This may be a bit of a long shot but is anyone familiar with Webmin or Usermin, and has anyone tried serving either from behind a proxy?
I'd like to offer minimal Usermin to mail users and the like, but I'd like to proxy it through Apache to keep it in the same namespace (and on the same port) as the rest of my HTTPS applications.
The most likely culprits for an Apache config issue are the proxy statements: ProxyPass / https://localhost:20000/ ProxyPassReverse / https://localhost:20000/
Usermin works fine as a direct request on port 20000, but the proxy returns 403: Forbidden. The Apache logs show the 403, but I think it was originated by Usermin and I can't find anything useful in its logs (it's not even producing one of the log files). Turning off Usermin's SSL doesn't make any difference, nor does using IP or FQDN instead of 'localhost' in the proxy directives. Usermin should be accepting connections from any IP, so I think it dislikes something about the proxying.
I barely understand what mod_proxy is up to at the best of times. Anyone got any suggestions? Anything else I could look at?
Thanks, Matthew
On 4 Apr 2007, at 3:01 pm, Matthew wrote:
This may be a bit of a long shot but is anyone familiar with Webmin or Usermin, and has anyone tried serving either from behind a proxy?
I'd like to offer minimal Usermin to mail users and the like, but I'd like to proxy it through Apache to keep it in the same namespace (and on the same port) as the rest of my HTTPS applications.
The most likely culprits for an Apache config issue are the proxy statements: ProxyPass / https://localhost:20000/ ProxyPassReverse / https://localhost:20000/
Usermin works fine as a direct request on port 20000, but the proxy returns 403: Forbidden. The Apache logs show the 403, but I think it was originated by Usermin and I can't find anything useful in its logs (it's not even producing one of the log files). Turning off Usermin's SSL doesn't make any difference, nor does using IP or FQDN instead of 'localhost' in the proxy directives. Usermin should be accepting connections from any IP, so I think it dislikes something about the proxying.
I barely understand what mod_proxy is up to at the best of times. Anyone got any suggestions? Anything else I could look at?
Thanks, Matthew
I believe you need to add something like
<Proxy *> Order deny,allow Allow from all </Proxy>
To allow access to the proxy.
Thanks,
Dave
On 4 Apr 2007, at 4:25 pm, David Reynolds wrote:
I believe you need to add something like
<Proxy *> Order deny,allow Allow from all
</Proxy>
To allow access to the proxy.
I've just been reliably informed (by Brett on IRC) that <Proxy *> is not a good idea and that you should bind it to a particular ip:port
So..
<Proxy ip:port> Order deny,allow Allow from all </Proxy>
Thanks,
Dave
-
David Reynolds -
Matthew