Supporting multiple webservers on one IP address

markrichards3 · 2014-10-16T08:48:47.000Z

Imagine a situation where a collection of web servers are protected by one Linux router/firewall as a single point of entry such as ClearOS. If the collection has access to multiple external IP addresses, the idea of having 1 to 1 NAT or some other mechanism within the Router to route different IP addresses to different web servers is obvious and easy to setup. However what happens when the collection only has access to one IP address?

Just in case you are wondering why I would want to do this, the answer is testing web software on different environments - running PHP on LAMP, WAMP and WIMP - from a single external source.

All current webservers - Apache, IIS, Nginx and even Node can be configured to respond to virtual hosts, whilst in turn the DNS records at an external Registrar can be configured to support virtual hosting by directing different domains and sub-domains to the given single IP address.

I do not know of way to configure a Linux Router system so that when it is connected to only one external IP address, it has the ability to respond to the Domain or Subdomain name, and route this address to the appropriate webserver within the collection of web servers (virtual or physical) - all on Port 80.

I do not believe that it can be done but I believe that it would be a useful module / solution to have to hand and am contemplating the funding of the creation of such a module.

What does the collected wisdom of Spiceworks have to say on this issue?

kramersdog · 2014-10-16T08:55:24.000Z

The easiest method would be using something like nginx as a reverse proxy and forwarding requests to whichever server, based on the requested host. Essentially you’d just create different reverse proxy entries, one for each host, and have it connect to the internal host, forwarding on all the details. In fact that’s essentially the only way to do it. Apache also has reverse proxy features, but I’ve never used them.

joewilliams · 2014-10-16T09:12:19.000Z

It sounds like a fairly trivial solution.

You’d run a webserver of some kind on the Linux firewall (Apache would work but I suspect you’d want something lighter) that simply reads the hostname header and forwards the request to the appropriate internal webserver.

markrichards3 · 2014-10-16T14:18:46.000Z

Veet: Thank you for taking the time to reply to my thread. Regrettably your reply has nothing to do with my question and I am forced to comment on it and to this effect in order to stop others from following your direction.

Your advice, gleaned from the Apache documentation or thereabouts, explains how to setup support for virtual hosts on an individual Apache web server. You will note how you were required to specify a Directory to serve up the Domain from the hard disk of the same webserver. You could have replaced that local Directory with a Mounted directory pointing at a different Server. However this would still have not achieved the result that I am seeking. What I seek to achieve is a mechanism to transfer execution from one Server to another whilst still retaining control over the Route.

If every internal webserver had an external IPv4 address, this would be no problem. Once one accepts that every Server has to have a traditional 192.168.x.x internal address, everything falls apart.

I thank Antaal, who has already made an interesting contribution. You are pointing me towards Nginx and Reverse Proxies. This is a completely new area for me and one that I shall have to investigate.

I thank Jos, it does indeed sound like a trivial problem, but is one that has defeated us to date.

I am going to wait a few more days to see what others have to say but I am already grateful for your advice as it tells me that an “off the shelf” solution may be possible.

justinsitton · 2014-10-16T17:14:05.000Z

The easiest method is to PNAT ports on your router/firewall port 80 to server0, 81 to server1 port 82 to server2, etc. Unfortunately you will then have to expect default traffic to hit server and have server0 return an index with the correct port numbers encoded in the url links to reach the additional servers. So with this setup you will hit http://example/ and get a from server0 of http://example:81 http://example:82 etc. You can however skip the index on server0 and just go with a personal list that says the centos server is accessed on http://example:81 and the windows xp webserver running tomcat is on http://example:82 and the potato powered atom pc running debian and LAMP is on http://exampl e:83. This is just for testing anyways. You also have to move the ports on each server to match the outside port, because when the server returns data, it’s going to say contact me back at :80 by default, it will need to be sending back the unusual non-default port.

I’ve done this for web based security camera DVRs where we did not want to give VPN access to a subcontracted security company to view cameras from their cell phones and remote office.

stevehebert · 2014-10-17T15:47:50.000Z

As stated earlier, any reverse proxy will do this (for http traffic, but not https).