Book HomeApache: The Definitive GuideSearch this book

9.3. Setup

The cache directory for the proxy server has to be set up rather carefully with owner webuser and group webgroup, since it will be accessed by that insignificant person (see Chapter 2, "Our First Web Site").

You now have to tell Netscape that you are going to be accessing the Web via a proxy. Click on Edit Preferences Advanced Proxies tab Manual Proxy Configuration. Click on View and, in the HTTP box, enter the IP address of our proxy, which is on the same network, 192.168.123, as our copy of Netscape:

192.168.123.4

Enter 8000 in the Port box.

For Microsoft Internet Explorer, select View Options Connection tab, check the Proxy Server checkbox, then click the Settings button and set up the HTTP proxy as described previously. That is all there is to setting up a real proxy server.

You might want to set up a simulation in order to watch it in action, as we did, before you do the real thing. However, it is not that easy to simulate a proxy server on one desktop, and when we have simulated it, the elements play different roles from those they have supported in demonstrations so far. We end up with four elements:

The configuration in ... /site.proxy/proxy is as shown earlier. Since the proxy server is running on a machine notionally on the other side of the Web from the machine running ... /site.proxy/real, we need to put it on another port, usually 8000.

The configuration file in ... /proxy/real is:

User webuser
Group webgroup
ServerName www.faraway.com

Listen www.faraway.com:80
DocumentRoot /usr/www/site.proxy/real/htdocs

On this site, we use the more compendious Listen with server name and port number combined. In ... /site.proxy/real/htdocs there is a file message:

I am a web site far, far out there.

Also in /etc/hosts there is an entry:

192.168.124.1 www.faraway.com

simulating a proper DNS registration for this far-off site. Note that it is on a different network (192.168.124) from the one we normally use (192.168.123), so that when we try to access it over our LAN, we can't without help. So much for faraway.

The weakness of all this is in /usr/www/lan_setup on the FreeBSD machine, because we are trying to run these two servers, notionally on different parts of the Web, on the same machine:

ifconfig ep0 192.168.123.2
ifconfig ep0 192.168.123.3 alias netmask 0xFFFFFFFF
ifconfig ep0 192.168.124.1 alias

The script lan_setup has to map all three servers onto the same physical interface, ep0. The driver for ep0 receives any request for these three IP numbers and forwards it to any copy of Apache via TCP/IP. Each copy of Apache tries to see if it has a virtual server with the number (and if it has, it handles the request), so we could find this setup appearing to work when really it isn't working.

Now for action: Get to Console 1 by pressing ALT-F1, go to ... /site.proxy/real, and start the server with ./go. Similarly, go to Console 2 and site ... /site.proxy/proxy, and start it with ./go. On Netscape, access http://192.168.124.1/.

You should see the following:

Index of /
. Parent Directory
. message

And if we select message we see:

I am a web site far out there

Fine, but are we fooling ourselves? Go to Netscape's Proxies page and disable the HTTP proxy by removing the IP address:

192.168.123.2

Exit from Netscape and reload; then reaccess http://192.168.124.1/. You should get some sort of network error.

What happened? We asked Netscape to retrieve http://192.168.124.1/. Since it is on network 192.168.123, it failed to find this address. So instead it used the proxy server at port 8000 on 192.168.123.2. It sent its message there:

GET http://192.168.124.1/ HTTP/1.0

The copy of Apache running on the FreeBSD machine, listening to port 8000, was offered this morsel and accepted the message. Since that copy of Apache had been told to service proxy requests, it retransmitted the request to the destination we thought it was bound for all the time, 192.168.123.1 (which it can do since it is on the same machine):

GET / HTTP/1.0

In real life, things are simpler: you only have to carry out steps 2 and 3, and you can ignore the theology. When you have finished with all this, remember to remove the HTTP proxy IP address from your browser setup.



Library Navigation Links

Copyright © 2001 O'Reilly & Associates. All rights reserved.