Thursday, July 13, 2006
The teflon shan
Okay, yesterday wasn't quite as bad as I made it out to be.
- I'll get to this in a moment, but it did involve installing a new version of Apache.
- I could use the exercise anyway.
- There wasn't much I could do about the power that hadn't already been done (except for running around in a mad panic).
So, that leaves setting up a “reverse proxy” as per request. The server was running Apache 1.3 (at the time of install, there were still some issues pertaining to PHP and Apache 2.0, and I'm a very firm believer of “if it ain't broke, don't fix it!” theory of management) and what they were asking required features only available under Apache 2.0 or higher.
So I downloaded the latest version (2.2.2) and spent several hours getting it compiled correctly. It's not that it didn't compile cleanly, but in setting it up, I would have expected:
./configure --enable-mods-shared=all [other options not important]
to, you know, compile all the available modules. Only, it doesn't. It compiles most of the modules. I had to explicitely include support for SSL, proxy and the caching modules. Go figure.
The only other rough spot I encountered was a rash of 403
Forbidden result codes when trying to browse the websites normally on
the box. Going back to Apache 1.3 they all worked. Apache 2.2? All the
sites were forbidden.
Now, the configuration files between 1.3 and 2.2 haven't changed that much (thankfully! There's over a thousand sites on the box) but still, it took me several hours to track down the problem which is due to some changes in the default configuration. Apache 2.2 has the following as part of the default settings:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Apache 1.3 doesn't.
And since the websites are not under the default location, but elsewhere, that bit of configuration meant that none of the sites were accessible by anyone. Yes, sometimes the obvious things take awhile to notice.
But that's all working now.
