Hi all - I've searched long and hard for some docs on configuring a web proxy for rsync. This is probably in part an apache config question so I apologize if this is in the wrong forum. What I would like to do is provide anonymous rsync access to a handful of IPs via a web proxy so I don't have to punch additional holes in my firewall. In other words, I'd like to use rsync over port 80, ProxyPass'ing a requested url to the rsyncd. It seems like this should work... (I'd rather not tunnel rsyncd via SSH since I do not want to provide these users with accounts). 1. I have something like this in my httpd.conf ProxyPass /rsync-module/ rsync://localhost:873/rsync-module 2. I have a rsyncd.conf that looks something like this log file = /var/log/rsyncd.log pid file = /etc/rsyncd.pid [rsync-module] path = /path/to/my/module # hosts allow = x.x.x.x timeout = 200 3. Next, I set my RSYNC_PROXY environment variable to: setenv RSYNC_PROXY my.machine.org:80 4. Finally, I send a request to rsync as rsync my.machine.org::rsync-module In the httpd acess log I see, x.x.x.x - - [05/Feb/2005:13:08:07 -0500] - "-" "CONNECT my.machine.org:873 HTTP/1.0" 200 16216 So the RSYNC_PROXY env variable is being read correctly, directing the request to port 80, but the connection is not being handed off to the rsyncd. Any insight into how httpd should be configured or how the actual rsync command should be issued would be greatly appreciated! Todd
On Sat, Feb 05, 2005 at 11:22:46AM -0700, Todd Harris wrote:> Hi all - > > I've searched long and hard for some docs on configuring a web proxy for > rsync. This is probably in part an apache config question so I apologize if > this is in the wrong forum. > > What I would like to do is provide anonymous rsync access to a handful of > IPs via a web proxy so I don't have to punch additional holes in my > firewall. In other words, I'd like to use rsync over port 80, ProxyPass'ing > a requested url to the rsyncd. It seems like this should work... (I'd > rather not tunnel rsyncd via SSH since I do not want to provide these users > with accounts).It's not possible to do something you intend. To provide an rsync server you'll have to punch a new (transparent) hole into your firewall. You cannot use the apache httpd as an reverse proxy because a rsync daemon is not a http server and is not able to talk http. There is also no need to use ssh for an anonymous (public) service. The proxy method of rsync ist meant to be used when your client is behind a firewall which will not allow a direct connection to the internet. When you use the rsync proxy option your client will connect to a http-proxy. It will use the CONNECT method of the proxy, which is normally intended to be used for https and is "almost" transparent. The http-proxy will have to be configured to allow connections to servers on port 873. Follow the FAQ how to setup an anonymous rsync daemon and change the policy of the firewall. cu, Stefan -- Stefan Nehlsen | ParlaNet Administration | sn@parlanet.de | +49 431 988-1260 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/rsync/attachments/20050209/a476f0ee/attachment.bin