LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Apache & Name Based Virtual Host then Pass this on to another server (https://www.linuxquestions.org/questions/linux-server-73/apache-and-name-based-virtual-host-then-pass-this-on-to-another-server-4175650122/)

Basher52 03-13-2019 03:00 PM

Apache & Name Based Virtual Host then Pass this on to another server
 
Hi all :D

I wonder if it's possible to use one server with Apache and use name based virtual hosts to show some sites from this server and in some cases pass it to another server
and also on that second server use name based virtual hosts using the same URL to separate them on this second server?

I can't find any info on this probably because I can't "ask" it correctly and I've tried some setups without getting it to work.

sevendogsbsd 03-13-2019 03:11 PM

Are you talking about load balancing? You could use something like "haproxy" but both apache instances would need to have the same content if you are load balancing. http://www.haproxy.org/

scasey 03-13-2019 04:04 PM

DNS is used to relate a domain name to an IP address.
Once the request is delivered to that IP address, the name-based VirtualHost defines what content to deliver.

From apache docs:
Quote:

Name-based virtual hosting is usually simpler, since you need only configure your DNS server to map each hostname to the correct IP address and then configure the Apache HTTP Server to recognize the different hostnames. Name-based virtual hosting also eases the demand for scarce IP addresses. Therefore you should use name-based virtual hosting unless you are using equipment that explicitly demands IP-based hosting. Historical reasons for IP-based virtual hosting based on client support are no longer applicable to a general-purpose web server.
Emphasis added. If you want a specific domain to be served by a different server, change the DNS for that domain.

sevendogsbsd 03-13-2019 05:00 PM

I think the OP wants this:
Quote:

using the same URL to separate them on this second server
in which case, unless I misunderstood the objective, won't work because DNS will have no idea where the asset is because the URL and thus the IP are the same.

Did I misunderstand this?

scasey 03-13-2019 05:55 PM

Quote:

Originally Posted by sevendogsbsd (Post 5973572)
I think the OP wants this: in which case, unless I misunderstood the objective, won't work because DNS will have no idea where the asset is because the URL and thus the IP are the same.

Did I misunderstand this?

No, I don’t think you misunderstood the OP. IMO what they’re asking to do is not possible....

As you say, a URL is related to an IP, so any attempt to “redirect” using the web server will just point back to the original IP (as defined by DNS). I’m saying if they want “some cases pass[ed] to another server,” they need to do that with DNS...that is to say, change the IP for that URL.

Perhaps the OP will explain why they’re asking...

Basher52 03-14-2019 03:57 PM

Nope, not load balancing, sorry

@sevendogsbsd & scasey, yes I think you got me correct as the end.

The first thing is:
Server 1 gets the call so is it possible to redirect to another IP address(Server 2) instead of a DocumentRoot on Server 1, in this case to another physical server in my own network, if not even this is possible then the second thing is a no go.

Second thing is: as Server 1 knows the URL as it can use that to separate each to different DocumentRoots I was hoping that I could like 'resend' this to Server 2 so also this one can use Name Based Virtual Hosts to separate them into different DocumentRoots on Server 2. I can't think of anything to be able to separate the URL on Server 2 into different DocumentRoots unless I know the URL, do you?

In my particular case Server 1 is supposed to take care of just 1 of the websites but this one also has a 'main page' that every other websites needs to go though to even get allowed in at all, first a login page and a, let's call it a 'list of sites available'. This will list all sites that can be tested and this list will get 'programmed' by me, although there might be more sites but no one can see or use them as the only way into them all are to select in the list.
Server 2 has the important sites and needs to be taken care of more properly, Server 1 is easy to setup again, therefor the separation of them.

Hope this will explain a bit more.

PS. I do not use a DNS server in these machines as the NBased VHosts works anyway. Well, I haven't installed or configured it anyway.

scasey 03-14-2019 06:20 PM

OK. Thanks for the clarifications.
All domain names have an "authoritative name server," so, if you have links on server1's home page that point to other domains by name, those requests are already using the DNS system to refer the domains to (now, presumably) server1's IP address.
Code:

dig somedomain.com NS
will return the authoritative name servers for the domain. You do not need to run your own name server.*

If you change the A records at the authoritative name server for those domains to point to server2 (and, presumably, server2 is configured to respond to the names), then you'll have what you describe.

You probably can configure apache on server1 to direct calls to server2's domains IP address, but the request on server2 will no longer have the domain name in the URI, so name-based VirtualHosts won't work, and all requests will just deliver the first VirtualHost defined on server2.

*Presumption: We're talking here about real, registered domain names that are available to the public.

Basher52 03-15-2019 02:45 PM

OK, so as I see it, it can't be done.
Got any other idea how to do a thing like this?

