It does nothing for the users browser bar. It's all internal to the
system. The user has no idea that requests are being forwarded to a
different instance inside my firewall.

It's a great way to split things up for each domain/subdomain internally so
they each have their own instance. I don't want all my sites running in
one instance.



On Thu, Jun 21, 2018 at 7:44 AM Nathan Andelin <nandelin@xxxxxxxxx> wrote:

Brad,

My understanding is that your rewrite rule redirects any requests for port
80 to port nnnn. That will add the nnnn port to the browser's address bar.
From then on, the browser interacts with the HTTP server that is listening
on port nnnn, rather than port 80.

A reverse proxy configuration is a little different, in that the browser
address bar never changes, and the browser never knows that requests are
being passed to a different HTTP server instance. Requests are
automatically passed through port 80 and port 443 to another server that is
listening on port nnnn. The pass-through process is handled entirely on the
server.

Rather than implementing SSL in all HTTP server instances, you can just do
that in the reverse proxy instance. That would be my preference, however
since the ProxyPass directive appears to be broken on my server, I may have
to fall back to using a rewrite rule like you.





On Wed, Jun 20, 2018 at 10:11 PM, Bradley Stone <bvstone@xxxxxxxxx> wrote:

The whole point is, I don't want one big config with virtual hosts. I
want
each server running on it's own IP/port.

I want one instance passing requests to the appropriate instance. Not
one
big instance handling everything.

Reverse proxy <> Virtual Hosts.


Bradley V. Stone
www.bvstools.com
GreenTools for # Slack # <https://www.bvstools.com/g4slk.html>: Easy to
use
interfaces for sending and receiving messages on Slack!

On Wed, Jun 20, 2018 at 3:35 PM Nathan Andelin <nandelin@xxxxxxxxx>
wrote:

Brad,

If I understand correctly, the sample configuration that you referenced
above doesn't implement a reverse proxy. Rather it implements a rewrite
rule that redirects the browser to a different server. You could remove
the
ProxyPreserveHost and all of the LoadModule directives from your
configuration, and your rewrite rule in your <VirtualHost> block would
still run fine.

In order to implement SSL, you could add a couple lines to your
<VirtualHost> block:

SSLEngine On
SSLAppName QIBM_HTTP_SERVER_WILDCARD (whatever name may have been
configured in DCM)

SSL also requires the following LoadModule:

LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM



On Wed, Jun 20, 2018 at 1:50 PM, Bradley Stone <bvstone@xxxxxxxxx>
wrote:

Here's how I do it to route specific host names to an internal IP:

https://www.fieldexit.com/forum/display?threadid=14

For SSL it doesn't work, though. I haven't figured that one out
yet..
once
I get time I hope to though.

On Wed, Jun 20, 2018 at 10:35 AM Nathan Andelin <nandelin@xxxxxxxxx>
wrote:

Would anyone be willing to post an HTTP server configuration for a
reverse
proxy running on IBM i 7.3?

The one I migrated from 7.1 doesn't work at 7.3. I whittled it down
to
the
following (attempting to simplify):

LoadModule proxy_connect_module /QSYS.LIB/QHTTPSVR.LIB/
QZSRCORE.SRVPGM
LoadModule proxy_ftp_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
Listen *:80 http
ProxyPassReverse / http://65.103.249.57:9000/
ProxyPass / http://65.103.249.57:9000/

When I do logging in both the reverse proxy instance, which is
listening
on
port 80, and the normal instance which is listening on port 9000,
the
requested URL's often don't match. Some of the URL's requested are
munged
into unexpected paths, which don't exist, as logged by the instance
that
is
running on port 9000.

I figure I'm missing some "fix_it" directive.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



Bradley V. Stone
www.bvstools.com
Need to interface with Braintree with your IBM i? Contact me
<https://www.bvstools.com/contact.html> for more information!

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.