URL: https://linuxfr.org/forums/linux-general/posts/double-reverse-proxy
Title: Double reverse proxy
Authors: Re_
Date: 2012-10-23T09:26:37+02:00
Tags: sogo, reverse, proxy, apache2 et nginx
Score: 1
### Problème
Bonjour Forum,
j'utilise avec succès le logiciel [SOGo](http://www.sogo.nu/fr.html), et notamment son webmail qui est fort sympathique.
Aujourd'hui, le webmail est hébergé sur la même machine que le serveur mail Dovecot/Postfix, via Apache utilisé comme reverse proxy.
Je souhaite cependant séparer le webmail du serveur mail, pour mieux sécuriser la plateforme.
J'essaie alors de configurer un 2ème reverse-proxy avec nginx sur une autre machine, qui redirige vers le serveur apache (qui lui-même redirige vers SOGo)... et ça marche pas trop :/ .
Alors, cher forum, sauras-tu m'aider à configurer le tout correctement ?
J'ai 2 solutions en tête :
1 - Client -> Reverse Proxy Nginx (Machine A) -> Reverse Proxy Apache (Machine B) -> SOGo (Machine B)
2 - Client -> Reverse Proxy Nginx (Machine A) -> SOGo (Machine B)
Voici ci dessous ma conf Apache, et plus bas ma conf nginx non fonctionnelle.
### Conf Apache
```apache
Servername webmail.societe.com
RedirectMatch permanent ^/ https://webmail.societe.com/SOGo
RedirectMatch permanent ^/SOGo https://webmail.societe.com/SOGo
Servername webmail.societe.com
SSLEngine On
SSLCertificateFile /etc/apache2/certs/webmail.societe.com.ssl.crt
SSLCertificateKeyFile /etc/apache2/certs/webmail.societe.com.ssl.key
DocumentRoot /usr/lib/GNUstep/SOGo/WebServerResources/
ErrorLog /var/log/apache2/error.log
Customlog /var/log/apache2/access.log combined
ServerSignature Off
AssignUserId sogo-a sogo-a
Alias /SOGo.woa/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2
AllowOverride None
Order deny,allow
Allow from all
SetHandler default-handler
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "webmail.societe.com"
RequestHeader set "x-webobjects-server-url" "https://webmail.societe.com"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
## We use mod_rewrite to pass remote address to the SOGo proxy.
# The remote address will appear in SOGo's log files and in the X-Forward
# header of emails.
RewriteEngine On
RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
Redirect permanent /index.html https://webmail.societe.com/SOGo
# this virtualhost is only for carddav on Mac (Mail and Iphone)
RewriteEngine Off
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPassInterpolateEnv On
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate
ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
Order allow,deny
Allow from all
RequestHeader set "x-webobjects-server-port" "8800"
RequestHeader set "x-webobjects-server-name" "webmail.societe.com:8800"
RequestHeader set "x-webobjects-server-url" "https://webmail.societe.com:8800"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
AddDefaultCharset UTF-8
ErrorLog /var/log/apache2/error.log
Customlog /var/log/apache2/access.log combined
```
### Conf Nginx
```apache
server {
listen 443;
server_name proxyweb.societe.com;
access_log /var/log/nginx/proxyweb.societe.com.log;
error_log /var/log/nginx/proxyweb.societe.com.error.log debug;
ssl on;
ssl_certificate /etc/nginx/ssl/webmail.societe.com/webmail.societe.com.ssl.crt;
ssl_certificate_key /etc/nginx/ssl/webmail.societe.com/webmail.societe.com.ssl.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location ^~ /SOGo {
proxy_pass https://:443/SOGo/;
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# re-write redirects to http as to https, example: /home
}
}
```