Multiple internal servers - req port 80

Support for webhosts that use CentOS
Post Reply
areamike
Posts: 14
Joined: 2009/03/16 02:50:51
Contact:

Multiple internal servers - req port 80

Post by areamike » 2012/09/07 18:44:10

Hello,

I have two internal servers running CentOS with Apache.

My goal is to point one of my domains to one server and the other domain to the other server. I know that this is not possible as you cannot port forward port 80 to two different internal IP's.

However, I am thinking that with the use of the VirtualHosts directive and or mod_proxy, this can be accomplished. The problem is after extensive searching I cannot seem to get this to work.

Example:
www.mydomain1.com port forwards to internal IP 192.168.0.10

I then want:
www.mydomain2.com port forwards to internal IP 192.168.0.10 but then have server on 192.168.0.10 send www.mydomain2.com requests to the other server on 192.168.0.11


Anyone know how to get this done?


Thanks!

areamike
Posts: 14
Joined: 2009/03/16 02:50:51
Contact:

Re: Multiple internal servers - req port 80

Post by areamike » 2012/09/07 19:18:36

I think I figured it out.

Using the VirtulaHosts directive:

[code]
<VirtualHost *:80>
ServerName www.mydomain2.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / http://192.168.0.11/
ProxyPassReverse / http://192.168.0.11/

</VirtualHost>
[/code]
Now all my outside requests for domain2.com are going through my server on 192.168.0.10 and ending up at 192.168.0.11

I hope this helps others.

By they way, this only works for http requests. ssh and ftp etc. will not work using this method. But that does not affect me as I use obscure port numbers for ftp and ssh to deter hackers/script kiddies from hammering my servers.

User avatar
TrevorH
Forum Moderator
Posts: 26915
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Multiple internal servers - req port 80

Post by TrevorH » 2012/09/07 21:23:58

If you really wanted to, iptables could be used to redirect ssh traffic though it's more difficult with ftp since that uses weird and wonderful multiple ports. It does presume that you use a different ssh port on each system of course.

areamike
Posts: 14
Joined: 2009/03/16 02:50:51
Contact:

Re: Multiple internal servers - req port 80

Post by areamike » 2012/09/08 17:41:27

[quote]
TrevorH wrote:
If you really wanted to, iptables could be used to redirect ssh traffic though it's more difficult with ftp since that uses weird and wonderful multiple ports. It does presume that you use a different ssh port on each system of course.[/quote]

That's exactly what I do. I use really obscure port numbers for SSH but I never use FTP as I find using SSH for SFTP is more secure and less likely to be compromised. I did find that when I used standard port 22 for SSH, my server was getting hammered by auto hack attempts on a daily basis. Once I changed that port to something else, I have not had one single hack attempt through SSH. I recommend this as a common practice for anyone that uses SSH.

User avatar
TrevorH
Forum Moderator
Posts: 26915
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Multiple internal servers - req port 80

Post by TrevorH » 2012/09/08 20:52:30

So you'd do something along the lines of

[code]
iptables -t nat -I PREROUTING -d 192.168.0.10 -p tcp -m tcp --dport 60022 -j DNAT --to-destination 192.168.0.11:60022
iptables -t filter -I FORWARD -d 192.168.0.11 -p tcp -m tcp --dport 60022 -j ACCEPT
[/code]

Might also need to set net.ipv4.ip_forward = 1 and net.ipv4.conf.default.rp_filter = 2 in /etc/sysctl.conf

Post Reply

Return to “CentOS 5 - Webhosting Support”