Use mod_proxy improved safety LAMP

3. the personal customer list of Apache configuration # StuffeveryApacheconfigurationneedsServerTypestandaloneLockFile/var/lock/apache/accept.nimrod.lockpidfile/var/run/apache.nimrod.pidServerNamenecessaryevil.nimrod.tldDocumentRoot "/home/nimrod/web" # EssentialmodulesLoadModuleaccess_module/usr/lib/apache/1.3/mod_access.so # WhichusertorunthisApacheconfigurationasUsernimrodGroupnimrod # Thismustbeoffelsethehostisn'tpassedcorrectlyUseCanonicalNameOf # TheIP/portcombinationtolistenonListen127.0.0.2: 10001 # Usingname-basedvirtualhostingallowsyoutohostmultiplesitesperIP/portcomboNameVirtualHost127.0.0.2: 10001 servernamewww.reckless.tld # Youcanaddaliasessolongasthefacadeserverisawareoftem! ServerAliasreckless.tldDocumentRoot "/home/nimrod/web/www.reckless.tld" OptionsIndexesFollowSymLinksMultiViewsExecCGIIncludesAllowOverrideAllOrderallow, denyAllowfromall listing 4 illustrates the facade Apache instance configuration.

Listing 4. facade Apache instance of Apache configuration # StuffeveryApacheconfigurationneedsLockFile/var/lock/apache/accept.www-data.lockPidFile/var/run/apache.www-data.pidServerNamenecessaryevil.facade.serverDocumentRoot "/home/www-data" # EssentialmodulesLoadModuleproxy_module/usr/lib/modules/apache2/usr/lib/mod_proxy.soLoadModuleproxy_http_module/apache2/modules/mod_proxy_http.so # WhichusertorunthisApacheconfigurationasUserwww-dataGroupwww-data # Thesemustbesetelsethehostisn'tpassedcorrectlyUseCanonicalNameOfProxyViaOnProxyRequestsOf # Thismustalsobeset, thoughit'sonlyanoptioninApace2ProxyPreserveHostOn # TheIP/portcombinationtolistenonListen9.20.1.1: 80 # Usingname-basedvirtualhostingallowsyoutohostmultiplesitesperIP/portcomboNameVirtualHost9.20.1.1: 80 # Configurationtoforwardrequestsforstartup.tld ServerNamewww.startup.tldServerAliasstartup.tldProxyPass/http://127.0.0.2:10000/proxypassreverse/http://127.0.0.2:10000/proxypassreverse/http://www.startup.tld:10000/proxypassreverse/http://startup.tld:10000/#configurationtoforwardrequestsfOrreckless.tld ServerNamewww.reckless.tldServerAliasreckless.tldProxyPass/http://127.0.0.2:10001/proxypassreverse/http://127.0.0.2:10001/proxypassreverse/http://www.reckless.tld:10001/proxypassreverse/http://reckless.tld:10001/is important to note here the ProxyPreserveHost directive. This instruction is provided by Apache2, it resolves to the correct HTTP header to the back-end server. Therefore, we strongly recommend that you use an instance as a facade Server Apache2. Run the sample configuration root user should run each configuration. Apache will be specified in the configuration file, and use it for all the processes associated with the host. Listing 5 illustrates the method to run the sample. 5. start the sample server/usr/sbin/apache-f/etc/apache/startup.tld.con/usr/sbin/apache-f/etc/apache/nimrod.tld.con/usr/sbin/apache2-f/etc/apache2/facade.tld.confmod_proxy method restrictions it is important to note that the method described in this article shall not apply to require SSL connections. This is because the SSL protocol does not allow the domain Web hosting. Because of this limitation, any SSL host must be implemented in an appropriate manner, so that each SSL domain using its own IP/port combination. This limit on all Apache configuration are present, use the solution of the Apache is no exception. Still in their owner's user ID to run SSL domain. Closing remarks in this article, using Apache's mod_proxy module builds an environment, in this context has a facade server forwards the request to the two back-end server. You can on a range of back-end server in the same way. This approach enables system administrators to reduce potential security risks, while maintaining PHP and other tools provide flexibility. Original link: http://www.ibm.com/developerworks/cn/web/wa-lampsec/index.html?ca=drs-