[aida] web visibility
s at xss.de
Fri Jun 29 01:12:36 CEST 2007
Once upon a time in thread far, far away:
On Mon, 11 Jun 2007 13:21:46 +0200
Janko Mivšek <janko.mivsek at eranova.si> wrote:
> 1. with ipconfig (Win) or ifconfig (Linux) find an IP of your PC. It
> must be public to be visible from internet (not 192.168.x.x or
This is one of the disturbing elements of web applications: They tend
to hog IP-adresses and domain names, which makes it hard to add a web
app to an existing (static) site.
So let's go fix that with some apache-fu and (extra credit) ssh-fu!
You need to modify the apache configuration and /etc/hosts on your
webserver, so the procedure is probably not for the faint of heart.
1. Tweak your local hosts file for local name resolution
/etc/hosts on linux
%windir%\system32\drivers\etc\hosts on win
Add the following line:
2. ping mysite.local
should show responses from 127.0.0.1 now.
3. Configure your AIDA site accordingly
site := AIDASite named: 'mysite.local'.
site host: 'mysite.local' ip: 'mysite.local' port: 8000
should show your AIDA site
Now you have an AIDA site running not only on a non-public subnet, but
on an IP-address that's only reachable from within the box itself.
Walk over to your server for the following steps:
5. Tweak your server's hosts file as above.
/etc/hosts needs to resolve mysite.local to the same address as above
6. Make the public apache a proxy for your AIDA site
in your public (virtual) host section add the lines
ProxyPass / http://mysite.local:8000/
ProxyPassReverseCookieDomain mysite.local mysite.public
ProxyHTMLURLMap http://mysite.local:8000/ /
ProxyHTMLURLMap / /
If you want detailed descriptions what these lines do, please go
visit the documentation at http://httpd.apache.org and especially
the tutorial at http://www.apachetutor.org/admin/reverseproxies
Now you have the following setup: Incoming requests to
http://mysite.public are forwarded to http://mysite.local:8000,
which resolves to 127.0.0.1, port 8000 *on the public server*.
On the other hand, you have a perfectly working AIDA site listening
on 127.0.0.1:8000 on your *local machine*.
7. What you now need is a tube between those two.
linux: ssh -g -R 8000:127.0.0.1:8000 user at mysite.public
win: plink -ssh -R 8000:127.0.0.1:8000 user at mysite.public
(plink is part of the highly recommended putty suite)
This step opens a listening port 127.0.0.1:8000 on mysite.public, whose
other end is aiming to a listening port 127.0.0.1:8000 on your local
If I did not forget anything, you should now be able to call
which apache forwards to 127.0.0.1:8000
which ssh tunnels to your local computer, port 8000
where AIDA provides a response,
which tunnels back to the public machine
where internal links get cleaned up
and get a perfectly working AIDA site.
And what's all that good for? Your web app never leaves the environment
it has grown up in, it is always running on 127.0.0.1, port 8000. Which
makes for easy deployment. And by adjusting the path parameters in the
apache configuration, you can selectively proxy only certain directories
instead of the whole site. You might even want to read up on
mod_rewrite and use apache to proxy only those requests to your site
which need to be handled dynamically.
If somebody out there is crazy enough to actually try this, let me know
if it worked.
More information about the Aida