| LinHES Forums http://forum.linhes.org/ |
|
| Multiple webservers http://forum.linhes.org/viewtopic.php?f=13&t=15399 |
Page 1 of 1 |
| Author: | gatorback [ Mon May 28, 2007 10:34 am ] |
| Post subject: | Multiple webservers |
With the addition of a KM system, I now have 2 webservers. The other is a M$ 2003 webserver, with AD \ DNS. That being said, I can only forward port 80 to one of the two machines at a time. I think that it is possible to forward the ports to the 2003 server machine so that it routes requests, such as http:\\mythserver.mydomain.com, to the mythserver. Likewise it would be nice to map http:\\msmachine.mydomain.com to the M$ webserver. This could be a whole new thread, but I thought that it would be important to mention. I would prefer to setup the M$ active domain \ DNS server to handle this traffic because they are on virtual machines (easily backed up and restored), whereas, my KM machine is running on 'bare metal' and leery of making experiemental changes. I would think that even if routing these requests were successful, I would need to mod the webservers so that generated links reflect the addition of a DNS zone: http:\\www.mydomain.com\projectserver would become: http:\\www.msmachine.mydomain\projectserver. Is there an article out that outlines how this can be done? I tried searching on 'DNS', however, after 3 hours I have only ended up creating more questions than I have answered. |
|
| Author: | tjc [ Mon May 28, 2007 11:41 am ] |
| Post subject: | |
For a dead easy solution, why not just configure the Apache instance on the KM box to another port? In file /etc/apache2/ports.conf chnage the port it's listening on to 8080 or the like. |
|
| Author: | gatorback [ Mon May 28, 2007 3:02 pm ] |
| Post subject: | |
tjc, thank you for the quick fix. This will get me by. I did find an article for a linux proxyserver. I have my domain mapped to a dynamic IP address. Click here to see how it was done. I think what I need now is to setup a proxyserver to resolve the FQDN to the LAN IP host addresses. I will continue to search for a similar article for a M$ 2003 proxy server and post it when I find it. |
|
| Author: | cjd1 [ Mon May 28, 2007 5:33 pm ] |
| Post subject: | |
If Apache on the Knoppmyth box were to receive the traffic, there are plenty of tutorials on Apache.org about setting up a virtual server to route msmachine.mydomain.com requests to that machine. |
|
| Author: | khrusher [ Mon May 28, 2007 7:19 pm ] |
| Post subject: | |
I have this type of setup on my network. the 'firewall guy' at work only allows http access to port 80, so my old setup of an apache server on 80 and a second on 8080 doesnt work. I am a little different then the original post as my knoppmyth box is NOT the box exposed to the internet, rather it is the second box in the series. modem -> router -> webserver -> myth my router forwards inbound port 80 traffic to the webserver. If the URL that is sent to the webserver is http://<ip>/mythweb, the request is forwarded to the apache server on the myth box. To make this happen you need two apache mods on the server that your router forwards to.(webserver in my case ) ... MOD_PROXY and MOD_PROXY_HTTP. in my world, the webserver apache installation has these mods and the following config: Code: <IfModule mod_proxy.c> ProxyRequests Off <Proxy *> AddDefaultCharset off Order deny,allow # Deny from all Allow from all #Allow from .example.com </Proxy> # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via: hea ders) # Set to one of: Off | On | Full | Block ProxyVia On ProxyPass /mythweb http://192.168.1.50:8080/mythweb ProxyPassReverse /mythweb http://192.168.1.50:8080/mythweb ProxyPass /stream http://192.168.1.50:8001/ ProxyPassReverse /stream http://192.168.1.50:8001/ </IfModule> the important parts are at the bottom...my myth box is at 192.168.1.50. port 8080 Code: ProxyPass /mythweb http://192.168.1.50:8080/mythweb
ProxyPassReverse /mythweb http://192.168.1.50:8080/mythweb these lines redirect all http://<routerIP>/mythweb to the apache server on 192.198.1.50 port 8080 for those that us mythstreamtv, the last lines allow me to point vlc to http://<routerIP>/stream to access my vlc streams via the webservers apache forwarding. (for extra credit, I do all of this through a ssh/putty encrypted tunnel) workPC -> SSH tunnel -> router -> webserver (MOD_PROXY) -> mythweb |
|
| Author: | gatorback [ Tue May 29, 2007 7:35 am ] |
| Post subject: | |
khrusher, excellent explanation: it is carefully thought out and concisely worded. This is a significant contribution to the forum and will not only help me, but will help others in the future. Out of curiousity, is KM setup such that access is only through SSH? |
|
| Author: | Gnarl [ Tue May 29, 2007 8:59 am ] |
| Post subject: | |
what I've done in the past is port re-direction. I run IPCop, which makes it easy for me to forward any port to another port. All web servers still listen on port 80 but the firewall forwards port 80 to port 80 one machine and 81 to port 80 on another machine. works really quite well. |
|
| Author: | khrusher [ Tue May 29, 2007 9:07 am ] |
| Post subject: | |
that was how I was originally setup...that was until i switch employers and could no longer access non-port-80 webservers from work. It's nice having the extra webserver ($28 pc from ebay) . - Keeps my myth box as 'myth-only' and - I run Privoxy so I can bounce my internet traffic through my home connection (again via encryped tunnel) to keep the firewall guy happy. - another place to fold proteins |
|
| Author: | gatorback [ Tue May 29, 2007 11:51 am ] |
| Post subject: | |
Gnarl, I am not sure I understood your message. I think what the message described a port forwarding mechanism that allows mapping of port 80, 81, 82 ... to port 80 on different LAN webservers. The WAN port determines which LAN server is accessed. |
|
| Author: | Gnarl [ Tue May 29, 2007 12:01 pm ] |
| Post subject: | |
gatorback wrote: ...mechanism that allows mapping of port 80, 81, 82 ... to port 80 on different LAN webservers. The WAN port determines which LAN server is accessed. That's exactly it, iptables on my WAN/router forwards to the web servers based on what port was accessed on the WAN/router.
|
|
| Author: | khrusher [ Tue May 29, 2007 12:40 pm ] |
| Post subject: | |
most home-network quality firewall products only allow mapping inbound ports to a particular IP address in the LAN. This forwarding doesnt allow mapping of different port numbers. With these routers, the following is NOT possible. Code: http://<WAN-IP>:80/ -> http://<LAN-IP>:8080 You can do this if you want... Code: http://<WAN-IP>:80/ -> http://<LAN-IP>:80
http://<WAN-IP>:81/ -> http://<SECOND-LAN-IP>:81 Or you can setup your 'port-80' webserver as a reverse proxy |
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|