SiteWorx/NodeWorks ports question

General Interworx Control Panel Info General Inquries
1

Hi,
I have a question on the ports this product uses (2080 and 2443).
I have seen a post earlier about this but I cannot find it now!??

Since the logins to i.e SiteWorx for customers use these ports, it will give some of them problems with restrictions in their local firewalls and so on. I just noticed it myself from a customer.

Can I somehow use a ProxyPass and ProxyPassRevers directive in the apache conf to proxy i.e http://cp.domain.com/siteworx to http://cp.domain.com:2080/siteworx ??

Like:
ProxyPass /siteworx http://localhost:2080/siteworx
ProxyPassReverse /siteworx http://localhost:2080/siteworx
ProxyPass /nodeworx http://localhost:2080/nodeworx
ProxyPassReverse /nodeworx http://localhost:2080/nodeworx

Would it be possible?
If so, would I need to change all URLs within SiteWorx/NodeWorx or can this be done in one common file or something?

Thanks
-tsl-

2

tsl,

You should be able to. We do the same thing for the webmail system and it works (not flawlessly, but it does work). NONE of the iworx-cp templates reference the port (by design) so no other mods should be necessary to get this to work.

Chris

3

Thanks Chris,

I will give it a go next week and update on the progress.

Rgds
Tomas

4

Hi,
Testing came a little later than I expected…anyway here’s what I did but it gives some problems:

Edited /etc/httpd/conf/httpd.conf and added:

SSLProxyEngine On
ProxyPass /nodeworx https://127.0.0.1:2443/nodeworx
ProxyPassReverse /nodeworx https://127.0.0.1:2443/nodeworx
ProxyPass /siteworx https://127.0.0.1:2443/siteworx
ProxyPassReverse /siteworx https://127.0.0.1:2443/siteworx

This works fine but the problem comes when trying to redirect http requests to https on these URLs.
I have tried some examples to no avail (both nodeworx and siteworx)…

After the proxy directives I put either:

Redirect http://www.domain.tld/nodeworx https://www.domain.tld/nodeworx
or
RewriteRule ^/nodeworx(.)$ https://www.domain.tld/nodeworx/ [L]
or
RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}/nodeworx/ [R,L]
or
RedirectMatch ^/nodeworx(.) https://%{HTTP_HOST}/nodeworx/$1

There seems to be no redirect or rewrite done, it always stays on http in the browser.
If I manually type in https://www.domain.tld/nodeworx it works fine though.

Anyone with ideas?

Ohh, do I need to create the same proxypass directives for mysql, webmail, horde and squirrelmail too?
I’ve also seen some rewrites in the iworx.conf file. Which will override the other? httpd.conf or iworx.conf?

Rgds
-tsl-

5

Hello

In the /etc/httpd/conf.d directory there is an iworx.conf file

In this file there is some redirection for both siteworx and nodeworx

setup the basic redirects

RewriteEngine on
RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/?domain=%{HTTP_HOST} [R,L]
RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]

These rules redirect all /nodeworx or /siteworx to an https://domain.tld:2443/siteworx

For me you’d probably enter your proxypass proxyreverse entries after these rules. Or just comment them (??)

Not sure, but it was to let you know that there is some rules outside the httpd.conf so that come after yours

Pascal

6

Thanks Pascal,

I tried comment the rewrites out in iworx.conf but problem remains. I can’t get redirect or rewrite to work between http and https when using proxy directives.

rgds
-tsl-

7

If anyone’s interested here’s what I did to bypass the ports and do an automatic redirect to https.

Our Iworx-CP runs on a host that we can call iworx.domain.tld for now.

First I added 2 more hosts to our domains dns conf (siteworx.domain.tld and nodeworx.domain.tld)

I created a SSL server cert for *.domain.tld at cacert.org

In /etc/httpd/conf.d/ssl.conf I added 3 vhosts and a NameVirtualHost directive:

NameVirtualHost <primary_public_ip>:443

#iworx.domain.tld ##
<VirtualHost <primary_public_ip>:443>
ServerAdmin webmaster@domain.tld
DocumentRoot /var/www/html
ServerName iworx.domain.tld
ErrorLog logs/iworx.domain.tld-error_log
CustomLog logs/iworx.domain.tld-access_log common

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain.tld.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain.tld.key

</VirtualHost>

##siteworx.domain.tld ##
<VirtualHost <primary_public_ip>:443>
ServerAdmin webmaster@domain.tld
DocumentRoot /var/www/html
ServerName siteworx.domain.tld
ErrorLog logs/siteworx.domain.tld-error_log
CustomLog logs/siteworx.domain.tld-access_log common

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain.tld.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain.tld.key

SSLProxyEngine On
ProxyPreserveHost On
ProxyPass / https://iworx.domain.tld:2443/siteworx/
ProxyPassReverse / https://iworx.domain.tld:2443/siteworx/
</VirtualHost>

##nodeworx.domain.tld ##
<VirtualHost <primary_public_ip>:443>
ServerAdmin webmaster@domain.tld
DocumentRoot /var/www/html
ServerName nodeworx.domain.tld
ErrorLog logs/nodeworx.domain.tld-error_log
CustomLog logs/nodeworx.domain.tld-access_log common

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain.tld.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain.tld.key

SSLProxyEngine On
ProxyPreserveHost On
ProxyPass / https://iworx.domain.tld:2443/nodeworx/
ProxyPassReverse / https://iworx.domain.tld:2443/nodeworx/
</VirtualHost>

I also changed /home/interworx/etc/httpd/httpd-custom.conf to point at the domain.tld crt and key files

In /etc/httpd/conf.d/domain.tld.conf I added ProxyPass directives and standard vhosts with redirect to https for the above except for iworx.domain.tld where we show some info which do not need to use https:

#iworx.domain.tld ##
<VirtualHost <primary_public_ip>:80>
ServerAdmin webmaster@domain.tld
DocumentRoot /var/www/html
ServerName iworx.domain.tld
ErrorLog logs/iworx.domain.tld-error_log
CustomLog logs/iworx.domain.tld-access_log common
</VirtualHost>

##siteworx.domain.tld ##
<VirtualHost <primary_public_ip>:80>
ServerAdmin webmaster@domain.tld
DocumentRoot /var/www/html
ServerName siteworx.domain.tld
ErrorLog logs/siteworx.domain.tld-error_log
CustomLog logs/siteworx.domain.tld-access_log common

    Redirect / https://siteworx.domain.tld/

</VirtualHost>

##nodeworx.domain.tld ##
<VirtualHost <primary_public_ip>:80>
ServerAdmin webmaster@domain.tld
DocumentRoot /var/www/html
ServerName nodeworx.domain.tld
ErrorLog logs/nodeworx.domain.tld-error_log
CustomLog logs/nodeworx.domain.tld-access_log common

    Redirect / https://nodeworx.domain.tld/

</VirtualHost>

The below since the login process otherwise tried to go

to /siteworx/siteworx/siteworx.php and nodeworx respectively

SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /siteworx https://iworx.domain.tld:2443/siteworx
ProxyPassReverse /siteworx https://iworx.domain.tld:2443/siteworx
ProxyPass /nodeworx https://iworx.domain.tld:2443/nodeworx
ProxyPassReverse /nodeworx https://iworx.domain.tld:2443/nodeworx

We will have all our customers use the siteworx.domain.tld URL for the Iworx-CP, maybe I can redirect this in the /home/interworx/etc/httpd/iworx.conf file if it does not break anything when Iworx is updated ??? This so they can use theirsite.tld/siteworx if they want (and land on https://siteworx.domain.tld).

Any comments or suggestions on the above conf is highly appreciated. Maybe this could be done in a smoother way, or maybe I have an error somewhere that will cause functionality problems for Iworx-CP. If not now, maybe in the future?

I would also like to have /webmail and /mysql for the sites to switch to https://siteworx.domain.tld/webmail (or /mysql) but I havent found a solution to that yet.
It would be nice to have all Iworx-CP client functions to go to https://siteworx.domain.tld/<???> so that the ssl certificate will not complain about the common name…

rgds
-tsl-