tinderbox webui behind a reverse proxy [mod_proxy]?

Joe Marcus Clarke marcus at marcuscom.com
Sat Jun 13 21:42:54 EDT 2009

On Sat, 2009-06-13 at 17:52 -0300, Fernan Aguero wrote:
> Hi,
> I've finally got everything working ... and already completed my first
> port build in my tinderborx. Works beautifully, congrats for the great
> work!
> Now I have a problem trying to make the tinderbox web app visible
> behind a reverse proxy.
> The tinderbox is running on the build host, which has a private IP
> address. The webui is running under apache on this same host,
> listening on port 83. At work, I can just point my browser to
> http://192.168.10.x:83 and get to my tinderbox. However this host is
> not visible from outside world.
> Our web server, which is visible to the world,  runs a reverse proxy
> (apache + mod_proxy), so I thought I would add a few lines to my web
> server config and have the tinderbox be visible to the world as
> http://genoma.unsam.edu.ar/tinderbox. This is what I did:
> In the proxy:
> ProxyPass /tinderbox 192.168.10.x:83
> ProxyPassReverse /tinderbox 192.168.10.x:83
> In the apache where tinderbox runs:
> <VirtualHost *:83>
>   DocumentRoot "/scratch/tinderbox"
>   ErrorLog "/var/log/httpd-tinderbox-error.log"
>   Alias /logs/ "/scratch/tinderbox/logs/"
>   Alias /packages/ "/scratch/tinderbox/packages/"
>   Alias /errors/ "/scratch/tinderbox/errors/"
>   Alias / /scratch/tinderbox/scripts/webui/
>   <Directory "/scratch/tinderbox">
>       Order allow,deny
>       Allow from all
>   </Directory>
> </VirtualHost>
> The configuration kind of works ... but the browser takes a long time
> to finish loading the page, and when it finishes it shows a basic HTML
> page that looks like missing the CSS styling. Also, when opening the
> home page, all the links are correct, except the one for the 'Package
> directory' associated with the completed build. Strangely enough, if
> you stop your browser while it's loading the page (i.e. a few seconds
> after the initial request) it would render the page content is there
> already
> A couple of things make me thing that perhaps the tinderbox php webapp
> might be interferring with this:
> 1) everything works fine from the internal network or from home, using
> an SSH tunnel to the apache listening at port 83 in the build host.
> But things get slow when accesing the site through the reverse proxy
> ... there are many other services running through the proxy server,
> and they're all working fine ...
> 2) I have noticed that, although I access the
> genoma.unsam.edu.ar/tinderbox URL only once, the proxy logs show a
> first request for /tinderbox from my browser's IP address, and then
> two more requests for '/' from the same IP address that I never did
> ... it seems like the page is requesting these.
> Then I noticed that within the HTML source for the page, all links are
> relative, except for the ones for the CSS spreadsheet and the
> /packages/ directory link. These have a hardcoded host address in the
> URL, however this address is not the one I entered in tinderbox.ph
> when configuring the webui (BTW it really does not seem to matter what
> I enter here ... it seems like it does matter what I enter in
> inc_tinderbox.php ). When accessing the site through the proxy, this
> address is the internal IP address of the tinderbox host, when
> accessing the site through an SSH tunnel this address is the
> localhost:port address of the tunnel at the browser's side.
> To me it's now clear that the proxy configuration is not the problem
> ... the issue is that some tinderbox URIs work fine through the proxy,
> but some don't (becasue they have a hardcoded host address). The
> problem is that editing tinderbox.ph does not seem to help. On the
> other hand editing inc_tinderbox.php (which does seem to affect these
> hardcoded URLs) breaks the tinderbox webui
> Anyone got tinderbox to run behind a reverse proxy? Is it working?
> Thanks for any tip or suggestion on how to fix it ...

All that seems way too complicated.  I'm simply using port redirection
in natd to allow my internal RFC1918 CVS server to be accessible via the
outside.  In my /etc/natd.rules on my firewall I have:

redirect_port tcp 8080

Then my internal host is accessible from the public via port 8080.  If
you do something like this, then everything is transparent.


> You can check my tinderbox at http://genoma.unsam.edu.ar/tinderbox,
> Thanks in advance,
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
URL: <http://marcuscom.com/pipermail/tinderbox-list/attachments/20090613/070c7d05/attachment.bin>

More information about the tinderbox-list mailing list