#passthrough to frontier   
 

    DocumentRoot "/Frontier/Guest Databases/www/gems/wiredfool"
    ServerName www.wiredfool.com 
    ServerAlias wiredfool.com leek.wiredfool.com
 
    RewriteEngine On
    RewriteRule ^/(.*)$  http://127.0.0.1:8000/$1 [P,NE]

The last virtual host clause could be done in the default host, so that any domain not explicitly mentioned in the static section would be passed into frontier. If I were doing more than two or three dynamic sites on this machine, that is the path that I would take.

No comments

No comments yet. Be the first.

Leave a reply

You must be logged in to post a comment.