Apache proxys are amazing. Really. Steve and I are administering a few machines for the UConn ACM Chapter and they are stored behind a firewall. We only have one IP address for the entire network, so we have that dedicated to a router that does forwarding on different ports to different machines. Any access beyond that is done via SSH and SSH tunnels (another fun story someday…).
Anyway, we have port 80 opened and forwarded to our main web server that runs the bulk of the website. However, we have other machines that are used as different tools, (test beds for programming competitions, personal servers, etc), all of which we would like to be able to access through the main web-site URL. Each of these sub-machines is running its own web server, so all we really need to do is pass a certain folder in the URI from the ucacm.com site on to that machine. For example, to access the programming competition test-bed, a user from anywhere could enter http://www.ucacm.com/compserver (example only, not the real thing). We put the following rule in the apache configuration file (we’re using Apache2, so this is the file in sites-available that corresponds to ucacm.com):
ProxyPass http://192.168.1.140/~mooshak ProxyPassReverse http://192.168.1.140/~mooshak
This passes all requests from ucacm.com/compserver from the outside world onto the 192.168.1.140/~mooshak address that would otherwise only be available from within our LAN.
The only real issue that we came across is not really a biggie for us, and that is the fact that all of the logs inside the LAN box being passed to will show that access is coming from our main server box instead of the client box, since we are essentially making Apache act as a proxy server.