Linode.com Forum

[DigitalM]

Hi all

I'm trying to set up mod_proxy in apache so that I can get to Webmin while im in college (they block ports other than 80) so that I can configure stuff during boring lessons and breaks.

I have this in my httpd config file
Code:
ProxyPass /webmin/ https://localhost:10000/
ProxyPassReverse /webmin/ https://localhost:10000/


Which should in theory load webmin, however unless I change the https to http I get error "500 Internal Server Error". My webmin is setup to only allow connections through ssl and i don't really want to change that for security reasons.

Any ideas?

Cheers

DigitalM

[schmichael]

You're attempting to tunnel/proxy SSL, which is a socket layer protocol that uses port 443, through port 80 which I'm sure confuses mod_proxy.

I'm not familiar with mod_proxy, so perhaps you can configure it to passthru SSL like that (or at least proxy it on its regular port 443).

But honestly the simplest solution is to proxy the "http" address to webmin, and have apache supply the SSL via mod_ssl.

This would be very easy to do, and would probably work out-of-the-box with your distro's apache+mod_ssl+mod_proxy packages.

[pclissold]

If the college really blocks all ports other than 80 then you will have difficulty arranging an SSL connection - I'm not sure what will happen if you bind both a regular http server and an SSL server to the same IP+port combination, but I don't think the result will be what you want.

However, most likely they do allow port 443. If so, why not follow these instructions for getting rid of miniserv and having Apache do all the work?

[DigitalM]

untitled9, thanks for the advice i'll look into that, know anywhere that explains it?

pclissold, yes im pretty sure the college blocks all ports except 80 (at least for students) i'm asuming they see no reason to allow us to make secure connections. wierd thing is they sometimes allow connections to port 22 and sometimes not, it may work one day and not the other :roll:

[schmichael]

I'd go with pclissold's solution. Sounds pretty ideal.

I can't imagine your college's firewall is really that restrictive. You could use a port scanner like nmap to scan your host to find out. If services that you know you have installed & enabled don't show up, then the firewall blocks them.

If they are that restrictive I'd reccomend getting another IP for your Linode and setting up a proxy on port 80. I use SSH to tunnel connections constantly, but there are also special proxy servers like SOCKS that might work.

I can give you more info on using SSH, otherwise you're on your own.

Good luck!

[DigitalM]

untitled9, when you say scan "your host" with nmap i'm assuming that you mean scan my linode from college or do you mean scan my college ip from my linode?

I'll try both when this afternoon when i got a lesson :)

Running sshd on port 80 is a good idea, a lot of my mates are stuck trying to get to other ports (like vnc) at college, i'd think they'd be happy if i gave them a way to do it consitantly without relying on the ups and downs of having port 22 open or closed (yes i hang round with the sad geeky crowd lol)

I have no idea how to get sshd to run on port 80 on a different IP but i'll look into it. You may have to help me with that if its okay?

Cheers

DigitalM

[schmichael]

Sorry. I meant scan your linode from school. First make sure you have any services you want to check up & running on your Linode. You may want to tell Apache to listen on more than just port 80 (with the Listen directive) just to see what you have to work with.

Scanning your college's firewall/router IP from your Linode might be interesting, but not particularly useful in this case.

Good luck & have fun with your classes!

[DigitalM]

Well i scanned my linode from college and all that ports that should have been open were open I don't have the results here since im now at home but everything was open to me.

My college seem to be constantly messing about with the open ports, like today, i could get on ssh (port 22) and ftp (21) and of course apache (80) but yesterday i couldn't get to either port 22 or 21 but i could still get to port 80! This is from the same machine in the computing Lab!!!. I think i might just take up your advice untitled9 and get another IP and run an sshd on that. Save me a lot of time and allow me to tunnel any port I want.

Cheers

DigitalM