httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Virtual Hosts behind Firewall Router
Date Tue, 22 Nov 2005 07:56:03 GMT
> -----Original Message-----
> From: Brian C [mailto:brianwc@berkeley.edu]
> Sent: Montag, 21. November 2005 20:13
> To: users@httpd.apache.org
> Subject: [users@httpd] Virtual Hosts behind Firewall Router
> 
> 
> Hi,
> 
> My network looks like this:
> 
> [Internet]
> |
> [Static IP:64.x.x.x]
> |
> [router/firewall:192.168.0.1]
> [port 80 traffic]___[port 53 traffic]_______[??nothing yet??]
> ______|____________________|______________________|_____________
> [main srvr:192.168.0.5|DNS srvr:192.168.0.6|NEW srvr:192.168.0.9]
> 
> The main server runs Apache 2.0 on OpenSuse and uses 
> name-based virtual 
> hosts to host about 5 low-traffic web sites. The DNS server runs BIND.
> 
> Now I want to run a new website on the new server, which also runs 
> Apache. However, all my port 80 traffic is routed to the main server. 
> So, how can I send requests for www.newwebsite.com to the new server 
> rather than having it end up at the main server? 

Your diagram is very clear - worth a thousand words...

There are at least two ways you can do this:

[Assumption: www.newwebsite.com resolves to Static IP:64.x.x.x, same as all main server sites]

1) Apache solution: Set up a new name-based VH in the main server to serve the new site and
then proxy all requests to new server:

in main server config:

	<VirtualHost *>
	  ServerName www.newwebsite.com
	  ProxyPass / http://192.168.0.9/
	  ProxyPassReverse / http://192.168.0.9/
	</VirtualHost>

Then all traffic can stay on port 80 on both servers. See http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#proxypass

1) FW solution:

	a) route requests based on port number (I'm assuming your FW can do this...)
	64.x.x.x:80 --> 192.168.0.5:80
	64.x.x.x:8080 --> 192.168.0.9:80	

	Then people have to access the new site like www.newwebsite.com:8080

	b) route requests based on Host header (I'm assuming your FW can do this...)
	5 original site names --> 192.168.0.5:80
	new site name--> 192.168.0.9:80

	Then people can access the new site like www.newwebsite.com

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


> What would I 
> change in 
> the main server's vhosts config (if anything), what would the new 
> server's vhosts config look like, and would any of this impact my DNS 
> files?
> 
> If it creates an easier solution, I wouldn't even care if the new 
> server's address had to be www.newwebsite.com:## where ## was some 
> unused port, because the newwebsite is going to be password protected 
> for just my own use anyway.
> 
> Also, if it sounds like I know what I'm talking about, that's a false 
> impression. Please explain things with lots of details. I 
> barely figured 
> out the above.
> 
> Thanks for any advice. I hope the picture above is clear.
> 
> Brian
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message