Hello,
In my attempt to have a basic understanding of all the environment that is running in vSphere, I have some basic questions about how some of these services work. They are not my area, but run on the system I am partially responsible for so I would like to know what they do. I am sure these questions are going to come off simply to most, but these are areas that I have little to know experience in.
so reverse proxy given multiple containers determines which one next traffic should go into. First, can containers be used for web hosting? Can reverse proxy have one IP address and allow access into multiple sites or containers, or are they completely different?
so www.web.com (67.101.98.50 external) First off is that ip address registered with a authoritative web service. typically if you don’t host your own site locally, the ip address is handled by the hosting service. but in this case we are wanting that name www.web.com to reach our external address of 67.101, which is a reverse proxy to multiple containers. Where does that proxy lie, what protection does it have, how are outside users able to access this site? Is this just a firewall setting that is letting traffic in? Is a DMZ between firewalls, or is it between firewall configurations?
Any small advice or pointers would be helpful, my area is typically virtualize and physical hardware and LAN configurations. I am very lost when it comes to this.
4 Spice ups
Spiceuser-Noob39:
so reverse proxy given multiple containers determines which one next traffic should go into. First, can containers be used for web hosting? Can reverse proxy have one IP address and allow access into multiple sites or containers, or are they completely different?
Containers can be used for web hosting, yes
A reverse proxy can have one or many addresses and the container would use a port and ip so if you tell the proxy to relay connections to the ip and port of the container that’s what it’ll do.
Spiceuser-Noob39:
so www.web.com (67.101.98.50 external) First off is that ip address registered with a authoritative web service. typically if you don’t host your own site locally, the ip address is handled by the hosting service. but in this case we are wanting that name www.web.com to reach our external address of 67.101, which is a reverse proxy to multiple containers. Where does that proxy lie, what protection does it have, how are outside users able to access this site? Is this just a firewall setting that is letting traffic in? Is a DMZ between firewalls, or is it between firewall configurations?
The way I’d do it is to have the proxy facing the internet on your public ip with the containers on private managed IP’s, that way you have one public ip address and everything relays the the container based on the SNI of the web server you want to get to.
Outside users access via the proxy.
The firewall would be in front of the proxy and allow web connections from the client to the proxy which relays to the container.
To be honest you might want to do this in layers, install a web server, connect to that and test. Put the web server in a container, test, add in the proxy, test and so on. I wouldn’t recommend you do this publically until you understand what you’re doing as you could have some major security vulnerabilities.
2 Spice ups
netris
April 11, 2023, 10:51am
3
Yes, containers can be used for web hosting with multiple containers “sharing” a single public IP, this is what the reverse proxy does.
Spiceuser-Noob39:
so www.web.com (67.101.98.50 external) First off is that ip address registered with a authoritative web service. typically if you don’t host your own site locally, the ip address is handled by the hosting service. but in this case we are wanting that name www.web.com to reach our external address of 67.101, which is a reverse proxy to multiple containers. Where does that proxy lie, what protection does it have, how are outside users able to access this site? Is this just a firewall setting that is letting traffic in? Is a DMZ between firewalls, or is it between firewall configurations?
Authoritative web service? Not sure what you’re asking there… The reverse proxy will likely live on the container host. The protection it has are whatever security mechanisms you have in place between your ISP link and the container host. Outside users access via publicly hosted DNS records that resolve to your public IP (67.101.98.50). How the firewall is or isn’t configured is impossible to answer without seeing your configuration, but I would hope there is at least one firewall in the path that is allowing the inbound traffic on HTTP/HTTPS ports only.
1 Spice up
