If you're looking for a cheap alternative, you can just setup different ports on IPCop to redirect to 443 on the backend (no need for a load balancer).
For example, you can go to Https://mail.company.com:444/exchange And redirect port 444 on Ipcop to 443 on the internal IP. -----Original Message----- From: Andy Ray [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2008 4:07 PM To: [email protected] Subject: [Pound Mailing List] Pound usage for multi-domain solution. Hello - I have been searching for a solution to a problem with multiple domains and services behind a single IP. From my research I think that a reverse proxy may be the solution, but judging from the landing page I cannot tell if what I am attempting to do is impossible or just very difficult. (grin) I have the following setup: Internet | IPCop on Corporate Broadband connection (Single IP) | Internal Network The problem that they have is that we have several internal servers that we would like to use products/services/servers that may compete for port usage. Example: -Web Services are primarily on IIS (port 80), these are easily handled with host headers, but if we need to also access a virtual server that may be a linux box, we can't bridge to from IIS without a proxy (if I understand correctly). -SSL VPN connectivity solution on a VMWare appliance using HTTPS port. -Exchange with OWA is published on the IIS Web server - they would like to use HTTPS for OWA. What they would like to do is direct mail.company.com:443 to the OWA resources and vpn.company.com:443 to the SSL VPN appliance (two separate internal IP addresses). I understand that the preferred/accepted way for doing this is to obtain multiple IPs from the ISP and map those internally. Unfortunately that is not an option with the provider available in the area at this time. >From the landing page for Pound, it looks like there is a problem with multiple domain redirection to single internal host IP with virtual servers on that same IP, unless a wildcard cert is used, which seems to indicate that it may be possible if all 443 traffic is redirected to a single host/ip. >From my small understanding of what I've read, Pound (or any other reverse proxy) is unable to decipher the host header because it comes after the SSL tunnel is negotiated. It would seem that the only solution left would be to use a product like Microsoft's ISA server that does seem to be able to reverse proxy SSL connections. If this is the case, I'm just a bit surprised that there isn't an option in the *nix world to achieve this goal. I welcome any assistance or guidance. I'm relatively new to the *nix world, but I see great strength in the community and products. Thanks! Andy -- To unsubscribe send an email with subject unsubscribe to [EMAIL PROTECTED] Please contact [EMAIL PROTECTED] for questions. -- This message has been scanned for viruses and dangerous content by SecureMail, and is believed to be clean. -- To unsubscribe send an email with subject unsubscribe to [EMAIL PROTECTED] Please contact [EMAIL PROTECTED] for questions.
