[Mailman-Users] Apache/Mailman with existing IIS

Richard Barrett r.barrett at openinfo.co.uk
Sat Jun 5 00:21:29 CEST 2004 

In reading your description of the problem you are trying to solve I 
may be misunderstanding what you say. If so I apologize if my comments 
below waste your time.

If your Linux box is routing all incoming traffic to port 80 on your 
public IP number through to the internal server machine, how do you 
expect an HTTP server on the Linux box to see any incoming traffic on 
port 80 from that interface? How do you expect the router to determine 
the URL being addressed by the external client as presumably only 
examination of the Host: header in the HTTP request can determine which 
host (www.mydomain.com and somethingelse.mydomain.com and 
linux.mydomain.com) is wanted? I am assuming that DNS resolves all 
these published names to your single, public, static IP number. Are you 
currently trying to route all the externally originating HTTP traffic 
through to the internal server and then have that proxy some of the 
requests (the Mailman ones) back to the internal interface on the Linux 
box? That looks like the long way around.

Being a simple minded fellow I would approach the problem you have 
posed the other way about, as follows:

1. Configure you Linux firewall machine to run Apache with mod_proxy 
and mod_rewrite loaded.

2. Do not route port 80 traffic from the outside world off the Linux 
box, just let the Apache server on the Linux box take all the port 80 
traffic from the external interface.

3. Let the Apache server serve the Mailman pages in the normal way. 
That machine has to run some of the Mailman cgi scripts to deliver 
parts of the Mailman web gui and presumably the public list archive 
pages to be delivered directly by Apache are residing on storage either 
local to or NFS mounted by the Linux machine.

4. Configure some RewriteRules so that Apache on  the linux machine 
transparently proxies for requests it doesn't want to handle, and just 
passes them through to the internal HTTP server.

Note:

a. I am actively suggesting you do NOT turn ProxyRequests On or 
configure Apache to act as a general caching proxy server of the 
forward or reverse kind. Just use mod_proxy to hide your internal HTTP 
server. mod_proxy will happily proxy request as dictated by ProxyPass 
directives and RewriteRules with the [P] flag on them without having 
ProxyRequests On or your doing any other proxy server setup.

b. I am suggesting use of mod_rewrite with the [P] flag on RewriteRules 
to generate proxy requests instead of ProxyPass because it give you a 
lot more flexibility on configuring things.

Unless you have a heavily loaded site, Apache is quite capable of 
performing this sort of transparent proxying task. I regularly do this 
sort of thing with Apache servers I manage as a way of hiding internal 
servers on private IP numbers, including Zope servers, behind publicly 
visible Apache servers on public IP numbers. The residual problem that 
can arise is related to whether the proxied pages being served by the 
internal server need their HTML munged to reflect what you doing. If 
that looks to be a problem there are solutions to it of various degrees 
of ease of application. There can also be issues about whether you want 
Forwarded-For headers added and such but I am getting too far into 
detail which probably is not relevant to your problem.

Best of luck finding a solution.

On 4 Jun 2004, at 22:16, Scot Condry wrote:

> My linux box running Fedora 2 is also a firewall / router.  So it has 
> two Ethernet cards and they are assigned my static IP on the outside 
> and 192.168.1.1 on the inside.  The firewall routes port 80 traffic to 
> my windows 2000 server which is 192.168.1.105.  I already had a couple 
> of web pages that I want to keep hosted with IIS on the windows 
> server, like www.mydomain.com and somethingelse.mydomain.com.  But I 
> want the mailman stuff to show up on the outside, so I am trying to 
> route linux.mydomain.com to the linux server.  I can pretty much get 
> linux.mydomain.com/index.html to come up by redirecting the URL or A 
> Share on Another Comptuter settting in the Home Directory tab of IIS 
> but I cannot get the mailman pages to come up from the outside at all.
>
> SC
>
>
>
>
> ________________________________
>
> From: Bob Escher [mailto:bescher at rsegroup.com]
> Sent: Fri 6/4/2004 1:06 PM
> To: Scot Condry
> Subject: Re: [Mailman-Users] Apache/Mailman with existing IIS
>
>
>
> I am doing the same thing
> with no issues
>
> What problems are you running into? I didn't see your post
>
> I am running all of my regular websites on IIS, windows 2003 servers
> my mailing lists (for each domain that needs one) is run off Linux box
> with Apache. I create a subdomain ie list.joe.com and run it that way.
>
> Bob E
>
>
>
> ----- Original Message -----
> From: "Scot Condry" <Scot at JCTn.com>
> To: <mailman-users at python.org>
> Sent: Friday, June 04, 2004 2:32 PM
> Subject: RE: [Mailman-Users] Apache/Mailman with existing IIS
>
>
> Well I will definetly let people know if I figure it out.   But now I 
> am
> thinking of just running Apache and hosting my previous web pages on my
> Linux machine.  It seems hard to believe that no one has tries to do 
> what I
> am doing before, hsoting web pages on a windows machine and at the 
> same time
> hosting Mailman on a linux server.
>
> But you are saying (the faq info was a little vague) that if I use IIS 
> and
> under Home Directory tell it to go to a URL its not going to work 
> right with
> Mailman anyway?
>
> SC
>
>
> ________________________________
>
> From: Brad Knowles [mailto:brad.knowles at skynet.be]
> Sent: Thu 6/3/2004 2:00 AM
> To: Scot Condry
> Cc: mailman-users at python.org
> Subject: RE: [Mailman-Users] Apache/Mailman with existing IIS
>
>
>
> At 10:03 PM -0700 2004/06/02, Scot Condry wrote:
>
>>  So the only way to keep them both is to open up port 80 traffic on 
>> the
>>  linux box / router as well??
>
>         I'm not sure.  What you're trying to do is a little different,
> and may not result in the same type of problems, or might result in
> similar problems that cannot be solved the same way.
>
>         All I can suggest is that you let us know what works once you 
> find
> it.
>
> --
> Brad Knowles, <brad.knowles at skynet.be>
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
>      -Benjamin Franklin, Historical Review of Pennsylvania.
>
>    SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list