Reverse proxy VS Port forwarding
Results 1 to 10 of 10

Thread: Reverse proxy VS Port forwarding

  1. #1
    Member
    Join Date
    Oct 2012
    Posts
    20

    Reverse proxy VS Port forwarding

    Is any difference if apache reverse proxy on the way or firewall port forwarding ?

  2. #2
    CTO ZeXtras Employee d0s0n's Avatar
    Join Date
    Apr 2011
    Posts
    570
    Hi slava.

    The two strategies are very different, because the proxy is made in a higher networking level (4) than the port forwarding (3) on the TCP model. However many activesync clients cannot change the standard ports.

    PS: I deleted your previous post because is not related to this thread and you have already re-posted it in another thread.
    ZeXtras Website # ZeXtras Wiki # ZeXtras Store

    Head of ZeXtras System Administrators

  3. #3
    Member
    Join Date
    Oct 2012
    Posts
    20
    Here the problem what I experience. It only affected by Ping&User cmd. Rest services returning 200 . I tried adjust proxy settings. But it didn't resolved the issue.

    SetEnv force-proxy-request-1.0 1
    SetEnv proxy-nokeepalive 1
    connectiontimeout=300 timeout=300

    My HTTP rewrites to HTTPS

    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]



    XXXXXXXXX - - [13/Jan/2013:11:22:36 -0500] "POST /Microsoft-Server-ActiveSync?Cmd=Sync&User=skillsearch.ca%5Cvolga629 &DeviceId=androidc106220754&DeviceType=Android HTTP/1.1" 200 76 "-" "motorola-XT910/1.0"


    XXXXXXXXXX - - [13/Jan/2013:11:18:54 -0500] "POST /Microsoft-Server-ActiveSync?Cmd=Ping&User=skillsearch.ca%5Cvolga629 &DeviceId=androidc106220754&DeviceType=Android HTTP/1.1" 502 522 "-" "motorola-XT910/1.0"

  4. #4
    CTO ZeXtras Employee d0s0n's Avatar
    Join Date
    Apr 2011
    Posts
    570
    Hi Slava,
    you are experience the error code 502:
    This usually does not mean that the upstream server is down (no response to the gateway/proxy), but rather that the upstream server and the gateway/proxy do not agree on the protocol for exchanging data. Given that Internet protocols are quite clear, it often means that one or both machines have been incorrectly or incompletely programmed.
    I think you have a configuration problem, the directives you have posted are used for http -> https redirection, not for proxing purpose.

    If you need more help in your case (it's not a ZeXtras issue), please explain better all your network enviroment, I'll try to help you.

    D0s0n
    ZeXtras Website # ZeXtras Wiki # ZeXtras Store

    Head of ZeXtras System Administrators

  5. #5
    Member
    Join Date
    Oct 2012
    Posts
    20
    Hello D0s0n,
    Thank you on you reply, I didn't posted all my httpd config. I am using apache reverse proxy which will pass to mail server which listen connection through nginx web proxy port.

    So if connection on port 443 hit httpd it pass to nginx and after load the page. Also port 80 on httpd rewrites into 443.

    This httpd config.

    <Proxy *>
    Order deny,allow
    Allow from all
    SetEnv force-proxy-request-1.0 1
    SetEnv proxy-nokeepalive 1
    </Proxy>

    <VirtualHost private ip:80>
    ServerName server name
    ServerAdmin admin email
    RewriteEngine On
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
    </VirtualHost>

    <VirtualHost private ip:443>
    ServerName server name
    ServerAdmin admin email
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile cert dir
    SSLCertificateChainFile cert dir
    SSLCertificateKeyFile cert dir
    SSLEngine On
    SSLProxyEngine On
    ProxyPass / https://private ip nginx:60443/ connectiontimeout=300 timeout=300
    ProxyPassReverse / https://private ip nginx:60443/
    </VirtualHost>
    Last edited by slava; 01-13-2013 at 06:02 PM.

  6. #6
    Member
    Join Date
    Oct 2012
    Posts
    20
    Error in http error log.


    [Sun Jan 13 14:04:11 2013] [error] [client XXXXXXX] proxy: Error reading from remote server returned by /Microsoft-Server-ActiveSync
    [Sun Jan 13 14:04:23 2013] [error] [client XXXXXXXXXX] (70007)The timeout specified has expired: proxy: error reading status line from remote server "internal mail server name"


  7. #7
    CTO ZeXtras Employee d0s0n's Avatar
    Join Date
    Apr 2011
    Posts
    570
    Hi Slava,
    in the ActiveSync protocol, the device opens a connection to the server that needs to be keep open how the device wants, expecialy with some commands like the Ping. But I cannot understand why you have setup 2 proxies: Apache -> Nginix -> Zimbra? All in Https?

    D0s0n
    ZeXtras Website # ZeXtras Wiki # ZeXtras Store

    Head of ZeXtras System Administrators

  8. #8
    Member
    Join Date
    Oct 2012
    Posts
    20
    Hello D0s0n,
    I checked the whole production setup, and nginx is disabled for web proxy, so it only apache reverse proxy.
    All what I did is changed default port for http and https on mail server him self.
    Proxy screen shot attached.

    Topology: Internet -----> Apache 80 or 443 reverse proxy ----> Mail server connection as 2 second level.

    proxy.jpg

  9. #9
    Active Member
    Join Date
    Oct 2012
    Posts
    19
    Quote Originally Posted by d0s0n View Post
    Hi Slava,
    in the ActiveSync protocol, the device opens a connection to the server that needs to be keep open how the device wants, expecialy with some commands like the Ping.
    D0s0n
    Hi D0s0n,

    I have the same setup (Apache proxying Zimbra) and get these errors in the logs.
    Do you know what is causing them?
    Everything seems to work, but I still don't understand why some commands fail

  10. #10
    CTO ZeXtras Employee d0s0n's Avatar
    Join Date
    Apr 2011
    Posts
    570
    The best I can do is to suggest you a wiki article: Provide_HTTP(s)_Integration_with_Apache and try to increment the timeout setting (e.g. ProxyTimeout 3600).

    D0s0n
    ZeXtras Website # ZeXtras Wiki # ZeXtras Store

    Head of ZeXtras System Administrators

LinkBacks (?)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •