From: Amedee V. G. <am...@am...> - 2007-09-28 22:32:05
|
I'm following the information on http://doxfer.com/Webmin/UnderApache#Webmin_Proxied_Through_Apache I have a debian minimal installation, plain vanilla configuration. Default configuration. 1. Make sure mod_proxy is installed on your Apache webserver. 2. Add the following directives to the Apache configuration file: ProxyPass /webmin/ http://localhost:10000/ ProxyPassReverse /webmin/ http://localhost:10000/ 3. Add the lines webprefix=3D/webmin and webprefixnoredir=3D1 to /etc/webmin/config. 4. In /etc/webmin/config, add the line referer=3Dapachehost, where apachehost is the hostname from the URL used to access Webmin via Apache. If the referer line already has some hosts listed, add apachehost to it. 5. Re-start Apache to apply the configuration. This is how I followed the instructions: 1 - a2enmod proxy 2 - edited /etc/apache2/apache2.conf and added those lines at the bottom 3 & 4 - added the following 3 lines to /etc/webmin/config: webprefix=3D/webmin webprefixnoredir=3D1 referer=3Dmy.host.name 5 - /etc/init.d/apache2 restart This is the result: Forbidden You don't have permission to access /webmin/ on this server. In /var/log/apache2/error.log I read: client denied by server configuration: proxy:https://localhost:10000/ It's obvious I haven't done anything wrong here, the instructions are easy enough to follow. My conclusion is that I still need to do something else that is not yet explained, and I don't know what. My 2 questions to the list: 1. can someone please help me getting this to work 2. when it works and I have found out the mising pieces of the instructions, what do I have to do to get the changes on the webmin website? --=20 Amedee Van Gasse <am...@am...> |
From: John H. <web...@ew...> - 2007-09-29 00:08:16
|
Amedee Van Gasse wrote: > I'm following the information on > http://doxfer.com/Webmin/UnderApache#Webmin_Proxied_Through_Apache > I have a debian minimal installation, plain vanilla configuration. > Default configuration. > > > 1. Make sure mod_proxy is installed on your Apache webserver. > 2. Add the following directives to the Apache configuration file: > ProxyPass /webmin/ http://localhost:10000/ > ProxyPassReverse /webmin/ http://localhost:10000/ > 3. Add the lines webprefix=/webmin and webprefixnoredir=1 > to /etc/webmin/config. > 4. In /etc/webmin/config, add the line referer=apachehost, where > apachehost is the hostname from the URL used to access Webmin > via Apache. If the referer line already has some hosts listed, > add apachehost to it. > 5. Re-start Apache to apply the configuration. > > > This is how I followed the instructions: > 1 - a2enmod proxy > 2 - edited /etc/apache2/apache2.conf and added those lines at the bottom > 3 & 4 - added the following 3 lines to /etc/webmin/config: > webprefix=/webmin > webprefixnoredir=1 > referer=my.host.name > 5 - /etc/init.d/apache2 restart > > > This is the result: > Forbidden > You don't have permission to access /webmin/ on this server. > > > In /var/log/apache2/error.log I read: > client denied by server configuration: proxy:https://localhost:10000/ > > > It's obvious I haven't done anything wrong here, the instructions are > easy enough to follow. My conclusion is that I still need to do > something else that is not yet explained, and I don't know what. > > My 2 questions to the list: > > 1. can someone please help me getting this to work > 2. when it works and I have found out the mising pieces of the > instructions, what do I have to do to get the changes on the webmin > website? > I'm sorry to be asking.. but why would you want to do this? Best, John Hinton |
From: Amedee V. G. <am...@am...> - 2007-09-29 16:14:26
|
Op vrijdag 28-09-2007 om 20:08 uur [tijdzone -0400], schreef John Hinton: > I'm sorry to be asking.. but why would you want to do this? As it is written somewhere: <quote> If you just want Webmin to be accessible via an URL subdirectory (like /webmin) on an Apache server without going to the trouble of configuring Apache to run the CGI scripts directly, there is a simpler method that can be used. This is also useful if your system is only accessible on port 80, and you want access to both Webmin and a normal website. This is the recommended method of making Webmin run within an existing website hierarchy. <quote> Local IT at my current employer slash customer can't be moved to open outgoing port 10000. So it's either proxytunnel for me, or having webmin on port 80. Why wouldn't I want to do this? --=20 Amedee Van Gasse <am...@am...> |
From: John H. <web...@ew...> - 2007-09-29 19:09:46
|
Amedee Van Gasse wrote: > Op vrijdag 28-09-2007 om 20:08 uur [tijdzone -0400], schreef John > Hinton: > > >> I'm sorry to be asking.. but why would you want to do this? >> > > As it is written somewhere: > > <quote> > If you just want Webmin to be accessible via an URL subdirectory > (like /webmin) on an Apache server without going to the trouble of > configuring Apache to run the CGI scripts directly, there is a simpler > method that can be used. This is also useful if your system is only > accessible on port 80, and you want access to both Webmin and a normal > website. This is the recommended method of making Webmin run within an > existing website hierarchy. > <quote> > > Local IT at my current employer slash customer can't be moved to open > outgoing port 10000. So it's either proxytunnel for me, or having webmin > on port 80. > > Why wouldn't I want to do this? > > Yes.. that does make sense. I asked because I've seen some folks doing this just because they didn't want miniserv running also, but at the same time forgetting that if they happen to break apache from within Webmin... you're dead in the water via the gui. Glad to be introduced to a potential work-a-round should I ever need it. Thanks for the very good answer. Best, John Hinton |
From: Amedee V. G. <am...@am...> - 2007-09-29 16:14:26
|
Op vrijdag 28-09-2007 om 20:08 uur [tijdzone -0400], schreef John Hinton: > I'm sorry to be asking.. but why would you want to do this? As it is written somewhere: <quote> If you just want Webmin to be accessible via an URL subdirectory (like /webmin) on an Apache server without going to the trouble of configuring Apache to run the CGI scripts directly, there is a simpler method that can be used. This is also useful if your system is only accessible on port 80, and you want access to both Webmin and a normal website. This is the recommended method of making Webmin run within an existing website hierarchy. <quote> Local IT at my current employer slash customer can't be moved to open outgoing port 10000. So it's either proxytunnel for me, or having webmin on port 80. Why wouldn't I want to do this? --=20 Amedee Van Gasse <am...@am...> |
From: Jamie C. <jca...@we...> - 2007-09-29 18:07:21
|
On 29/Sep/2007 09:13 Amedee Van Gasse wrote .. > > Op vrijdag 28-09-2007 om 20:08 uur [tijdzone -0400], schreef John > Hinton: > > > I'm sorry to be asking.. but why would you want to do this? > > As it is written somewhere: > > <quote> > If you just want Webmin to be accessible via an URL subdirectory > (like /webmin) on an Apache server without going to the trouble of > configuring Apache to run the CGI scripts directly, there is a simpler > method that can be used. This is also useful if your system is only > accessible on port 80, and you want access to both Webmin and a normal > website. This is the recommended method of making Webmin run within an > existing website hierarchy. > <quote> > > Local IT at my current employer slash customer can't be moved to open > outgoing port 10000. So it's either proxytunnel for me, or having webmin > on port 80. > > Why wouldn't I want to do this? Proxying Webmin from port 80 is quite common actually, sometimes to get around firewalls, other times to avoid the need for users to enter :10000 in the URL. I strongly recommend it over using Apache to run the Webmin CGIs directly, as this breaks a lot of functionality like themes, password quality, cookie-based logins and IP access control. - Jamie |
From: Amedee V. G. <am...@am...> - 2007-09-29 21:48:58
|
Op zaterdag 29-09-2007 om 11:07 uur [tijdzone -0700], schreef Jamie Cameron: > Proxying Webmin from port 80 is quite common actually, sometimes to get=20 > around firewalls, other times to avoid the need for users to enter :10000 > in the URL. I strongly recommend it over using Apache to run the Webmin > CGIs directly, as this breaks a lot of functionality like themes, passwor= d > quality, cookie-based logins and IP access control. I agree with you for the same reasons, I just can't get it to work. --=20 Amedee Van Gasse <am...@am...> |
From: Jamie C. <jca...@we...> - 2007-09-29 04:35:25
|
On 28/Sep/2007 15:29 Amedee Van Gasse wrote .. > I'm following the information on > http://doxfer.com/Webmin/UnderApache#Webmin_Proxied_Through_Apache > I have a debian minimal installation, plain vanilla configuration. > Default configuration. > > > 1. Make sure mod_proxy is installed on your Apache webserver. > 2. Add the following directives to the Apache configuration file: > ProxyPass /webmin/ http://localhost:10000/ > ProxyPassReverse /webmin/ http://localhost:10000/ > 3. Add the lines webprefix=/webmin and webprefixnoredir=1 > to /etc/webmin/config. > 4. In /etc/webmin/config, add the line referer=apachehost, where > apachehost is the hostname from the URL used to access Webmin > via Apache. If the referer line already has some hosts listed, > add apachehost to it. > 5. Re-start Apache to apply the configuration. > > > This is how I followed the instructions: > 1 - a2enmod proxy > 2 - edited /etc/apache2/apache2.conf and added those lines at the bottom > 3 & 4 - added the following 3 lines to /etc/webmin/config: > webprefix=/webmin > webprefixnoredir=1 > referer=my.host.name > 5 - /etc/init.d/apache2 restart > > > This is the result: > Forbidden > You don't have permission to access /webmin/ on this server. > > > In /var/log/apache2/error.log I read: > client denied by server configuration: proxy:https://localhost:10000/ > > > It's obvious I haven't done anything wrong here, the instructions are > easy enough to follow. My conclusion is that I still need to do > something else that is not yet explained, and I don't know what. > > My 2 questions to the list: > > 1. can someone please help me getting this to work I think what you need to do is add the following lines at the end of apache2.conf : <Proxy *> allow from all </Proxy> and then restart Apache. > 2. when it works and I have found out the mising pieces of the > instructions, what do I have to do to get the changes on the webmin > website? I've added this to the canonical documentation on setting up Apache proxies at http://www.webmin.com/apache.html - Jamie |
From: Amedee V. G. <am...@am...> - 2007-09-29 21:45:22
|
Op vrijdag 28-09-2007 om 21:35 uur [tijdzone -0700], schreef Jamie Cameron: > I think what you need to do is add the following lines at the end of > apache2.conf : >=20 > <Proxy *> > allow from all > </Proxy> >=20 > and then restart Apache. In /etc/apache2/mods-enabled/proxy.conf I read the following comment: #turning ProxyRequests on and allowing proxying from all may allow #spammers to use your proxy to send email. So won't I be creating a big hole in my security that way? --=20 Amedee Van Gasse <am...@am...> |
From: Jamie C. <jca...@we...> - 2007-09-29 22:33:03
|
On 29/Sep/2007 14:44 Amedee Van Gasse wrote .. > > Op vrijdag 28-09-2007 om 21:35 uur [tijdzone -0700], schreef Jamie > Cameron: > > > I think what you need to do is add the following lines at the end of > > apache2.conf : > > > > <Proxy *> > > allow from all > > </Proxy> > > > > and then restart Apache. > > In /etc/apache2/mods-enabled/proxy.conf I read the following comment: > > #turning ProxyRequests on and allowing proxying from all may allow > #spammers to use your proxy to send email. > > So won't I be creating a big hole in my security that way? Not unless you also have 'ProxyRequests on' in your Apache config. That is the directive that allows Apache to act as a true proxy server (like Squid). - Jamie |
