I. test environment and Network Structure
The testing environment used in this article is Redhat Linux 7.2 and Apache 1.3.24. The Company domain name is assumed to be company.com. The company's typical network structure is shown in the figure below.
Note: Two NICs are installed on the firewall in the figure. The external public address of port e0 is 1.2.3.4, and the internal reserved address of port e1 is 192.168.2.1. There are three Web servers A, B, and C in the LAN. Their domain names are weba.company.com, webb.company.com, and webc.company.com respectively. They both use internal reserved addresses.
Ii. Procedure
As shown in the figure below, the company connected to the Internet through a leased line and installed a firewall. There are three Web servers in the LAN, all of which only have internal reserved addresses, but they hope they can provide external Web services.
1. Set DNS
Set the DNS of the three internal Web servers on the firewall (also the company's DNS server). The IP addresses are all 1.2.3.4. In this way, when weba.company.com, webb.company.com, and webc.company.com are parsed on the Internet, they all point to the same IP address, that is, the firewall's external interface address 1.2.3.4.
2. Download Apache
Download the latest Apache 1.3.24 version from the apache website (http://www.apache.org) to the/root directory, http://www.apache.org/dist/httpd/apache_1.3.24.tar.gz.
3. Change the source code so that the maximum number of allowed requests exceeds 256
Because Apache allows a maximum of 256 connections by default, the number of connections on a busy website may not meet your needs, in particular, this article describes how to allow external users to access multiple internal Web Servers through the Apache reverse proxy on the firewall. You can change src/include/httpd. the specific steps of the H file are as follows.
# Switch the cd/root directory to/root
# Tar xvfz apache_1.3.24.tar.gz unbind the apache source file to/root
# Cd apache_1.3.24 Go To The apache_1.3.24 directory
# Vi src/include/httpd. h use vi to edit httpd. h file
Enter "vi src/include/httpd. after the "h" command, enter "/256" and press "enter" to search for the number 256, change it to 1024, and then save and exit.
Note:
① To support requests from a maximum of 1024 customers at the same time, you must not only change the source file mentioned above, but also set/usr/local/apache/conf/httpd after compilation and installation. in the conf file, change the parameter after the "MaxClients" line to "1024 ".
② If you only want to perform the test, or do not have many users, you can leave the httpd. h file unchanged.
4. Compile Apache
Compile the code as shown in Code 1.
Code 1
# Cd apache_1.3.24
#./Configure -- prefix =/usr/local/apache
-- Enable-module = most
-- Enable-shared = max
-- Enable-module = proxy
-- Enable-shared = proxy
-- Enable-module = rewrite
-- Enable-shared = rewrite
Compile most modules
Set the module to DSO (dynamic shared object) Mode
Start the Agent Module
Install the proxy module in DSO Mode
Enable rewrite function module
Install the rewrite function module in DSO mode.
Note: When compiling Apache, you must compile most modules, set them to DSO mode, start the proxy and rewrite modules, and set them to DSO mode.
# Make
# Make install
Install all Apache files in the/usr/local/apache directory.
5. Set the domain name-based VM in the httpd. conf file
Find the httpd. conf file in the/usr/local/apache directory and add the following content to the file.
NameVirtualHost 1.2.3.4: 80
<VirtualHost 1.2.3.4: 80>
ServerAdmin root@company.com
DocumentRoot/usr/local/apache/htdocs
ServerName default.company.com
ErrorLog/usr/local/apache_http/logs/error_log
CustomLog/usr/local/apache_http/logs/access_log combined
UseCanonicalName Off
ProxyRequests Off
RewriteEngine on
RewriteCond % {HTTP_HOST}. * \. company \. com $
RewriteRule ^/(. *) $ http: // % {HTTP_HOST}/$1 [P, L]
</VirtualHost>
Note:
① The domain name-based reverse proxy virtual host is set up above, so that when you access a host with an IP address of 1.2.3.4 from outside, and the domain name following the URL address is "company.com ", apache can forward user requests to Web servers in the LAN, and rewrite the response data packet to remove the proxy protocol.
② A row of "ServerName" can be specified at will.
③ One "ProxyRequest Off" line is used to prohibit Apache from providing proxy services on host and port 80 with the IP address 1.2.3.4. Here, Apache is used as a transparent proxy server.
④ A row of "RewriteEngine on" is used to start Apache's function of modifying response data packets. Otherwise, the following "RewriteCond" and "RewriteRule" will not work.
6. Add a record to the/etc/hosts file.
In the preceding VM rewrite rules, the URL after rewriting is the same as the URL you requested, our idea is to put the following three domain names in the/etc/hosts file of the firewall, so that Apache will get content from the three internal Web servers and return it to external users, the domain name records are as follows.
192.168.2.2 weba.company.com
192.168.2.3 webb.company.com
192.168.2.4 webc.company.com
Iii. Summary
In this way, when external users access the http://weba.company.com, requests are sent to the firewall's Apache, the Apache reverse proxy on the firewall directly retrieves content from the Web server whose IP address is 192.168.2.2 based on the records defined in the/etc/hosts file and returns the content to external users, in this way, the internal Web server weba.company.com can provide external access.
After configuring Apache, if you need to add more internal Web servers to provide external access services, you only need to set the IP address of the DNS server to 1.2.3.4, add the corresponding records to the/etc/hosts file.