×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

@Las Vegas

Apache, DMZ, ReverseProxy and Firewall

max5728(Once Upon a Time ...)
本文发表在 rolia.net 枫下论坛各位高人,有一事困扰我几天了,现在这里求救:

我们公司要开发一个很简单的JAVA应用, 用来登记用户信息,使用是Oracle Application Server,running on AIXServer1, internal network,IP is 10.1.40.5. 因为是面向大众的,所以在前端用Apache 2 做一个ReverseProxy Server (AIXServer2, in DMZ, internal IP is 10.xx.xx.1, public IP is 24.xx.xx.2, URL is http://www.abc.com)。
AIXServer2 is a Apache HTTP Server 2.2.11build from source. 在AIXServer2的httpd.conf的末尾,我加了:

ProxyRequests off
LogLevel Debug
ProxyPass / http://AIXServer1:7777/
ProxyPassReverse / http://AIXServer1:7777/

重启AIXServer2 Apache后,从Internet访问http://www.abc.com, 却得到HTTP503错误,在Apache error_log中,有如下信息:
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 553006 for worker http://AIXServer1:7777/
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 553006 for (AIXServer1)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 553006 for worker proxy:reverse
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 553006 for (*)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 319678 for worker http://AIXServer1:7777/
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 319678 for (AIXServer1)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 319678 for worker proxy:reverse
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 319678 for (*)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 491642 for worker http://AIXServer1:7777/
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 491642 for (AIXServer1)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 491642 for worker proxy:reverse
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 491642 for (*)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 430202 for worker http://AIXServer1:7777/
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 430202 for (AIXServer1)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 430202 for worker proxy:reverse
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 430202 for (*)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 549050 for worker http://AIXServer1:7777/
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 549050 for (AIXServer1)
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 549050 for worker proxy:reverse
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
[Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 549050 for (*)
[Sat Aug 15 19:27:57 2009] [notice] Apache/2.2.11 (Unix) configured -- resuming normal operations
[Sat Aug 15 19:27:57 2009] [info] Server built: Aug 14 2009 23:30:16
[Sat Aug 15 19:27:57 2009] [debug] prefork.c(1001): AcceptMutex: sysvsem (default: sysvsem)
[Sat Aug 15 19:28:25 2009] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //AIXServer1:7777/
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1489): [client 69.158.126.162] proxy: http: found worker http://AIXServer1:7777/ for http://AIXServer1:7777/
[Sat Aug 15 19:28:25 2009] [debug] mod_proxy.c(993): Running scheme http handler (attempt 0)
[Sat Aug 15 19:28:25 2009] [debug] mod_proxy_http.c(1920): proxy: HTTP: serving URL http://AIXServer1:7777/
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1991): proxy: HTTP: has acquired connection for (AIXServer1)
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(2047): proxy: connecting http://AIXServer1:7777/ to AIXServer1:7777
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(2145): proxy: connected / to AIXServer1:7777
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(2300): proxy: HTTP: fam 2 socket created to connect to AIXServer1
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 254102 for worker http://AIXServer1:7777/
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 254102 for (AIXServer1)
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 254102 for worker proxy:reverse
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
[Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 254102 for (*)
[Sat Aug 15 19:29:39 2009] [error] (78)Connection timed out: proxy: HTTP: attempt to connect to 10.1.40.5:7777 (AIXServer1) failed
[Sat Aug 15 19:29:39 2009] [error] ap_proxy_connect_backend disabling worker for (AIXServer1)
[Sat Aug 15 19:29:39 2009] [debug] proxy_util.c(2009): proxy: HTTP: has released connection for (AIXServer1)
[Sat Aug 15 19:29:39 2009] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //AIXServer1:7777/favicon.ico
[Sat Aug 15 19:29:39 2009] [debug] proxy_util.c(1489): [client 69.158.126.162] proxy: http: found worker http://AIXServer1:7777/ for http://AIXServer1:7777/favicon.ico
[Sat Aug 15 19:29:39 2009] [debug] mod_proxy.c(993): Running scheme http handler (attempt 0)
[Sat Aug 15 19:29:39 2009] [debug] mod_proxy_http.c(1920): proxy: HTTP: serving URL http://AIXServer1:7777/favicon.ico
[Sat Aug 15 19:29:39 2009] [debug] proxy_util.c(1929): proxy: HTTP: retrying the worker for (AIXServer1)
[Sat Aug 15 19:29:39 2009] [error] proxy: HTTP: disabled connection for (AIXServer1)
[Sat Aug 15 19:29:42 2009] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //AIXServer1:7777/favicon.ico
[Sat Aug 15 19:29:42 2009] [debug] proxy_util.c(1489): [client 69.158.126.162] proxy: http: found worker http://AIXServer1:7777/ for http://AIXServer1:7777/favicon.ico
[Sat Aug 15 19:29:42 2009] [debug] mod_proxy.c(993): Running scheme http handler (attempt 0)
[Sat Aug 15 19:29:42 2009] [debug] mod_proxy_http.c(1920): proxy: HTTP: serving URL http://AIXServer1:7777/favicon.ico
[Sat Aug 15 19:29:42 2009] [debug] proxy_util.c(1929): proxy: HTTP: retrying the worker for (AIXServer1)
[Sat Aug 15 19:29:42 2009] [error] proxy: HTTP: disabled connection for (AIXServer1)

