Squid reverse proxy

Hi all,

I seem to be having a problem with a reverse proxy I created with squid.

Basically I have added support to my router with squid to handle reverse proxy calls to systems on my internal network so I can reuse the same ports. The reverse proxy is http header based.

My issue is with the serviio media browser. I currently have my.domain.com port:80/mediabrowser => internal.server:23424/mediabrowser and I can get the log in page. When I enter my password, I get an incorrect password error. If I bypass the proxy the same password works without issue.

has anyone encountered this before?

Thanks,

Karnith

After doing more investigation I have found the issue.

I am rewriting the url my.domain.com:23424/mediabrowser to my.otherdomain.com

from the squid logs I see

  Code:

1374174514.213     71 204.16.184.62 TCP_MISS/404 738 GET http://my.otherdomain.com/ - DIRECT/192.168.1.14 text/html
1374174526.632      4 204.16.184.62 TCP_HIT/200 7226 GET http://my.otherdomain.com/mediabrowser/ - NONE/- text/html
1374174526.696     28 204.16.184.62 TCP_HIT/200 10256 GET http://my.otherdomain.com/mediabrowser/css/browser.css - NONE/- text/css
1374174526.700     28 204.16.184.62 TCP_HIT/200 4549 GET http://my.otherdomain.com/mediabrowser/css/css_pirobox/style_serviio/style.css - NONE/- text/css
1374174526.730     58 204.16.184.62 TCP_HIT/200 12007 GET http://my.otherdomain.com/mediabrowser/css/jquery.qtip.css - NONE/- text/css
1374174526.739      5 204.16.184.62 TCP_HIT/200 1529 GET http://my.otherdomain.com/mediabrowser/js/jquery.ui.touch-punch.min.js - NONE/- text/javascript
1374174526.749      5 204.16.184.62 TCP_HIT/200 2389 GET http://my.otherdomain.com/mediabrowser/js/jquery.cookie.js - NONE/- text/javascript
1374174526.755     83 204.16.184.62 TCP_HIT/200 23894 GET http://my.otherdomain.com/mediabrowser/css/jquery-ui-1.8.17.custom.css - NONE/- text/css
1374174526.767      7 204.16.184.62 TCP_HIT/200 3803 GET http://my.otherdomain.com/mediabrowser/js/jquery.timer.js - NONE/- text/javascript
1374174526.793     27 204.16.184.62 TCP_HIT/200 16153 GET http://my.otherdomain.com/mediabrowser/js/pirobox_extended_feb_2011.js - NONE/- text/javascript
1374174526.814     26 204.16.184.62 TCP_HIT/200 3748 GET http://my.otherdomain.com/mediabrowser/js/2.5.3-crypto-sha1-hmac.js - NONE/- text/javascript
1374174526.819     34 204.16.184.62 TCP_HIT/200 9095 GET http://my.otherdomain.com/mediabrowser/js/slimScroll.js - NONE/- text/javascript
1374174526.833      8 204.16.184.62 TCP_HIT/200 4348 GET http://my.otherdomain.com/mediabrowser/js/date.format.js - NONE/- text/javascript
1374174526.859    187 204.16.184.62 TCP_HIT/200 93977 GET http://my.otherdomain.com/mediabrowser/js/jquery-1.8.3.min.js - NONE/- text/javascript
1374174526.862      9 204.16.184.62 TCP_HIT/200 7056 GET http://my.otherdomain.com/mediabrowser/images/logo.png - NONE/- image/png
1374174526.908    128 204.16.184.62 TCP_HIT/200 60580 GET http://my.otherdomain.com/mediabrowser/js/jquery.qtip.js - NONE/- text/javascript
1374174526.924     10 204.16.184.62 TCP_HIT/200 893 GET http://my.otherdomain.com/mediabrowser/images/home.png - NONE/- image/png
1374174526.940      4 204.16.184.62 TCP_HIT/200 639 GET http://my.otherdomain.com/mediabrowser/images/scroller-up.png - NONE/- image/png
1374174526.956      5 204.16.184.62 TCP_HIT/200 619 GET http://my.otherdomain.com/mediabrowser/images/scroller-down.png - NONE/- image/png
1374174526.979     62 204.16.184.62 TCP_HIT/200 27792 GET http://my.otherdomain.com/mediabrowser/images/big_logo.png - NONE/- image/png
1374174527.022    186 204.16.184.62 TCP_HIT/200 46964 GET http://my.otherdomain.com/mediabrowser/js/media-browser.js - NONE/- text/javascript
1374174527.187    348 204.16.184.62 TCP_HIT/200 16500 GET http://my.otherdomain.com/mediabrowser/js/flowplayer-3.2.8.min.js - NONE/- text/javascript
1374174527.193    509 204.16.184.62 TCP_HIT/200 238143 GET http://my.otherdomain.com/mediabrowser/js/jquery-ui-1.9.2.custom.min.js - NONE/- text/javascript
1374174527.197    238 204.16.184.62 TCP_HIT/200 88771 GET http://my.otherdomain.com/mediabrowser/images/background-bottom.jpg - NONE/- image/jpeg
1374174527.423    450 204.16.184.62 TCP_HIT/200 268985 GET http://my.otherdomain.com/mediabrowser/images/background-top.png - NONE/- image/png
1374174527.427      8 204.16.184.62 TCP_HIT/200 5580 GET http://my.otherdomain.com/mediabrowser/images/top_nav.jpg - NONE/- image/jpeg
1374174527.564      4 204.16.184.62 TCP_HIT/200 1486 GET http://my.otherdomain.com/mediabrowser/images/favicon.ico - NONE/- image/x-icon

