On Aug 7, 2008, at 11:07 AM, James G. Sack (jim) wrote:
Michael J McCafferty wrote:
All,
I have a customer that we are redirecting inbound connections to
port
80 to port 8080 for him, using our equipment in front of his servers.
However, that equipment is being replaced and the the same
functionality
is not going to be available on the new gear.
At the risk of sounding stupid, why don't the individual servers that
want to receive inbound port 80 just configure their apache(?) to
listen
on 80?
Hmm... Okay, re-reading that, it'd be simpler to set up apache to
redirect anything on :80 to :8080.
I'm assuming the thing running on 8080 is tomcat or some other thing.
Even with a bone-stock-default CentOS-installed Apache, all you need
to do is add this to httpd.conf (or as its own something.conf file in /
etc/httpd/conf.d):
NamedVirtualHost *:80
<VirtualHost *:80>
ServerName host.domain.tld
ServerAdmin [EMAIL PROTECTED]
RewriteEngine on
RewriteRule ^/(.*) http://host.domain.tld:8080/$1 [R]
</VirtualHost>
If it's actually a tomcat application, and they'd rather have all
access via port 80 rather than redirecting the browser to 8080, do this:
NamedVirtualHost *:80
<VirtualHost *:80>
ServerName host.domain.tld
ServerAdmin [EMAIL PROTECTED]
ProxyPass / http://host.domain.tld:8080/
ProxyPassReverse / http://host.domain.tld:8080/
</VirtualHost>
That will have apache cleanly proxy between port 80 for the browser
and the back-end service running on 8080, without having to involve
iptables or port forwarding at all.
Personally, I prefer doing it this way, as the proxy takes care of
cleanly rewriting URLs as needed so that everything knows what it's
talking about, and you don't have any :8080 urls sneaking out.
Gregory
--
Gregory K. Ruiz-Ade <[EMAIL PROTECTED]>
OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
