TransWikia.com

How to redirect http requests to a service running in other port

Server Fault Asked by André Winston on November 24, 2021

I have a certain machine that recently got external access, but only to a few ports (SSH, HTTP and HTTPS.) Now this machine must provide access to some other services (e.g. RabbitMQ, Tomcat, etc), but I don’t want to give these ports external access.

My first thought was to redirect HTTP requests on port 80 to those services. For example:

http://<machine_ip>:80/tomcat should be equivalent to http://<machine_ip>:8080

I was wondering if Nginx, HAProxy, or some other proxy-related software could help me out with this. What suggestions do you have? Keep in mind that I am fairly new to system administration in general.

3 Answers

I have a suggestion for you: You can use Apache for proxying (clustering) the webpage. For example, you enter http://example.com/tomcat and Apache will pass the request to http://example.com:8080/. It is easy to do:

When you defined a new VirtualHost block in the Apache configuration file, then add these lines to it (make sure you have mod_proxy enabled):

<Proxy balancer://custom-balancer-name>
    BalancerMember http://localhost:8080 #Enter the address of the second machine or service
</Proxy>

ProxyPass        /tomcat balancer://custom-balancer-name
ProxyReversePass /tomcat balancer://custom-balancer-name

Hope you find my answer helpful.

Answered by MBiabanpour on November 24, 2021

You can use .htaccess file for doing that. First, create a .htaccess file in your document root, and then paste these lines into it:

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^tomcat/(.*[^/])/?$ http://%{HTTP_HOST}:8080/$1/ [R=301,L]

I hope I helped you.

Answered by MBiabanpour on November 24, 2021

Well you can use HAProxy for that. Please take your time because it's not a easy task especially when the topic is new.
There are several options which you can use.

  • add per service one listen block

    listen rabbit
      bind ::5672
      mode tcp
      ... some other haproxy options
      server rabbit-srv IP:PORT
    
    listen ....
    
  • you can use SNI (Server Name Indication) routing with frontend/backend combination to keep a single port usage for the services which use TLS for there communication. I have created a picture how the SNI Routing works, the example configuration uses HAProxy How does the SNI Routing works in HAProxy

I don't know which version of HAProxy you use therefore here the link for the latest HAProxy version 2.2.
http://cbonte.github.io/haproxy-dconv/2.2/configuration.html

Answered by Aleksandar on November 24, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP