fixfamily

End in Tears, by Ruth Rendell.

For future reference. Please ignore unless you’re having a similar problem.

The problem: A Cocoon application server runs on port 8085, but should be visible to the outside as if running on port 80 (this is a real-world issue: my work place blocks all outgoing connections apart from 80 and 443).

Further complications: It should run on a server that also hosts a couple of sub domains of jfix.com. The server is a Debian sarge installation which until recently had Apache 1.3 installed. The mod_proxy module required for reverse proxying was neither compiled in the binary nor available as a runtime-loadable module (or I didn’t look carefully enough). So I had to upgrade to Apache 2.0.55.

Of course, I could have used the subdomain dynaprism.jfix.com or something similar, but fortunately I own the dynaprism.org domain, so I am going to use it. The official URL for the application is http://beta.dynaprism.org/, but internally it resolves to http://10.0.1.3:8085/dy/

The magic for this resides in the Apache configuration:

ProxyRequests Off

<Proxy http://10.0.1.3:8085/*>
  Order Deny,Allow
  Allow from all
</Proxy>

<Virtualhost 10.0.1.3:80>
  #ServerName      beta.dynaprism.org
  ProxyPass        / http://10.0.1.3:8085/
  ProxyPassReverse / http://10.0.1.3:8085/
</Virtualhost>

When things didn’t work in the beginning I sent an (so far unanswered) message to the users@httpd discussion list detailing my problem, but I finally found out on my own that I simply didn’t have the Proxy section which allows reverse proxying for all clients to be performed. In the error log I had lines like this one:

[Sun Mar 19 23:56:32 2006] [error] [client cc.xx.yy.zz] client denied by server configuration: proxy:http://10.0.1.3:8085/dy/

By the way, reverse proxying is a technique which allows a website operator to run websites on different machines, and they all appear to live in the same URL space. Forward proxying on the other hand is mainly used in big organizations where all users have to use one proxy to access outside services. One could say, reverse is proxying from the point of view of the server, while forward is proxying from the client’s point of view.

Helpful (although slightly insufficient) information:
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

Now I have only to solve the slightly related problem of getting modxslt for the photo albums to work again, under Apache 2.

Das Wüten der ganzen Welt, von Maarten t’Hart.

Wir waren also in Frankreich.

Die Marie vom Hafen, von Georges Simeon. Interessant vor allen Dingen, weil die Handlung teilweise in der Gegend um Poissy spielt, in einem Ort namens Jeanneville, dessen Klang dem von Villennes nicht unaehnlich ist, und der der Beschreibung nach ungefaehr zwischen Poissy und Orgeval liegt.