Apache as Intranet / Extranet, Port Forwarding, Proxy Server, ...

[pariah911]

Firstly, apologies for length - but it annoys me when I see questions asked with very little detail...

 

My little project started out as a small knowledge base for a dozen people.

 

FC5 / Apache 2.2.2 / PHP 5.1.6 / mysql 5.0.27

 

Utilising mediaWiki

 

Access was purely via IP on the local network.

 

It was nice. It was small. It was compact. It was easy.

 

The somebody decided it would be a great idea to expand it to the rest of the department, then the division, then the state, then Australia wide - with external access via the internet.

 

It now runs 10+ full time applications ( including mediaWIKI, iCalendar for scheduling, phpGallery, php121 IM software, various ODBC connections to the companies msSQL servers, ... ) plus a large number of php scripts etc that automate a lot of repetitive functions. A backup of the datafiles alone is 200+ Gb !

 

Considering I have had to learn a lot of this from scratch, I am surprised it has done so well for the last 3 years.

 

My issue is probably very simply solved, but I have been unable to decide on a correct course of action.

 

---

 

A "brief" topology :

 

The server sits inside the network - let's call it 192.168.10.123

 

This was fine when it was only being accessed by 10 of us

 

Other divisions in different states are on subnets ( eg 192.168.20.X ) which do not have access to the servers subnet - unfortunately this behaviour cannot be changed as it has something to do with proprietary software the company uses

 

From my understanding, company.com.au ( 203.X.X.X ) is hosted on a local machine too ( 192.168.10.11 )

 

So to give these subnets access, they access the companies main website using wiki.company.com.au:82 - note the :82

 

One or other of these machines does a portforward to 192.168.10.123:82 ( which Apache is listening on )

 

There is also a proxy server mixed in there somewhere ( 192.168.10.3 ) which is where all internet connections into the server appear to come from. Well, it is a bit slow ... So, anybody in the local division ( 192.168.10.X ) connects to the server  using the private IP - and the other subnets / external users have to use the port forwarded URL

 

 

---

 

And this all works fine

 

With some exceptions

 

Some of the applications insist on using full path names when referencing matrial - others use relative path names

 

This is what is creating the hassles

 

If I connect via internet I can do 98% of things - but some resources cannot be accessed externally because they have a private URL

 

---

 

I want to make it so that the server has 1 address

 

So that ALL connections are via this address

 

I think my issue is that currently it thinks it has 2 - depending on where the connection is coming from

 

Once again, apologies for length

 

Thanx

 

Tim A. 

[steviewdr]

Some of the applications insist on using full path names when referencing matrial - others use relative path names

This is what is creating the hassles

If I connect via internet I can do 98% of things - but some resources cannot be accessed externally because they have a private URL

 

Can you not decide on a fixed domain name for accessing all applications? I.e:

www.mediawiki1.server.com

and have that as the address for apache with a mod_proxy enabled?

 

There are web vpn apps which can put a url like:

www.vpn.server.com/access/http://internal.server.name/directpath/index?test

but they are not very robust in my opinion.

 

Quite frankly, it would be easier to beat the applications to using 1 fixed url address.

 

-steve

[the_oliver]

I think that the simplest way to solve these problems would be to do all the port forwording, and anything the proxi currently does through a router.  This would solve the diffrent subnet problems.  If everything pointed to the address of this router then your server is always dealing with the same, single,  internal ip and doesn't have to worry about anything else.

 

 

[pariah911]

Thanx for the quick replies

 

the_oliver : unfortunately I cannot change any of ITs existing set up ... they put up with errors on cerberus for 2 years ... until i created the missing directory for them ... so it is best not to go there at all  :-\

 

steviewdr : excuse me if i don't seem to immediately grasp things ... and seem to go the long way around ... but I like to know "why" not just take something for granted

 

Have spent last night reading up on mod_proxy and then got side tracked with virtual servers, mod_rewrite and even more esoteric / confusing things

 

If it solves my problems, I will happily drop accessing the server by private IP - even if it means IT have to go and work out how to fix the slowness of their proxy ( said with gritted teeth )

 

 

 

/etc/hosts

127.0.0.1      localhost.localdomain  localhost

192.168.10.123  wiki.COMPANY.com.au

192.168.10.3    mail.COMPANY.com.au

 

/etc/sysconfig/network

HOSTNAME=wiki.COMPANY.com.au

 

/etc/httpd/conf/httpd.conf

Listen 80        # for internal

Listen 82        # for external from proxy server

ServerName  wiki.COMPANY.com.au:80

 

From the above, I keep thinking the trouble I have is that internally the server name resolves to a private IP, while externally it resolves to the FQDN of the company

 

I keep reading up on virtual server and wondering if i make it so, and add a rewrite for internal access, that it would work

 

Does i t sound like I am totally confused at this stage ?