httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <...@bourse.ch>
Subject Re: Port-based Virtual Hosts
Date Tue, 15 Jan 2002 15:35:13 GMT
Darrel Austin wrote:
> 
> When would someone want to use
> port-based Virtual Hosts on the same machine? Would that be a
> security issue?

It's not to do with security - just separating web-sites: For example,
you might have a production web site accessible on port 80 and connected
to the web via a FW and a development version of the site on port 8000
accessible only internally (the FW blocks access to 8000 form the web).
So you can make changes to the development files and review them on port
8000 before checking them out on the production site.

> However, how would I then point a domain name at the
> machine listening on port 8080? AFAIK, the domain has to resolve to
> an IP address, which, by default, goes through port 80. So, I suppose
> my question is, can I redirect traffic that, by default is hitting
> the machine listening to port 80 to the machine listening to port
> 8080? My initial thought on the 'easy solution' was to point the
> domain name at the main server, and then just set up an HTML redirect
> to domain.com:8080 so that it goes to the other machine. Is that
> feasible?
> 
> Maybe this would be a better layout of what I have set up:
> 
> 255.255.255.255 (external IP that all domains point at.
>   |
>   |_ Router (set to direct ports to two different internal IPs)
>       |
>       |_ Machine 1 (internal IP: 10.0.0.10, listening on 80)
>       |    domain1.com
>       |    domain2.com
>       |
>       |_ Machine 2 (internal IP: 10.0.0.50, listening on 8080)
>            domain3.com
>            domain4.com

Is this a correct analysis of your situation:

- You have two separate machines which contain two separate sites. For
whatever reason, you cannot combine the content on a single server.
- You have one external IP address to which both domain names are
assigned.
- You want to distinguish between the two sites...

Clearly straight name-based VH-ing will not work because the sites are
on different machines. 

Port-based will kind-of work with the router setup you defined above but
the problem is that your URLs will be like http://domain1/ and
http://domain2:8080/ which is ugly, but worse, might not work in some
locations if an intermediate FW blocks non-standard ports like 8080.

Coming back to NBVHing, using a redirect or rewrite [R] for the second
site is cleaner (the user types in "domain2" but gets redirected to
"domain2:8080") but still suffers from the risk of FW-blocking.

One other solution might be to use mod_proxy (needs to compiled in or
loaded). The primary server acts as a proxy - serving requests to
domain1 itself and retrieving requests for domain2 from the second
server. Then I think you'd do:

Server 1:

NameVirtualHost ip-addr

<VirtualHost ip-addr:80>
  ServerName   domain1
  DocumentRoot /www/domain1
</VirtualHost>

<VirtualHost ip-addr:80>
  ServerName  domain2
  ProxyRemote * http://server-2-ip-addr
</VirtualHost>

Server 2:

DocumentRoot /www/domain2

I'm not an expert on mod_proxy so RTFM thoroughly before going live but
then the idea would be that server 1 would carry your external IP
address and receive the requests but go to server 2 (which would carry
an internal IP address) for domain2 data. Server 2 would just serve a
single site with no need for NBVHing.

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message