# this is the log in screen post to serviio and is naturally a miss due to not finding the location on login
1374174535.642     32 204.16.184.62 TCP_MISS/200 367 POST http://my.otherdomain.com/cds/login - DIRECT/server-ip application/json


This tells me that the url rewrite with the my.otherdomain.com/mediabrowser is failing because serviio references the /cds folder from the root, which it can't find under the rewrite subfolder /mediabrowser.

I'm working on a fix with squid, but it would be nice if serviio could run from the root of the domain.

[will]

/mediabrowser is the Web app, /cds is the API endpoint that MediaBrowser and ServiiGo uses, so you need to forward/rewrite both. This separation is unlikely to change.

/mediabrowser is the Web app, /cds is the API endpoint that MediaBrowser and ServiiGo uses, so you need to forward/rewrite both. This separation is unlikely to change.

Right, I realize that.

I've changed things a bit.

The post domain is my.domain.com which is rewritten as my.otherdomain.com:23424/mediabrowser

seeing as the my.domain.com is rewritten pointing to the /mediabrowser subfolder, I am unable to rewrite any post commands to subfolder /cds as it is not in the current directory.

I was able to create the solution.

When using Squid as a reverse proxy, create a file named redirect.pl

in it place

  Code:

#!/usr/bin/perl
use strict;

# Turn off buffering to STDOUT
$| = 1;

# Read from STDIN
while (<>) {
   
    my @elems = split; # splits $_ on whitespace by default
   
    # The URL is the first whitespace-separated element.
    my $url = $elems[0];
   
    # Handle foo.example.com links and translate them to bar.example.com
    # with the rest of the URL intact (if present). Ignore warnings...
    if ($url =~ m#^http://your\.domain\.com/mediabrowser(/.*)?#i) {
       
        $url = "http://yourinternal.domain.local:23424/mediabrowser${1}";
       
        print "$url\n";
       
    }
   
    # The last part, "(/.*)?", is redundant, but I added it because it might
    # be useful to some. That part would be in $1 in this example.
    elsif ($url =~ m#^http://your\.domain\.com/cds(/.*)?#i) {
       
        # Redirect them to some intranet site...
      $url = "http://yourinternal.domain.local:23424/cds${1}";
        print "$url\n";
       
    }
   
   elsif ($url =~ m#^http://your\.domain\.com(/.*)?#i) {
       
        $url = "http://yourinternal.domain.local:23424/mediabrowser${1}";
       
        print "$url\n";
       
    }

    else {
       
        # Unmodified URL
        print "$url\n";
       
    }
   
}



the ordering is important as since the media browser page makes calls to the /cds subfolder the initial rewriting to your domain should come last. Be sure to chmod 755 the file.

In squid.conf add redirect_program /opt/etc/squid/redirect.pl somewhere in the file.

Hopes this helps someone in the future.