恳请各位高人帮我看看,问题在哪里,先谢谢了.更多精彩文章及讨论,请光临枫下论坛 rolia.net
(#5486358@0)
Last Updated: 2009-8-15
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / 学科技术讨论 / Apache, DMZ, ReverseProxy and Firewall -max5728(Once Upon a Time ...); 2009-8-15 {7915} (#5486358@0)
    本文发表在 rolia.net 枫下论坛各位高人,有一事困扰我几天了,现在这里求救:

    我们公司要开发一个很简单的JAVA应用, 用来登记用户信息,使用是Oracle Application Server,running on AIXServer1, internal network,IP is 10.1.40.5. 因为是面向大众的,所以在前端用Apache 2 做一个ReverseProxy Server (AIXServer2, in DMZ, internal IP is 10.xx.xx.1, public IP is 24.xx.xx.2, URL is http://www.abc.com)。
    AIXServer2 is a Apache HTTP Server 2.2.11build from source. 在AIXServer2的httpd.conf的末尾,我加了:

    ProxyRequests off
    LogLevel Debug
    ProxyPass / http://AIXServer1:7777/
    ProxyPassReverse / http://AIXServer1:7777/

    重启AIXServer2 Apache后,从Internet访问http://www.abc.com, 却得到HTTP503错误,在Apache error_log中,有如下信息:
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 553006 for worker http://AIXServer1:7777/
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 553006 for (AIXServer1)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 553006 for worker proxy:reverse
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 553006 for (*)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 319678 for worker http://AIXServer1:7777/
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 319678 for (AIXServer1)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 319678 for worker proxy:reverse
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 319678 for (*)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 491642 for worker http://AIXServer1:7777/
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 491642 for (AIXServer1)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 491642 for worker proxy:reverse
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 491642 for (*)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 430202 for worker http://AIXServer1:7777/
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 430202 for (AIXServer1)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 430202 for worker proxy:reverse
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 430202 for (*)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 549050 for worker http://AIXServer1:7777/
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 549050 for (AIXServer1)
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 549050 for worker proxy:reverse
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
    [Sat Aug 15 19:27:57 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 549050 for (*)
    [Sat Aug 15 19:27:57 2009] [notice] Apache/2.2.11 (Unix) configured -- resuming normal operations
    [Sat Aug 15 19:27:57 2009] [info] Server built: Aug 14 2009 23:30:16
    [Sat Aug 15 19:27:57 2009] [debug] prefork.c(1001): AcceptMutex: sysvsem (default: sysvsem)
    [Sat Aug 15 19:28:25 2009] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //AIXServer1:7777/
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1489): [client 69.158.126.162] proxy: http: found worker http://AIXServer1:7777/ for http://AIXServer1:7777/
    [Sat Aug 15 19:28:25 2009] [debug] mod_proxy.c(993): Running scheme http handler (attempt 0)
    [Sat Aug 15 19:28:25 2009] [debug] mod_proxy_http.c(1920): proxy: HTTP: serving URL http://AIXServer1:7777/
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1991): proxy: HTTP: has acquired connection for (AIXServer1)
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(2047): proxy: connecting http://AIXServer1:7777/ to AIXServer1:7777
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(2145): proxy: connected / to AIXServer1:7777
