Re: Multiple web servers hosting different sites behind single public IP (all listening on port 80)?

Thu, 01 Jul 2010 16:56:27 -0700 

On Thu, 1 Jul 2010, Scott Wood wrote:

>I have a few years experience using OpenBSD firewalls in a small business
>Environment and I love it.
>
>I've recently switched over to a single static IP and am struggling with a
>Problem: How to have multiple web servers hosting different sites behind
>single
>public IP (all listening on port 80)?
>
>I have a 2-legged OpenBSD 4.7-stable firewall (i386) behind a single static
>IP.
>My only DNS (currently) is external which establishes abc.com -->
>$my-static-ip
>
>        Internet
>           |
>         ------
>        |      |
>        | OBSD |
>        |  4.7 |
>         ------
>           |
>           |
>       Private DMZ
>     _______|_____
>     |     |     |
>    ---   ---   ---
>   | 1 | | 2 | | 3 |
>    ---   ---   ---
>
>I can port-map to the various servers just fine (ie: abc.com:8080,
>abc.com:8888,
>etc.) but this is NOT the desired configuration.
>
>The 3 different web servers should all be accessible via port 80:
>  abc.com, coolstuff.abc.com, abc.com/coolstuff
>
>It seems like there should be an easy elegant way to handle this using
>OpenBSD.
>Do I need to setup a secondary/slave DNS server on my DMZ?
>Can I use relayd?  Looks great!

Perhaps I'm missing something, but why don't you set up 'virtual hosts'
on your webserver (based on the 'Host' header); this appears to be
exactly the kind of situation that feature was designed to handle.
You'll need to add a DNS entry for coolstuff.abc.com pointing to the
same IP address as abc.com does.  [That doesn't work for
abc.com/coolstuff, but it's not at all clear how that worked in your
original setup -- since abc.com and abc.com/coolstuff would necessarily
connect to the same IP address.]

        Dave

>I've read the following docs about relayd and it sounds like it'll do
>"reverse web proxying" which is what I need.
>But I couldn't quite see how to filter/redirect on the hostname or
>URL...(I'm sure it's there, but I don't get it!).
>
>http://www.openbsd.org/cgi-bin/man.cgi?query=relayd&sektion=8&arch=&apropos=
>0&manpath=OpenBSD+Current
>http://www.unixtechnics.org/openbsd-relayd.html
>https://calomel.org/relayd.html
>
>Can anyone shed any light on this for me?
>Please tell me if I'm barking up the wrong tree!
>
>Many thanks, Scott
>

-- 
Dave Anderson
<[email protected]>

Reply via email to