Reverse proxy frontend

From MoodleDocs
Revision as of 08:17, 9 August 2011 by Petr Škoda (škoďák) (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page requires updating. Please do so and remove this template when finished.


A reverse proxy or surrogate is a proxy server that is installed in a server network. Typically, reverse proxies are used in front of Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers.

Requirements

  • You need ssl for authentication.
  • You run Apache 2.2 both in the backend and the frontend.
  • You run RHEL 5.2 Application stack 2 in the backend (php 5.2.6 + mysql 5 + apache 2.2.10).
  • You run Apache 2.2 as the frontend in any modern OS using trainer.moodle.org as url (My frontend apache runs on Windows 2003).
  • You installed moodle 1.9 to run from "/" the internal http server with SSL support on 10.1.1.24.
  • You have an external facing apache using SSL.

Configuration for the external server

http.conf

(snip)
ProxyPass / http://10.1.1.24/
ProxyPassReverse / http://10.1.1.24/
ProxyPreserveHost On
(snip)
Include conf/http-ssl.conf

http-ssl.conf

(snip)
ProxyPass / http://10.1.1.24/
ProxyPassReverse / http://10.1.1.24/
(snip)

config.php

<?php  /// Moodle Configuration File 

unset($CFG);

$CFG->dbtype    = 'mysql';
$CFG->dbhost    = 'localhost';
$CFG->dbname    = 'moodle';
$CFG->dbuser    = 'moodleuser';
$CFG->dbpass    = 'XXXXXXXX';
$CFG->dbpersist =  false;
$CFG->prefix    = 'mdl_';

$CFG->wwwroot   = 'http://trainer.moodle.org';
$CFG->dirroot   = '/var/www/moodle';
$CFG->dataroot  = '/opt/moodle_data';
$CFG->admin     = 'admin';

$CFG->directorypermissions = 00777;  // try 02777 on a server in Safe Mode

require_once("$CFG->dirroot/lib/setup.php");
// MAKE SURE WHEN YOU EDIT THIS FILE THAT THERE ARE NO SPACES, BLANK LINES,
// RETURNS, OR ANYTHING ELSE AFTER THE TWO CHARACTERS ON THE NEXT LINE.
?>

The tricky part

  • Go to Administration ► Security ► HTTP security and set Use HTTPS for loginsloginhttps to true.
  • You need to have the previous setup ready or you may lock yourself out of the server.