Apache reverse proxy on Linux firewall

Article title: Apache reverse proxy on Linux firewall. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
This article describes how to install Apache, a Web server with proxy and rewrite rules, on the enterprise firewall, and how to compile and set Apache. After the installation is successful, the elastic VM settings allow external users to access multiple Web servers on the internal LAN through the firewall.
　　
I. test environment and network structure
　　
---- The testing environment used in this article is Redhat Linux 7.2 and Apache 1.3.24. The company domain name is assumed to be company.com. The company's typical network structure is shown in the figure below.
　　
Note: Two NICs are installed on the firewall in the figure. the external public address of port e0 is 1.2.3.4, and the internal reserved address of port e1 is 192.168.2.1. There are three Web servers A, B, and C in the LAN. their domain names are weba.company.com, webb.company.com, and webc.company.com respectively. they both use internal reserved addresses.
　　
II. Procedure
　　
---- As shown in the figure above, the company connected to the Internet through a leased line, installed a firewall, and three Web servers in the LAN, all of which only have internal reserved addresses, but they hope they can provide external Web services.
　　
---- 1. set DNS
---- Set the DNS of the three internal Web servers on the firewall (and also the company's DNS server). the IP addresses are all 1.2.3.4. In this way, when weba.company.com, webb.company.com, and webc.company.com are parsed on the Internet, they all point to the same IP address, that is, the firewall's external interface address 1.2.3.4.
　　
---- 2. download Apache
---- Download the latest Apache 1.3.24 version from the apache website (http://www.apache.org) to the/root directory, http://www.apache.org/dist/httpd/apache_1.3.24.tar.gz.
　　
---- 3. change the source code so that the maximum number of allowed requests exceeds 256
---- The maximum number of connections allowed by Apache by default is 256, and the number of connections on a busy website may not meet the requirements, in particular, this article describes how to allow external users to access multiple internal Web servers through the Apache reverse proxy on the firewall. you can change src/include/httpd. the specific steps of the H file are as follows.
　　
# Switch the cd/root directory to/root
# Tar xvfz apache_1.3.24.tar.gz unbind the apache source file to/root
# Cd apache_1.3.24 go to the apache_1.3.24 Directory
# Vi src/include/httpd. h use vi to edit httpd. h file
---- Input "vi src/include/httpd. after the "h" command, enter "/256" and press "enter" to search for the number 256, change it to 1024, and then save and exit.
　　
---- NOTE:
　　
---- ① To support requests from a maximum of 1024 customers, you must not only change the source file mentioned above, but also set/usr/local/apache/conf/httpd after compilation and installation. in the conf file, change the parameter after the "MaxClients" line to "1024 ".
　　
---- ② If you only want to perform the test, or do not have many users, you can leave the httpd. h file unchanged.
　　
---- 4. compile Apache
---- Compile the code as shown in code 1.
　　
Code 1
# Cd apache_1.3.24
#./Configure -- prefix =/usr/local/apache
-- Enable-module = most
-- Enable-shared = max
-- Enable-module = proxy
-- Enable-shared = proxy
-- Enable-module = rewrite
-- Enable-shared = rewrite
Compile most modules
Set the module to DSO (dynamic shared object) mode
Start the agent module
Install the proxy module in DSO mode
Enable rewrite function module
Install the rewrite function module in DSO mode.
　　
---- Note: When compiling Apache, you must compile most modules, set them to DSO mode, start the proxy and rewrite modules, and set them to DSO mode.
---- # Make
---- # Make install
　　
---- Install all Apache files in the/usr/local/apache directory.
　　
---- 5. set a domain name-based VM in the httpd. conf file
---- Find the httpd. conf file in the/usr/local/apache Directory and add the following content to this file.
　　
NameVirtualHost 1.2.3.4: 80
<VirtualHost 1.2.3.4: 80>
ServerAdmin root@company.com
DocumentRoot/usr/local/apache/htdocs
ServerName default.company.com
ErrorLog/usr/local/apache_http/logs/error_log
CustomLog/usr/local/apache_http/logs/access_log combined
UseCanonicalName Off
ProxyRequests Off
RewriteEngine on
RewriteCond % {HTTP_HOST}. * \. company \. com $
RewriteRule ^/(. *) $ http: // % {HTTP_HOST}/$1 [P, L]
</VirtualHost>
---- NOTE:
　　
---- ① The domain name-based reverse proxy VM is set above, so that when you access a host with the IP address 1.2.3.4 from outside, and the domain name following the URL address is "company.com ", apache can forward user requests to Web servers in the LAN, and rewrite the response data packet to remove the proxy protocol.
　　
---- ② A row of "ServerName" can be specified at will.
　　
---- ③ The "ProxyRequest Off" line is used to prohibit Apache from providing proxy services on the host with the IP address 1.2.3.4 and port 80. here, Apache is used as a transparent proxy server.
　　
---- ④ A row of "RewriteEngine on" is used to start Apache's function of modifying response data packets. Otherwise, the following "RewriteCond" and "RewriteRule" will not work.
　　
---- 6. add the record to the/etc/hosts file.
---- In the preceding VM rewrite rules, the URL after rewriting is the same as the URL you requested, our idea is to put the following three domain names in the/etc/hosts file of the firewall, so that Apache will get content from the three internal Web servers and return it to external users, the domain name records are as follows.
　　
---- 192.168.2.2 weba.company.com
---- 192.168.2.3 webb.company.com
---- 192.168.2.4 webc.company.com
　　
III. Summary
　　
---- In this way, when external users access the http://weba.company.com, requests are sent to the firewall's Apache, the Apache reverse proxy on the firewall directly retrieves content from the Web server whose IP address is 192.168.2.2 based on the records defined in the/etc/hosts file and returns the content to external users, in this way, the internal Web server weba.company.com can provide external access.
　　
---- After configuring Apache, if you need to add more internal Web servers to provide external access services, you only need to set the IP address of the DNS server to 1.2.3.4, add the corresponding records to the/etc/hosts file.