LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   multiple web servers with one public ip (https://www.linuxquestions.org/questions/linux-networking-3/multiple-web-servers-with-one-public-ip-705186/)

frieza 02-16-2009 05:55 PM

multiple web servers with one public ip
 
forgive if this has been asked before but
here is the scenereo
i am working at a place that has 2 physical web servers

yadayada1 and yadayada2
but only one public ip address
i can use dyndns to register 2 dynamic domains on the same ip address
how can i get yadayadayada1.dyndns.org to route to yadayada1 and yadayadayada2.dyndns.org to route to yadayada2 ?

TBC Cosmo 02-16-2009 07:28 PM

You may be able to do that with a reverse proxy server by creating name based virtual hosts in Apache that then proxy the connections to the two physical web servers.

Just a thought. Have not tried that.

lazlow 02-16-2009 08:59 PM

I think you would use a port redirect to do this. public.address1.com forwarded by dyndns to private.address.XXX:68 (or whatever port) and public.address2.com forwarded to private.address.xxx:69(just a different port than address1). Then on your local system set Nat(?) to forward port 68 to server1 and port 69 to forward to server2.

chort 02-16-2009 09:35 PM

Except don't use ports 68 or 69, since they belong to bootp and tftp. If you're going to makeup port numbers, use ports above 1023 (and try grep'ing for them in /etc/services to make sure they're unused).

chort 02-16-2009 09:35 PM

Except don't use ports 68 or 69, since they belong to bootp and tftp. If you're going to makeup port numbers, use ports above 1023 (and try grep'ing for them in /etc/services to make sure they're unused).

frieza 02-17-2009 10:33 AM

does the proxy have to be a multi honed proxy with the webservers behind as such?or can it be on the same switch as the webservers?

TBC Cosmo 02-17-2009 11:33 AM

I believe that the proxy server interfaces can all be on the same subnet with the two web servers.

chort 02-17-2009 01:54 PM

Quote:

Originally Posted by TBC Cosmo (Post 3447146)
I believe that the proxy server interfaces can all be on the same subnet with the two web servers.

Should be since the source address of packets sent to the webservers should be the IP of the proxy.

TBC Cosmo 02-17-2009 02:07 PM

I guess the concern is whether an interface on the proxy server that apache listens on needs to be on a different network, possibly a DMZ. But I don't think it's strictly necessary.

chort 02-17-2009 04:43 PM

Quote:

Originally Posted by TBC Cosmo (Post 3447332)
I guess the concern is whether an interface on the proxy server that apache listens on needs to be on a different network, possibly a DMZ. But I don't think it's strictly necessary.

I don't see why. The only thing you have to worry about is triangular routing, but that shouldn't happen when the source address is rewritten to the proxy server (this will happen automatically with an application-level proxy).

frieza 02-17-2009 08:08 PM

ok, would squid be what i am looking for? or should it be done with a third apache server that does nothing but redirect?
what docs would you best reccomend for doing this with squid or apache? and perhaps you could provide a working example?

TBC Cosmo 02-17-2009 08:26 PM

Squid or Apache has that capability, sorry - I have no working example but these can get you going

http://wiki.squid-cache.org/ConfigEx...ipleWebservers
http://www.serverwatch.com/tutorials...0825_3290851_3
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

frieza 02-18-2009 02:04 PM

here is what i have so far
where yadayadayada1 and 2.url.org are the urls called from the outside
and server1 and 2 are my internal server names
and x and x1 are the ip address of the machines
(hidden so that i dont reveal too much about the network in question)
but both point to the same site at the moment
what am i doing wrong?

Code:

http_port 80 accel defaultsite=www.sweetnam.eu vhost
forwarded_for on

refresh_pattern ^ftp:          1440    20%    10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .              0      20%    4320

cache_peer 192.168.1.x parent 80 0 no-query no-digest originserver name=server1
acl sites_server1 dstdomain yadayadayada.url.org
acl our_sites dstdomain yadayadayada.url.org
cache_peer_access server1 allow sites_server1

cache_peer 192.168.1.x1 parent 80 0 no-query no-digest originserver name=server2
acl sites_server2 dstdomain yadayadayada2.url.org
acl our_sites2 dstdomain yadayadayada2.url.org
cache_peer_access server2 allow sites_server2

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

http_access allow 192.168.1.x1
http_access allow 192.168.1.x

http_access allow manager all
http_access allow manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

access_log /var/log/squid/access.log
cache_mgr someone@somewhere.com


frieza 02-18-2009 06:48 PM

grr
it seemed to be working
then i went into webmin on one of the target servers via its direct ip and tried to add a virtual host and everything blew up

billymayday 02-18-2009 06:52 PM

See if my response here (http://www.linuxquestions.org/questi...me-lan-705718/) helps


All times are GMT -5. The time now is 09:42 PM.