From: Amedee V. G. <am...@am...> - 2007-10-04 11:13:35
|
On Sun, September 30, 2007 00:32, Jamie Cameron wrote: > On 29/Sep/2007 14:44 Amedee Van Gasse wrote .. >> >> Op vrijdag 28-09-2007 om 21:35 uur [tijdzone -0700], schreef Jamie >> Cameron: >> >> > I think what you need to do is add the following lines at the end of >> > apache2.conf : >> > >> > <Proxy *> >> > allow from all >> > </Proxy> >> > >> > and then restart Apache. >> >> In /etc/apache2/mods-enabled/proxy.conf I read the following comment: >> >> #turning ProxyRequests on and allowing proxying from all may allow >> #spammers to use your proxy to send email. >> >> So won't I be creating a big hole in my security that way? > > Not unless you also have 'ProxyRequests on' in your Apache config. That is > the directive that allows Apache to act as a true proxy server (like > Squid). I still can't get this to work properly. Is there anyone who is has a functional setup and wants to share his/her configuration files? -- Amedee |
From: Jamie C. <jca...@we...> - 2007-10-04 17:14:29
|
On 4/Oct/2007 04:13 Amedee Van Gasse wrote .. > > On Sun, September 30, 2007 00:32, Jamie Cameron wrote: > > On 29/Sep/2007 14:44 Amedee Van Gasse wrote .. > >> > >> Op vrijdag 28-09-2007 om 21:35 uur [tijdzone -0700], schreef Jamie > >> Cameron: > >> > >> > I think what you need to do is add the following lines at the end of > >> > apache2.conf : > >> > > >> > <Proxy *> > >> > allow from all > >> > </Proxy> > >> > > >> > and then restart Apache. > >> > >> In /etc/apache2/mods-enabled/proxy.conf I read the following comment: > >> > >> #turning ProxyRequests on and allowing proxying from all may allow > >> #spammers to use your proxy to send email. > >> > >> So won't I be creating a big hole in my security that way? > > > > Not unless you also have 'ProxyRequests on' in your Apache config. That is > > the directive that allows Apache to act as a true proxy server (like > > Squid). > > I still can't get this to work properly. > Is there anyone who is has a functional setup and wants to share his/her > configuration files? The config that works for me is : ProxyPass /webmin http://localhost:10000/ ProxyPassReverse /webmin http://localhost:10000/ <Proxy *> allow from all </Proxy> Are you still getting the same error message, and if not what error are you seeing now that the <Proxy> block has been added? - Jamie |
From: Amedee V. G. <am...@am...> - 2007-10-04 22:16:10
|
Op donderdag 04-10-2007 om 10:14 uur [tijdzone -0700], schreef Jamie Cameron: > On 4/Oct/2007 04:13 Amedee Van Gasse wrote .. > > > > On Sun, September 30, 2007 00:32, Jamie Cameron wrote: > > > On 29/Sep/2007 14:44 Amedee Van Gasse wrote .. > > >> > > >> Op vrijdag 28-09-2007 om 21:35 uur [tijdzone -0700], schreef Jamie > > >> Cameron: > > >> > > >> > I think what you need to do is add the following lines at the end of > > >> > apache2.conf : > > >> > > > >> > <Proxy *> > > >> > allow from all > > >> > </Proxy> > > >> > > > >> > and then restart Apache. > > I still can't get this to work properly. > > Is there anyone who is has a functional setup and wants to share his/her > > configuration files? > > The config that works for me is : > > ProxyPass /webmin http://localhost:10000/ > ProxyPassReverse /webmin http://localhost:10000/ > <Proxy *> > allow from all > </Proxy> > > Are you still getting the same error message, and if not what error are you > seeing now that the <Proxy> block has been added? I always get 403 Forbidden You don't have permission to access /webmin on this server. I made variations with /webmin, /webmin/, http://, https:// but nothing made a difference. -- Amedee Van Gasse <am...@am...> |
From: <Thien.Nguyen@DNFstorage.com> - 2007-10-04 22:32:10
|