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(2300): proxy: HTTP: fam 2 socket created to connect to AIXServer1
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 0 in child 254102 for worker http://AIXServer1:7777/
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1820): proxy: worker http://AIXServer1:7777/ already initialized
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 0 in child 254102 for (AIXServer1)
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1801): proxy: grabbed scoreboard slot 1 in child 254102 for worker proxy:reverse
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1820): proxy: worker proxy:reverse already initialized
    [Sat Aug 15 19:28:25 2009] [debug] proxy_util.c(1914): proxy: initialized single connection worker 1 in child 254102 for (*)
    [Sat Aug 15 19:29:39 2009] [error] (78)Connection timed out: proxy: HTTP: attempt to connect to 10.1.40.5:7777 (AIXServer1) failed
    [Sat Aug 15 19:29:39 2009] [error] ap_proxy_connect_backend disabling worker for (AIXServer1)
    [Sat Aug 15 19:29:39 2009] [debug] proxy_util.c(2009): proxy: HTTP: has released connection for (AIXServer1)
    [Sat Aug 15 19:29:39 2009] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //AIXServer1:7777/favicon.ico
    [Sat Aug 15 19:29:39 2009] [debug] proxy_util.c(1489): [client 69.158.126.162] proxy: http: found worker http://AIXServer1:7777/ for http://AIXServer1:7777/favicon.ico
    [Sat Aug 15 19:29:39 2009] [debug] mod_proxy.c(993): Running scheme http handler (attempt 0)
    [Sat Aug 15 19:29:39 2009] [debug] mod_proxy_http.c(1920): proxy: HTTP: serving URL http://AIXServer1:7777/favicon.ico
    [Sat Aug 15 19:29:39 2009] [debug] proxy_util.c(1929): proxy: HTTP: retrying the worker for (AIXServer1)
    [Sat Aug 15 19:29:39 2009] [error] proxy: HTTP: disabled connection for (AIXServer1)
    [Sat Aug 15 19:29:42 2009] [debug] mod_proxy_http.c(56): proxy: HTTP: canonicalising URL //AIXServer1:7777/favicon.ico
    [Sat Aug 15 19:29:42 2009] [debug] proxy_util.c(1489): [client 69.158.126.162] proxy: http: found worker http://AIXServer1:7777/ for http://AIXServer1:7777/favicon.ico
    [Sat Aug 15 19:29:42 2009] [debug] mod_proxy.c(993): Running scheme http handler (attempt 0)
    [Sat Aug 15 19:29:42 2009] [debug] mod_proxy_http.c(1920): proxy: HTTP: serving URL http://AIXServer1:7777/favicon.ico
    [Sat Aug 15 19:29:42 2009] [debug] proxy_util.c(1929): proxy: HTTP: retrying the worker for (AIXServer1)
    [Sat Aug 15 19:29:42 2009] [error] proxy: HTTP: disabled connection for (AIXServer1)

    恳请各位高人帮我看看,问题在哪里,先谢谢了.更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • 你这几行配置是否写在<VirtualHost >里的? -j30(不做讲师很多年); 2009-8-16 (#5488143@0)
      • Thanks for the input. I got some new findings. -max5728(Once Upon a Time ...); 2009-8-17 {614} (#5488950@0)
        We have another application using the same approach, i.e. ReverseProxy+Application server. This application is also running on the same internal AIX box (AIXServer1), but using different port, e.g. 8899, it's working fine. From the DMZ server, I can telnet AIXServer1 on port 8899, but I can not telnet AIXServer1 on port 7777 which is the application using that I'm trying to setup. Looks like it's nothing to do with my reverseproxy setup. Is it something to do with firewall policy or the settings on the Applications Server? The firewall guy said he open all the port from DMZ to AIXServer1. Thanks again.
        • try telnet first, if it works. then check static route. -hostler(......); 2009-10-23 (#5628998@0)

More Topics

  • 现在社区游泳池招救生员巡逻,过一会还要不停的点人头,这工作是否很快就被AI代替了,装一个摄像头后面是AI处理系统,这样只招一个等着救人就行了,人头沉下水一定时间立马强光照射,还可以分析水下人的状况来判断是否溺水等
  • 新冠疫苗引发心肌炎? 最新研究这样看
  • 这道几何题有解吗?
  • SAM 2 Demo
  • 如何在 AWS EC2 实例上构建 WordPress 应用程序?
    • 枫下论坛主坛工作学习学科技术讨论