* * * * *

                               The teflon shan

Okay, yesterday [1] wasn't quite as bad as I made it out to be.

 1. I'll get to this in a moment, but it did involve installing a new
    version of Apache.
 2. I could use the exercise anyway.
 3. There wasn't much I could do about the power that hadn't already been
    done (except for running around in a mad panic).

So, that leaves setting up a “reverse proxy [2]” as per request. The server
was running Apache 1.3 (at the time of install, there were still some issues
pertaining to PHP [3] and Apache 2.0, and I'm a very firm believer of “if it
ain't broke, **don't fix it!**” theory of management) and what they were
asking required features only available under Apache 2.0 or higher.

So I downloaded the latest version (2.2.2) and spent several hours getting it
compiled correctly. It's not that it didn't compile cleanly, but in setting
it up, I would have expected:

> ./configure --enable-mods-shared=all [other options not important]
>

to, you know, compile all the available modules. Only, it doesn't. It
compiles most of the modules. I had to explicitely include support for SSL
(Secure Socket Layer), proxy and the caching modules. Go figure.

The only other rough spot I encountered was a rash of 403 Forbidden result
codes when trying to browse the websites normally on the box. Going back to
Apache 1.3 they all worked. Apache 2.2? All the sites were forbidden.

Now, the configuration files between 1.3 and 2.2 haven't changed that much
(thankfully! There's over a thousand sites on the box) but still, it took me
several hours to track down the problem which is due to some changes in the
default configuration. Apache 2.2 has the following as part of the default
settings:

> <Directory />
>     Options FollowSymLinks
>     AllowOverride None
>     Order deny,allow
>     Deny from all
> </Directory>
>

Apache 1.3 doesn't.

And since the websites are not under the default location, but elsewhere,
that bit of configuration meant that none of the sites were accessible by
anyone. Yes, sometimes the obvious things take awhile to notice.

But that's all working now.

[1] gopher://gopher.conman.org/0Phlog:2006/07/12.1
[2] http://en.wikipedia.org/wiki/Reverse_proxy
[3] http://www.php.net/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.