Amedee, try this http://127.0.0.1:10000/ Hopefully, it is ok. Thien Nguyen -----Original Message----- From: web...@li... [mailto:web...@li...] On Behalf Of Amedee Van Gasse Sent: Thursday, October 04, 2007 3:16 PM To: Webmin users list Subject: Re: [webmin-l] Webmin Proxied Through Apache - not working Op donderdag 04-10-2007 om 10:14 uur [tijdzone -0700], schreef Jamie Cameron: > On 4/Oct/2007 04:13 Amedee Van Gasse wrote .. > > > > On Sun, September 30, 2007 00:32, Jamie Cameron wrote: > > > On 29/Sep/2007 14:44 Amedee Van Gasse wrote .. > > >> > > >> Op vrijdag 28-09-2007 om 21:35 uur [tijdzone -0700], schreef Jamie > > >> Cameron: > > >> > > >> > I think what you need to do is add the following lines at the end of > > >> > apache2.conf : > > >> > > > >> > <Proxy *> > > >> > allow from all > > >> > </Proxy> > > >> > > > >> > and then restart Apache. > > I still can't get this to work properly. > > Is there anyone who is has a functional setup and wants to share his/her > > configuration files? > > The config that works for me is : > > ProxyPass /webmin http://localhost:10000/ > ProxyPassReverse /webmin http://localhost:10000/ > <Proxy *> > allow from all > </Proxy> > > Are you still getting the same error message, and if not what error are you > seeing now that the <Proxy> block has been added? I always get 403 Forbidden You don't have permission to access /webmin on this server. I made variations with /webmin, /webmin/, http://, https:// but nothing made a difference. -- Amedee Van Gasse <am...@am...> ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ - Forwarded by the Webmin mailing list at web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: Doug R. <dro...@sm...> - 2007-10-05 03:20:12
|
On 10/4/2007 8:02 PM, Thien.Nguyen@DNFstorage.com wrote: > Amedee, try this > > http://127.0.0.1:10000/ > > Hopefully, it is ok. > > Thien Nguyen > > > > -----Original Message----- > From: web...@li... > [mailto:web...@li...] On Behalf Of Amedee Van > Gasse > Sent: Thursday, October 04, 2007 3:16 PM > To: Webmin users list > Subject: Re: [webmin-l] Webmin Proxied Through Apache - not working > > > Op donderdag 04-10-2007 om 10:14 uur [tijdzone -0700], schreef Jamie > Cameron: >> On 4/Oct/2007 04:13 Amedee Van Gasse wrote .. >>> On Sun, September 30, 2007 00:32, Jamie Cameron wrote: >>>> On 29/Sep/2007 14:44 Amedee Van Gasse wrote .. >>>>> Op vrijdag 28-09-2007 om 21:35 uur [tijdzone -0700], schreef Jamie >>>>> Cameron: >>>>> >>>>>> I think what you need to do is add the following lines at the end > of >>>>>> apache2.conf : >>>>>> >>>>>> <Proxy *> >>>>>> allow from all >>>>>> </Proxy> >>>>>> >>>>>> and then restart Apache. > >>> I still can't get this to work properly. >>> Is there anyone who is has a functional setup and wants to share his/her >>> configuration files? >> The config that works for me is : >> >> ProxyPass /webmin http://localhost:10000/ >> ProxyPassReverse /webmin http://localhost:10000/ >> <Proxy *> >> allow from all >> </Proxy> >> >> Are you still getting the same error message, and if not what error are > you >> seeing now that the <Proxy> block has been added? > > I always get > 403 Forbidden > You don't have permission to access /webmin on this server. > > > I made variations with /webmin, /webmin/, http://, https:// but nothing > made a difference. The 403 Forbidden could be a simple Apache configuration issue. When trying to access webmin try specifying the complete URL in your browser, e.g., http://example.com/webmin/index.cgi If that opens correctly then you probably just need to add "index.cgi" to Apache's DirectoryIndex setting in httpd.conf. Doug |
From: Amedee V. G. <am...@am...> - 2007-10-06 16:11:10
|
Op vrijdag 05-10-2007 om 00:49 uur [tijdzone -0230], schreef Doug Robbins: > The 403 Forbidden could be a simple Apache configuration issue. When trying to access > webmin try specifying the complete URL in your browser, e.g., > http://example.com/webmin/index.cgi Unfortunately, that doesn't work either. > If that opens correctly then you probably just need to add "index.cgi" > to Apache's DirectoryIndex setting in httpd.conf. I already had that in /etc/apache2/mods-enabled/dir.conf -- Amedee Van Gasse <am...@am...> |
From: Amedee V. G. <am...@am...> - 2007-10-08 22:59:24
|
