-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First, squid and apache can do the same proxy task, and I know that you already know how to do this in apache, so the web side is covered (besides, Apache has support for vhosts, so you don't really need a reverse proxy). SSL only cares about the name of the server, so the cert for sample.domain.tld must resolve to the outside IP, so that end users don't get a warning pop up.
SSH is fugly because of the host verification part. I do not remember there being an easy solution to this, but I will check the SSH book I have kicking around, I am pretty sure this scenario was covered. Cyrus (provides POP(S)/IMAP(S)) has support for vhosts, where the username is either the full email address or all usernames must be unique, so no [EMAIL PROTECTED] and [EMAIL PROTECTED] Of course all email is on the same server (or same cluster, so the same logical server from the end users point of view). I have been using cyrus for a long time, so I have 50+ domains where each username is unique. There are some POP/IMAP proxies out there. I have never used any of them, nor do I know if they work with SSL/TLS services. SMTP + TLS + Auth could also be a problem for you. Most hosting companies use vhost for web, and their own server for mail, the end user does not get their own mail server (unless we are dealing with colocation or managed server, in which case you also get your own IP). Most people could care less about the technical details of email, including most of the admins I know (Exchange Admins are particularly bad, I have no idea why a frighteningly large number of them turn off retries and other sensible mail settings. Badly configured Exchange servers account for ~9 out 10 email problems my clients experience). One question that pops into my head, is why each server needs its own distinct mail server? Hope this helps, Shawn wrote: > bogi wrote: >> Now, if you would have say 5 ip addresses, and pick them all up in the >> single >> red interface (virtual), it would be easy to use iptables to foreword the >> traffic accordingly. > > But even with 5 IP addresses, you will eventually run into a situation > where you want service X to have the usual public port, but need to be > forwarded to 5 or more servers based on domain name. > > Right away I can see say 6 domains, each of which need ssh access. How > do you handle the 6th domain without resorting to using different ports? > Replace ssh with FTP, or POP3, or IMAP, or... > > I know this problem has been handled - take a look at all the hosting > companies out there that provide web/mail/ftp services to multiple > domains, but have a small pool of IP addresses. > > I also know I can get my current situation working by fudging each of > the services individually. But there has to be a better way. Something > like "all traffic for domain x.com goes to internal IP x.x.x.x, but ftp > traffic for that domain goes to y.y.y.y", but the domain must be the > domain name - not the resolved IP. > > Kinda like a reverse proxy - but for more than http. > > Still digging.... > > Shawn > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFMtfOwRXgH3rKGfMRAsnUAJ42ckFJgwxlU75/yrj7dcS+JQnFSwCfWuvc lIeLbULhuXX9b5w8QWl06q8= =VkD+ -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
