rsync - Feb 2005 - help with web proxying for anonymous rsync

Hi all - 

I've searched long and hard for some docs on configuring a web proxy for
rsync.  This is probably in part an apache config question so I apologize if
this is in the wrong forum.

What I would like to do is provide anonymous rsync access to a handful of
IPs via a web proxy so I don't have to punch additional holes in my
firewall.  In other words, I'd like to use rsync over port 80,
ProxyPass'ing
a requested url to the rsyncd.  It seems like this should work...  (I'd
rather not tunnel rsyncd via SSH since I do not want to provide these users
with accounts).

1. I have something like this in my httpd.conf

   ProxyPass  /rsync-module/   rsync://localhost:873/rsync-module

2. I have a rsyncd.conf that looks something like this

log file = /var/log/rsyncd.log
pid file = /etc/rsyncd.pid
[rsync-module]
        path = /path/to/my/module
        # hosts allow = x.x.x.x
        timeout = 200

3. Next, I set my RSYNC_PROXY environment variable to:

   setenv RSYNC_PROXY my.machine.org:80

4. Finally, I send a request to rsync as

   rsync my.machine.org::rsync-module

In the httpd acess log I see,

x.x.x.x - - [05/Feb/2005:13:08:07 -0500] - "-" "CONNECT
my.machine.org:873
HTTP/1.0" 200 16216

So the RSYNC_PROXY env variable is being read correctly, directing the
request to port 80, but the connection is not being handed off to the
rsyncd.

Any insight into how httpd should be configured or how the actual rsync
command should be issued would be greatly appreciated!

Todd

On Sat, Feb 05, 2005 at 11:22:46AM -0700, Todd Harris
wrote:
> Hi all - 
> 
> I've searched long and hard for some docs on configuring a web proxy
for
> rsync.  This is probably in part an apache config question so I apologize
if
> this is in the wrong forum.
> 
> What I would like to do is provide anonymous rsync access to a handful of
> IPs via a web proxy so I don't have to punch additional holes in my
> firewall.  In other words, I'd like to use rsync over port 80,
ProxyPass'ing
> a requested url to the rsyncd.  It seems like this should work...  (I'd
> rather not tunnel rsyncd via SSH since I do not want to provide these users
> with accounts).
It's not possible to do something you intend.

To provide an rsync server you'll have to punch a new (transparent) hole
into
your firewall. You cannot use the apache httpd as an reverse proxy because
a rsync daemon is not a http server and is not able to talk http.

There is also no need to use ssh for an anonymous (public) service.

The proxy method of rsync ist meant to be used when your client is behind a
firewall which will not allow a direct connection to the internet.
When you use the rsync proxy option your client will connect to a
http-proxy. It will use the CONNECT method of the proxy, which is normally
intended to be used for https and is "almost" transparent. The
http-proxy
will have to be configured to allow connections to servers on port 873.

Follow the FAQ how to setup an anonymous rsync daemon and change the policy
of the firewall.


cu, Stefan
-- 
Stefan Nehlsen | ParlaNet Administration | sn@parlanet.de | +49 431 988-1260
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/rsync/attachments/20050209/a476f0ee/attachment.bin