Op zaterdag 06-10-2007 om 18:11 uur [tijdzone +0200], schreef Amedee Van Gasse: > Op vrijdag 05-10-2007 om 00:49 uur [tijdzone -0230], schreef Doug > Robbins: > > > The 403 Forbidden could be a simple Apache configuration issue. When trying to access > > webmin try specifying the complete URL in your browser, e.g., > > http://example.com/webmin/index.cgi > > Unfortunately, that doesn't work either. > > > If that opens correctly then you probably just need to add "index.cgi" > > to Apache's DirectoryIndex setting in httpd.conf. > > I already had that in /etc/apache2/mods-enabled/dir.conf > Hi all, This message is just to let you know that I have given up. There is no way I can get this to work in a reasonable amount of time. Perhaps I will try again sometime, but I don't have enough free time left in 2007 to tinker with webmin. -- Amedee Van Gasse <am...@am...> |
From: Andrea L. <and...@fr...> - 2007-10-09 07:03:45
Attachments:
smime.p7s
|
Sorry, I didn't read all the thread, so maybe I am saying nothing = useful. Anyway I have a lot of webmin proxyed through an apache reverse proxy. I.E. I serve a large intranet where ONLY one server is exposed to = internet in order I can reach it with obvious firewall protection=20 I added on that server listen on port 11000 (on the apache server itself there is a running webmin). Then I configure a lot of reversed/patted proxies on the 10000. The only problem I got was that I wasn't able to use SSL, but then I see = a directive about it. Anyway I didn't investivate it becouse all webmin are on a intranet, so there is no security issues. I used: into httpd.conf; # ATTENZIONE: ProxyRequests SHOULD BE off, # altrimenti diventi un proxy su internet ! ProxyRequests Off Listen 11000 NameVirtualHost *:80 NameVirtualHost *:11000 then any "vhost" looks like: myserver:/etc/apache2/vhosts.d # cat myreversedserver025-11000.conf # INIZIO Virtual Host myreversedserver025 <VirtualHost *:11000> SSLProxyEngine on ServerName myreversedserver025 ServerAlias myreversedserver025.myreverseddomain.it ErrorLog /var/log/apache2/myreversedserver025-error_log CustomLog /var/log/apache2/myreversedserver025-access_log combined ProxyPreserveHost On ProxyPass / http://192.168.125.41:10000/ ProxyPassReverse / http://192.168.125.41:10000/ </VirtualHost> obviously you have to add the modules for reverse proxy into /etc/sysconfig/apache2: mine looks like this: APACHE_MODULES=3D"actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir = php5 proxy proxy_connect proxy_http proxy_ftp" Hope this helps... Andrea > -----Messaggio originale----- > Da: web...@li...=20 > [mailto:web...@li...] Per=20 > conto di Amedee Van Gasse > Inviato: marted=EC 9 ottobre 2007 0.59 > A: Webmin users list > Oggetto: Re: [webmin-l] Webmin Proxied Through Apache - not working >=20 > Op zaterdag 06-10-2007 om 18:11 uur [tijdzone +0200], schreef=20 > Amedee Van > Gasse: > > Op vrijdag 05-10-2007 om 00:49 uur [tijdzone -0230], schreef Doug > > Robbins: > > > > > The 403 Forbidden could be a simple Apache configuration=20 > issue. When=20 > > > trying to access webmin try specifying the complete URL in your=20 > > > browser, e.g., http://example.com/webmin/index.cgi > > > > Unfortunately, that doesn't work either. > > > > > If that opens correctly then you probably just need to=20 > add "index.cgi" > > > to Apache's DirectoryIndex setting in httpd.conf. > > > > I already had that in /etc/apache2/mods-enabled/dir.conf > > >=20 > Hi all, >=20 > This message is just to let you know that I have given up.=20 > There is no way I can get this to work in a reasonable amount=20 > of time. Perhaps I will try again sometime, but I don't have=20 > enough free time left in 2007 to tinker with webmin. >=20 > -- > Amedee Van Gasse <am...@am...> >=20 >=20 > -------------------------------------------------------------- > ----------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and=20 > a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > - > Forwarded by the Webmin mailing list at=20 > web...@li... > To remove yourself from this list, go to=20 > http://lists.sourceforge.net/lists/listinfo/webadmin-list >=20 |