Reverse proxy frontend
Note: You are currently viewing documentation for Moodle 2.2. Up-to-date documentation for the latest stable version is available here: Reverse proxy frontend.
This page requires updating for Moodle 2.2. Please do so and remove this template when finished.
A reverse proxy or surrogate is a proxy server that is installed in a server network. Typically, reverse proxies are used in front of Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers.
2.x Proxy Options
See SSL Proxy woes for discussion regarding proxys. Someone should document these configuration options properly as this page is the only one that comes up when searching for "proxy".
- These configuration options could be useful for those attempting to modify their site(s) to run with or without various types of proxies:
$CFG->wwwroot = 'https://your.moodle.org/instance';# How the moodle will generate urls AND/OR how pages must be requested
$CFG->loginhttps=1;# Force login page form to use ssl url
$CFG->sslproxy=1;# Let the moodle answer http:// requests while generating https:// urls
$CFG->reverseproxy=1;# Not sure, didn't use this for our SSL offloading reverse proxy.
1.x Proxy Options
- You need ssl for authentication.
- You run Apache 2.2 both in the backend and the frontend.
- You run RHEL 5.2 Application stack 2 in the backend (php 5.2.6 + mysql 5 + apache 2.2.10).
- You run Apache 2.2 as the frontend in any modern OS using trainer.moodle.org as url (My frontend apache runs on Windows 2003).
- You installed moodle 1.9 to run from "/" the internal http server with SSL support on 10.1.1.24.
- You have an external facing apache using SSL.
Configuration for the external server
(snip) ProxyPass / http://10.1.1.24/ ProxyPassReverse / http://10.1.1.24/ ProxyPreserveHost On (snip) Include conf/http-ssl.conf
(snip) ProxyPass / http://10.1.1.24/ ProxyPassReverse / http://10.1.1.24/ (snip)
<?php /// Moodle Configuration File unset($CFG); $CFG->dbtype = 'mysql'; $CFG->dbhost = 'localhost'; $CFG->dbname = 'moodle'; $CFG->dbuser = 'moodleuser'; $CFG->dbpass = 'XXXXXXXX'; $CFG->dbpersist = false; $CFG->prefix = 'mdl_'; $CFG->wwwroot = 'http://trainer.moodle.org'; $CFG->dirroot = '/var/www/moodle'; $CFG->dataroot = '/opt/moodle_data'; $CFG->admin = 'admin'; $CFG->directorypermissions = 00777; // try 02777 on a server in Safe Mode require_once("$CFG->dirroot/lib/setup.php"); // MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES, // RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE. ?>
The tricky part
- Go to Administration ► Security ► HTTP security and set Use HTTPS for loginsloginhttps to true.
- You need to have the previous setup ready or you may lock yourself out of the server.