OK, Sure... I can do the same thing on both servers but I was also thinking of using S1 as the 'main' firewall too so S2 would almost be totally open and I that wont have to do this on S2.
The bad part is that if it grows I might need another server and then I'm gonna do it all over for the third time.
It's all in the hardware I use and it ain't great, but it works for testing etc.


The hardware I use is just some old computers I've got so I can't install VM's, not enough memory and the economy cuts me of to get the big mother.
I've slaughtered 11 workstations this summer to get place for other stuff and as I'm also into electronics I save all components and I now only
got 10 workstations left whereas I use the best as the main PC/Gaming. Wifey got the next best thing.

sevendogsbsd 03-15-2019 02:54 PM

This probably doesn't matter in your use case but I would never use a web server as a firewall in the real world. I had to say that...it's my job as a cyber guy, lol. :)

scasey 03-15-2019 03:00 PM

Quote:

Originally Posted by Basher52 (Post 5974243)
OK, so as I see it, it can't be done.
Got any other idea how to do a thing like this?

I guess I've not been clear enough. The way to do what you want to do is with DNS:

domain1 is on IP1 which is server1
domain2(3,etc) are on IP2 which is server2

domain1 on server1 has page of links behind some authentication
domain2
domain3
...
Those domains are on server2. Their DNS points to S2

Whether or not the other domains are on the same or a different server, you're still going to have to do something with each domain to verify the authentication.

Basher52 03-16-2019 01:43 PM

Quote:

Originally Posted by sevendogsbsd (Post 5974247)
This probably doesn't matter in your use case but I would never use a web server as a firewall in the real world. I had to say that...it's my job as a cyber guy, lol. :)

and I won't. On Server 1 I got a big iptables-script for my entire network and I want this to be run if you want in.
I'm gonna use this server as my Default Gateway too since the router I got sucks and it's firewall is sooooo bad.

Also, using the router I can't use Name Based VH so.....

Basher52 03-16-2019 01:54 PM

Quote:

Originally Posted by scasey (Post 5974248)
I guess I've not been clear enough. The way to do what you want to do is with DNS:

domain1 is on IP1 which is server1
domain2(3,etc) are on IP2 which is server2

domain1 on server1 has page of links behind some authentication
domain2
domain3
...
Those domains are on server2. Their DNS points to S2

Whether or not the other domains are on the same or a different server, you're still going to have to do something with each domain to verify the authentication.


Hmmm, sure am sluggish cos I still don't really get it.
I got some pals that I use to help with their websites. I copy it all to my own servers (S1 or S2) and get a temporary domain name, like from no-ip to point to these.
Depending on that name and what my Server1-list's IP-address it points to (192.168....) I either use Server1 or Server2.
By this I have to setup my own DNS service on both servers to do this?
Withing my own 192.168-network?
If so... I have to look into that.

PS. Sorry for that late answer, had a problem with this machine not booting. Am I lucky or what :banghead:
Some days are just too much :(

scasey 03-16-2019 02:10 PM

Quote:

Originally Posted by Basher52 (Post 5974493)
Hmmm, sure am sluggish cos I still don't really get it.
I got some pals that I use to help with their websites. I copy it all to my own servers (S1 or S2) and get a temporary domain name, like from no-ip to point to these.
Depending on that name and what my Server1-list's IP-address it points to (192.168....) I either use Server1 or Server2.
By this I have to setup my own DNS service on both servers to do this?
Withing my own 192.168-network?
If so... I have to look into that.

PS. Sorry for that late answer, had a problem with this machine not booting. Am I lucky or what :banghead:
Some days are just too much :(

I've been talking about real, registered domain names that have authoritative name servers pointing to public IP addresses.
I'm also presuming that the servers S1 and S2 are on public IP addresses.
If those two assumptions are not true, then what I've been saying doesn't apply.

If your temporary domain names point to your public IP address, then yes, you'd something internally to control which temporary name goes to which server. An (internal) name server, or maybe just some manipulation of /etc/hosts files on your (internal) servers.

Basher52 03-16-2019 03:21 PM

Soooo sorry for missing this very important info.
DOH :redface: :redface:

Since I don't own the domain names I can't just point them to another IP address for my testing as the site needs to be online as I fiddle with my stuff.
So here I just use temporary names so I can do whatever with the sites code without anyone noticing. Then later I can ask the owner go login in here to see
that I have done and if it's to his liking.
Also yes, the servers are for now NOT public. Later one (Server 1) will be public as it will be my Default Gateway. Server 2 though will NOT be public and use Server 1 as the Default Gateway.

I think I have to read up on this, I wonder what can be the easiest thing to do.
A /etc/hosts seems the easiest to do from my simple website-listing as I was talking about.
Installing an internal DNS service seems very complicated just for this.


All times are GMT -5. The time now is 09:36 PM.