Serving web pages through a firewall

Posted on 19th November, 2010 | Tagged:

It is often a requirement, when developing websites that integrate with other websites, to be able to receive requests from the website you are integrating with, for example when integrating with PayPal you need to be able to reveieve the IPN postback.

And sometimes you would like to show somebody else the work you have done on your laptop where you run Apache locally and are fire-walled off from the outside world.

The answer, if you have a machine on the "outside" (a web server), is to forward incoming requests on a given sub-domain to another port on localhost and then setup an ssh tunnel from that port to port 80 on your fire-walled machine.

What is needed

  • A remote server connected directly to the internet.
  • Apache 2
  • SSH

Tunnel

First off setup port forwarding from your local machine, in my case a laptop.

ssh -R 8126:127.0.0.1:80 root@example.com

or:

ssh -R <remote_port>:<local_host>:<local_port> <username>@<remote_host>
  • remote_port: is the port we will open on the remote server
  • local_host: normally localhost, but my 127.0.0.1 works for me.
  • local_port: port to forward to, port 80 is the default for HTTP traffic and is what my browser is listening on. (I assume)
  • username/remote_host credentials you normally use to connect to server, you might have to use root, not sure.

Apache configuration

Then you will need to setup the "forwarding" on apache, technically I dont think it is forwarding as it uses the word "proxy" alot.

  1. Enable mod_proxy (for Debian/Ubuntu)

    a2enmod proxy

  2. Enable proxy_http

    a2enmod proxy_http

  3. Enable forwarding WARNING! this may create a security problem, if you care about security, do some research.

# /etc/apache2/mods-enabled/proxy.conf
<IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
        #spammers to use your proxy to send email.

        ProxyRequests On

        <Proxy *:80>
                AddDefaultCharset off
                Order deny,allow
                # Deny from all
                Allow from localhost
        </Proxy>

        # Enable/disable the handling of HTTP/1.1 "Via:" headers.
        # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
        # Set to one of: Off | On | Full | Block

        ProxyVia On
</IfModule>

Now create a new virtual host like the following:

<VirtualHost *:80>
        ServerName mylaptop.example.com
        ProxyPass   /   http://localhost:8126/
        ProxyPassReverse / http://localhost:8126/
</VirtualHost>

Restart apache2

/etc/init.d/apache2 restart

and there it is. Now if you visit "mylaptop.example.com" you should be served by your local machines web server.

Comments

This bricked my web server

Posted by Dan, 19th Dec 2010
Warning: The above configuration will serve proxy requests for ANYONE, and my server was DOS'ed by some bot using it to click ad buttons!

Post new comment


type "i hate spam" in UPPER CASE

Tags

10 Latest Items