httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Lowe <mark.l...@boxstuff.com>
Subject Re: [users@httpd] ip aliases vhosts
Date Mon, 31 May 2004 19:17:56 GMT
Sorry Mike

I didn't see you post until just now.

What part are you having trouble with? My situation is complicated by 
the fact that the dns stuff and web server are all on the same box.

If this is you problem (as it was mine) the key words are "bind views". 
You can setup views in bind to handle requests from different ip's..

In terms of apache everything is running, but to get it playing the 
game when a request comes from outside (not from the server itself). 
The stuff to read on ipaliasing is ifconfig, but i wont go into detail 
as this differs depending on the platform (I crashed our live linux box 
twice trying directives that worked on osx).

Here's the mail i was sent, and I've got half way into porting things 
across, but my day job is a developer rather than systems 
administrator. One thing I'll add to steve's mail is make sure external 
dns servers as listed in /etc/resolv.conf so your machine can still see 
the rest of the world.

I'll post a full solution in the next week or so when i'll have a real 
world example to share. I've got as far as moving all our domains to 
the external configuration. Next will be the ip aliasing all the 
domains, and then the "internal records" .

My apologies to Balanand but cryptic answers that don't help anyone 
really rub me up the wrong way.

<mail from steve cowles on redhat list>

Are you sure you're not wanting (asking how) to implement bind views? 
i.e.

-----------------------------------------------
# cat /var/named/internal/db.maindomain

$ttl 38400
@       IN      SOA     mainhost.maindomain.com.
root.mainhost.maindomain.com. (
                          1084742277
                          10800
                          3600
                          604800
                          38400 )
hosteddomain.com.           IN     NS ns.maindomain.com.
www.hosteddomain.com.       IN     A       10.0.0.10
ftp.hosteddomain.com.       IN     A       10.0.0.10
mail.hosteddomain.com       IN     A       10.0.0.10
hosteddomain.com.           IN     A       10.0.0.10

-----------------------------------------------
# cat /var/named/external/db.maindomain

$ttl 38400
@       IN      SOA     mainhost.maindomain.com.
root.mainhost.maindomain.com. (
                          1084742277
                          10800
                          3600
                          604800
                          38400 )
hosteddomain.com.           IN     NS ns.maindomain.com.
www.hosteddomain.com.       IN     A       4.5.6.10
ftp.hosteddomain.com.       IN     A       4.5.6.10
mail.hosteddomain.com       IN     A       4.5.6.10
hosteddomain.com.           IN     A       4.5.6.10

-----------------------------------------------
#cat /etc/named.conf

options {
         directory "/var/named";

         pid-file "/var/run/named/named.pid";
         statistics-file "/var/log/named/named.stats";
         dump-file "/var/log/named/named.dump";
         zone-statistics yes;

         // Listen ONLY on the following interfaces
         listen-on { 127.0.0.1 ; 10.0.0.10; };
...[snip]
};

acl "trusted-nets" {
         10.0.0.0/24;
         127.0.0.1;
};

...[snip]

view "internal" in {
         //Only allow trusted nets to query this view
         match-clients { trusted-nets; };

         // Enable recursion for this view
         recursion yes;

         // Cache data retrieved in this view
         additional-from-auth yes;
         additional-from-cache yes;

         // Load the "root" (hints) zone
         zone "." in {
                 type hint;                      // Zone is of type hint
                 file "root.cache";              // Specify the root 
filename
         };

         // Load the internal 127.0.0 reverse zone
         zone "0.0.127.in-addr.arpa" in {
                 type master;                    // Zone is a master
                 allow-transfer { none; };       // Do not accept zone
tranfers
                 allow-query { any; };           // Allow anyone to query
zone
                 file "internal/db.127.0.0";     // Load internal zone 
file
         };

         // Load the internal maindomain.com zone
         zone "maindomain.com" in {
                 type master;                            // Zone is a 
master
                 notify yes;                             // Send 
notifies?
                 file "internal/db.maindomain";          // Load zone 
file
         };
...[snip]
};

view "external" in {
         //Allow anyone to query this view
         match-clients { any; };

         // Disable recursion for this view
         recursion no;

         // Do NOT cache data retrieved in this view
         additional-from-auth no;
         additional-from-cache no;

         // Load the "root" (hints) zone
         zone "." in {
                 type hint;                      // Zone is of type hint
                 file "root.cache";              // Specify the root 
filename
         };

         // Load the external maindomain.com zone
         zone "maindomain.com" in {
                 type master;                    // Zone is a master
                 notify yes;                     // Send notifies?
                 allow-query { any; };           // Allow anyone to query
zone
                 file "external/db.maindomain";  // Load zone file
         };
...[snip]
};

# cat /etc/resolv.conf
search maindomain.com
nameserver 127.0.0.1
...[snip]


At least that's what I do at this end. Using the above example, any 
host on
your lan configured to use this DNS server along with the server itself
(127.0.0.1) would return the 10.0.0.10 address. A query to your DNS 
server
originating from the internet would return the 4.5.6.10 address. FWIW: I
configure my apache virtual's to refernece the internal ip address like 
what
you posted.

