Friday, January 18, 2008

How to create a forward proxy for development environment with Apache 2.2

Often web developers need to have a hosts file tricked to point to development intranet simulating a connection to the production site. This is done because they need to simulate the real production site before deploy their changes into real word.

In some case, you can waste a lot of time configuring your hosts file, especially some genius thought that could be funny change dynamically the server name for each page published. Something like article-1-blah-blah.domain.tld, article-2-yes-or-no.domain.tld, and so on...
Well, when there are a lot of developers working on the same project could happen that every developer have his own host file, with his own modification, in this case you could waste a lot of your time trying to came out to this sort of situation.

I would like to share my experience done in these days and I need to solve this problem trying two different solution.

I configured a Bind 9 DNS server for the development staff, but in a few days I discovered that this approach have some lack. First of all (like the hosts file), when you modify the network configuration all the application will be involved in the modification, so you can't have an application connected to the production and another connected to the development environment. Then not every body can change their network configuration (in this case I mean the DNS settings), because of network security policy.

A better solution is to use a forward proxy configured into the development intranet, that can forward internally requests for a defined group of domains and leave the browsers free to interact transparently with the rest of the world.

In the following I'll show you how to configure this kind of proxy in a easy and fast way. You need to install apache 2.2 (I think an older version could work well, but you'll need to do some adjustment).

In Ubuntu the installation it is quiet easy:

$ sudo apt-get install apache2 apache2.2-common

after you need to enable the proxy module:

$ sudo a2enmod proxy
$ sudo a2enmod proxy_connect
$ sudo a2enmod proxy_http

then you probably want to have the proxy listening on a particular port, like the 8888.
So you need to modify the /etc/apache2/ports.conf adding a new line:

Listen 8888

Now you can create a new virtual host, listening on 8888, able to be a forward proxy.
So create /etc/apache2/sites-available/myproxy

and put the following line inside:

<VirtualHost *:8881>
ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/myproxy_error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug

CustomLog /var/log/apache2/myproxy_access.log combined
ServerSignature On

ProxyRequests On
ProxyVia On
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Deny from all
Allow from
Allow from
Allow from

AllowCONNECT 443

# Filters
ProxyRemote http://blog.productiondomain.tld/ http://dev-1.develp-domain.tld
ProxyRemote http://news.productiondomain.tld/ http://dev-2.develp-domain.tld
ProxyRemoteMatch http://(.*).forum.(.*).productiondomain.tld/ http://dev-3.develp-domain.tld
ProxyRemoteMatch http://(.*).customercare.productiondomain.tld/ http://dev-4.develp-domain.tld

# all the productiondomain.tld rest...
# ProxyRemoteMatch http://(.*).productiondomain.tld/