On Fri, 25 Jul 2003, Igor Sysoev wrote: > On Thu, 24 Jul 2003, Garrett Goebel wrote:
> > Using the loopback for the backend has the security advantage of completely > > isolating the backend from any direct communication with external hosts. How > > do I keep the backend on 127.0.0.1 _and_ handle name based virtual hosts? > > Using mod_proxy you can set up backend listening on several loopback > addresses: 127.0.0.1, 127.0.0.2, etc. Of course, you need to configure these > additional addresses in OS before the use. Also backend can listen > on several ports and the single address: 127.0.0.1:8000, 127.0.0.1:8001, etc. > > Here is example for two virtual hosts on several addresses, note that > 1) the frontend servers are name based while the backend ones are IP based; > 2) ServerName of the virtual server pairs are the same. > > [Reverse Proxy] > > NameVirtualHost frontend > > <VirtualHost frontend> > ServerName name1 > ProxyPass / http://127.0.0.1:80/ > ProxyPassReverse / http://127.0.0.1:80/ > ... > </VirtualHost> > > <VirtualHost frontend> > ServerName name2 > ProxyPass / http://127.0.0.2:80/ > ProxyPassReverse / http://127.0.0.2:80/ > ... > </VirtualHost> > > [Backend Server] > > UseCanonicalName on > > <VirtualHost 127.0.0.1> > ServerName name1 > ... > </VirtualHost> > > <VirtualHost 127.0.0.2> > ServerName name2 > ... > </VirtualHost> Sorry, if the backend set "UseCanonicalName on" then ProxyPassReverse should be changed to ProxyPassReverse / http://name1/ and ProxyPassReverse / http://name2/ or these two directives can be added to the existent ones. Igor Sysoev http://sysoev.ru/en/