Steve Cowles
</mail from steve cowles on redhat list>

Mark

On 24 May 2004, at 17:31, Michael Klama wrote:

> Mark,
> Please post the solution to your network setup as I have a similar 
> network
> situation I need to setup and am have trouble understanding how to do 
> it.
> This thread is about the closest that I have seen to what I need and 
> would
> appreciate your help.
>
> Mike
>
>
> MRKtechWEB makes it simple to get your personal, business, or 
> organizational
> presence on the internet with our easy to use web hosting plans.  Make 
> the
> right choice for your business now at www.mrktechweb.com
>
> -----Original Message-----
> From: Mark Lowe [mailto:mark.lowe@boxstuff.com]
> Sent: Sunday, May 23, 2004 6:44 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] ip aliases vhosts
>
> Okay ..
>
> Forgive my stupidity. But lets say I've the domain hosteddomain.com 
> which is
> hosted on the same box which is known the world as maindomain.com
>
> hosteddomain.com.     	IN     NS	ns.maindomain.com.
> www.hosteddomain.com. IN     A       10.0.0.10
> ftp.hosteddomain.com. 	IN     A       10.0.0.10
> mail.hosteddomain.com 	IN	A	10.0.0.10
> hosteddomain.com.     	IN     A       10.0.0.10
>
> Now when I ping hosteddomain.com it correctly returns 10.0.0.10 .. But 
> this
> of course is pretty useless. Apache seems to work fine with my 
> directives as
> when i request www.hosteddomain.com i get the index page
>
> curl www.hosteddomain.com
>
> Ideally I could do this without using the hosts file so when we get 
> another
> server, I can change the ip for ns.maindomain.com, mv my network 
> scripts
> with the ipaliases to another machine and thus make lighter work of 
> such a
> move.
>
> Now while I'm well aware this is perhaps more a apache list rather 
> than a
> dns list, I'm sure there must be someone who
>
> 1. Has done this in the real world.
> and
> 2. Is charitable enough to provide more than mystical insights into the
> matter. But something like I've used to describe the problem and the 
> sorts
> of examples I like to give when responding to mailing lists and such 
> like.
>
> I've just had a great answer on another list, and I hope to post the
> solution on this thread when I'm done. Or I could just wait to the 
> next poor
> soul to have this problem, and just mail snippets that express enough 
> to
> demonstrate what I know what I'm talking about, without actually 
> helping
> anyone solve the problem.
>
> Thanks
>
> Mark
>
> On 23 May 2004, at 23:52, PINNI, BALANAND (SBCSI) wrote:
>
>> The reason why I said as DNS because URL to IP conversation can take
>> place on server by setting in /etc/hosts but not for remote servers.
>>
>> # nslookup urlname.domain.com
>>
>> should Display  IP . Only then it will work.
>>
>> Thanks
>> Balanand Pinni
>>
>> -----Original Message-----
>> From: Mark Lowe [mailto:mark.lowe@boxstuff.com]
>> Sent: Sunday, May 23, 2004 4:16 PM
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] ip aliases vhosts
>>
>>
>>
>> On 23 May 2004, at 23:05, PINNI, BALANAND (SBCSI) wrote:
>>
>>> I have SSL but one per box.
>>>
>>> Now I have Vanitive URL i.e Aliased to network interface with
>>> ifconfig cmd is unix.
>>> So you can create multiple aliases on same physical network to access
>>> apache on the web with alias.
>>
>> Yep that's all done
>>
>>>  You need to set this is your DNS
>>> server too from Unix point of view.
>>
>> This is where i think things are wrong, which I'm still looking into.
>> Problem is that the domain name resolves to the ip alias and not the
>> real ip. But I guess this is an apache list not a dns one.
>>
>>>
>>> Now set virtual host for each alias on 443 with Listen 443 i.e.
>> several
>>> stanzas.
>>>
>>> It will work.
>>
>> That in itself helps. Thanks
>>
>>>
>>> Stop and start apache .See logs for any errors if any.
>>
>> I have been..
>>
>>>
>>> Good luck.
>>>
>>> Thanks
>>> Balanand Pinni
>>>
>>> -----Original Message-----
>>> From: Mark Lowe [mailto:mark.lowe@boxstuff.com]
>>> Sent: Sunday, May 23, 2004 3:58 PM
>>> To: <users@httpd.apache.org> <users@httpd.apache.org>
>>> Subject: [users@httpd] ip aliases vhosts
>>>
>>>
>>> Hello
>>>
>>> I started a thread on this some time ago, and while I appreciated the
>>> help that was given I still haven't managed to configure things as
>> I've
>>> tried.
>>>
>>> I'd really appreciated hearing from anyone who has this working,
>> rather
>>> than just understanding the principles as I  understand what the docs
>>> are saying what I should be able to do, but still cant find a way of
>>> getting it running.
>>>
>>> I've created several ip aliases
>>>
>>> 10.0.0.10, 10.0.0.11, 10.0.0.12
>>>
>>> Listen *:80
>>> Listen *:443
>>>
>>> I've tried the following variations.
>>> NameVirtualHost *
>>> and
>>> NameVirtualHost *:80
>>> NameVirtualHost *:443
>>> and
>>> NameVirtualHost 10.0.0.10
>>> NameVirtualHost 10.0.0.11
>>> NameVirtualHost 10.0.0.12
>>> and
>>> NameVirtualHost 10.0.0.10:80
>>> NameVirtualHost 10.0.0.11:80
>>> NameVirtualHost 10.0.0.12:80
>>> NameVirtualHost 10.0.0.10: 443
>>> NameVirtualHost 10.0.0.11: 443
>>> NameVirtualHost 10.0.0.12: 443
>>>
>>> And virtual hosts
>>>
>>> <VirtualHost 10.0.0.10:80>
>>> ServerName www.foo.com
>>> ...
>>>
>>> <VirtualHost 10.0.0.10:443
>>> ServerName www.foo.com
>>>
>>> and so on.
>>>
>>> I need to have this running so I can have multiple ssl certs being
>>> served from the same box. So wildcarding so Joey's example wont work
>> in
>>> this case.
>>>
>>> Someone must have this working, I've read a few bits and pieces on
>>> doing this. But something just isn't playing the game .
>>>
>>> Many thanks
>>>
>>> Mark
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message