Frontend behind Apache reverse proxy
Hi
I am trying to run my own frontend behind an Apache reverse proxy, but I am having trouble, which I think stems from the way that pagekite is using the CONNECT instructions. I want to do this because we want to use Apache to terminate the SSL connections and enforce client authentication.
Here is the setup that works (with out the Apache reverse proxy in between):
Fronted: ./pagekite.py --clean --frontend=localhost:9000 --backend=ssh:pc.test:localhost:22:SECRET
Backend: ./pagekite.py --logfile=pagekite.log --clean --isfrontend --ports=9000 --rawport=virtual --proto=raw --domain=raw:*.test:SECRET
If I introduce the Apache reverse proxy with the following config, things to stop working:
Listen *:8000
<VirtualHost *:8000>
<a href="/wiki/ServerAdmin/">ServerAdmin</a> webmaster@localhost
<a href="/wiki/ProxyPass/">ProxyPass</a> / http://localhost:9000/
<a href="/wiki/ProxyPassReverse/">ProxyPassReverse</a> / http://localhost:9000/
</VirtualHost>
And then use the following:
Frontend: ./pagekite.py --clean --logfile=pagekite.log --frontend=localhost:9000 --backend=ssh:pc.test:localhost:22:SECRET
Backend: ./pagekite.py --logfile=pagekite.log --clean --isfrontend --ports=8000 --rawport=virtual --proto=raw --domain=raw:*.test:SECRET
The error message on the backend is:
"Not connected to any front-ends, will retry..."
The logfile on the backend contains:
info=Collecting entropy for a secure secret.; ll=1; ts=50937c15; t=2012-11-02T00:53:57 debug=Seeded signatures using /dev/urandom, hooray!; ll=2; ts=50937c15; t=2012-11-02T00:53:57 debug=UiComm: Created; ll=3; ts=50937c15; t=2012-11-02T00:53:57 ts=50937c15; t=2012-11-02T00:53:57; ll=4; debug=FIXME: Should try epoll! ts=50937c15; t=2012-11-02T00:53:57; ll=5; info=Failed to connect; FE=127.0.0.1:8000 ts=50937c17; t=2012-11-02T00:53:59; ll=6; debug=AuthThread: done ts=50937c18; t=2012-11-02T00:54:00; ll=7; debug=UiCommunicator: done
The logfile on the frontend contains:
started=./pagekite.py; ll=0; ts=50937ca2; argv=--logfile=pagekite.log --clean --isfrontend --ports=9000 --rawport=virtual --proto=raw --domain=raw:*.test:SECRET; platform=linux2; version=0.4.6a; t=2012-11-02T00:56:18; ca_certs=/etc/ssl/certs/ca-certificates.crt info=Collecting entropy for a secure secret.; ll=1; ts=50937ca2; t=2012-11-02T00:56:18 debug=Seeded signatures using /dev/urandom, hooray!; ll=2; ts=50937ca2; t=2012-11-02T00:56:18 debug=UiComm: Created; ll=3; ts=50937ca2; t=2012-11-02T00:56:18 id=s1; ll=4; listen=:9000; ts=50937ca2; t=2012-11-02T00:56:18 ts=50937ca2; t=2012-11-02T00:56:18; ll=5; debug=FIXME: Should try epoll! ts=50937cad; t=2012-11-02T00:56:29; ll=6; accept=~0.1:43937; id=s1 ts=50937cad; t=2012-11-02T00:56:29; ll=7; debug=No back-end; on_port=9000; proto=http; domain=localhost; is=FE; id=s2/~0.1:43937 ts=50937cad; t=2012-11-02T00:56:29; ll=8; wrote=349; wbps=0; read=0; eof=1; id=s2/~0.1:43937
I think that the problem lies in what Apache is doing to the CONNECT string. Looking at the tcpdump output I see that pagekite generates a initial connection that looks like this:
CONNECT PageKite:1 HTTP/1.0^M X-PageKite-Version: 0.4.6a^M X-PageKite-Features: ZChunks^M X-PageKite: raw-22:pc.test:4be594f530eb5ccd0871b83c42b073741060::68cc1d6fdb0a6eacf358e4b333033bbffd71^M
But when Apache makes the onward connection to the frontend it does this:
CONNECT / HTTP/1.1^M Host: localhost:9000^M X-PageKite-Version: 0.4.6a^M X-PageKite-Features: ZChunks^M X-PageKite: raw-22:pc.test:4be594f530eb5ccd0871b83c42b073741060::68cc1d6fdb0a6eacf358e4b333033bbffd71^M X-Forwarded-For: 127.0.0.1^M X-Forwarded-Server: dist-361152580.eu-west-1.elb.amazonaws.com^M Connection: Keep-Alive^M
Any clues as to what I might try to make this work?
Thanks
Richard
Support
Links
The Beanstalks Project ehf.
Comments