|
[Original]
[Print]
[Top]
|
I need help. I've read freesco docs, tried Apache mod_proxy proxypass, and so on.
I currently have several domain names come to 1 public IP and one server with Apache multiple virtual hosts. I need to separate to mulitple physical machines, that may, in turn, use a few virtual hosts.
Ex: domain1.com --> machine1; domain2.com --> machine2
This needs to work with http and ftp.
Should I use some type of internal DNS server? I keep running into problems trying proxypass, namely "you don't have permission to access / on this server".
Looking for advice on best solution. If proxypass, I'll keep hammering away.
If some type of DNS server, I need concrete instructions...
Sorry in advance is this is already covered in the Forum; searched and read whatever I could find, but still not finding solution...
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Hi.
I could do with knowing this too.
linux.njdownes.com is the name of the DNS server (web server also running) which points to 80.7.13.151
I also have njd-vaio.njdownes.com (mail and web server running on this server) set up to point to 80.7.13.151.
The internal IP's are:
192.168.2.2 - linux.njdownes.com
192.168.2.3 - njd-vaio.njdownes.com
I basically need to set my DNS server up, so that requests hitting the DNS server for njd-vaio.njdownes.com get forwarded on to njd-vaio.njdownes.com.
I tried doing this before, but when doing an nslookup on the DNS server, you would get the external IP and the internal IP shown.
Any help with this would be appreciated.
If I've left any info that you need to know out, let me know.
Many thanks in advance.
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
I'm going to try using SQUID proxy server as a reverse proxy, with no caching.
See: http://www.rajeevnet.com/hacks_hints/secur...quid-proxy.html
I'll post an update if I succeed.
Update:
I have SQUID working as discussed using the advice from the link above.
Currently, 1 public IP will pass to multiple virtual servers on multiple physical servers using internal IP addresses.
If you are trying to pass http and ftp only, follow the instructions on the www.rajeevnet.com link above, but LEAVE OUT THE FLAG FOR --enable-ssl when compiling. You only need this option if you plan to have the SQUID server issue the certificates. If you are just forwarding the https request to the server behind SQUID, you don't need to compile with --enable-ssl !
If you are using a package manager to install (like RPM or apt-get) and run into problems, remove squid using the package manger, then compile and install manually, per instructions on the link above. I originally used apt-get, but ran into some problems. Be sure to create a user account for 'squid', and chown the 'var' file to squid as owner (see the instructions from rajeevenet.com).
I have not got SQUID to pass https connections to the virtual servers yet, but will post an update once this works too.
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Got it all working using rajeev's link above AND by using configuration suggested by http://lists.debian.org/debian-user/2001/1...1/msg00542.html
MAKE SURE YOU CHECK THE SYNTAX OF THE 'http_access allow CONNECT !Safe_ports' AND 'http_access allow CONNECT !SSLP_ports'
In the rajeev link, the syntax is 'deny' (which didn't work for me). The new link to the lists.debian site, says to use 'allow' instead, which is working.
Still having a little trouble with FTP. My privileged acct goes right through SQUID to target server ok. Other accounts do not.
|
|
|
[Original]
[Print]
[Top]
|
|
[Original]
[Print]
[Top]
|
Final Configuration:
1. Use a firewall/router to port forward external FTP requests to internal IPs using iptables. (Ex: ftp://www.site1.com:3939 hits router, which port forwards to internal ip 192.168.1.97:21 -- standard ip port running something like proftpd).
2. Use a firewall/router to port forward all http requests to a SQUID server, which is configures as a non-caching, reverse proxy accelerator. (Ex. http://www.site1.com ---> SQUID --> 192.168.1.91; http://www.site2.com --> SQUID --> 192.168.1.95 and so on.) This allows multiple physical servers with multiple virtual hosts on each [using apache server].
I'm sure you can configure both the firewall/router and SQUID on one box (some old Pentium II), but in my case, I have a linksys wireless router on which I've installed SVEASOFT instead of standard linksys (http://www.sveasoft.com) for cheap.
Also, I ran into a few glitches with SQUID on my Debian box. The current STABLE version of SQUID didn't work. I had manually installed the latest SQUID earlier, so I knew IT worked. Anyhow, I had to edit apt-get 'sources' file to allow for install of SQUID 2.5 (test status); SQUID 2.4 did not work.
Finally, there's the consideration of https and ssh. HTTPS can also be handled by port forwarding, just like ftp; ssh can be handled by tunelliing through the SQUID server. You can create a limited user acct. on the SQUID box for ssh. Once into the SQUID server, a user can type SSH within the SQUID and put in the IP of the internal server.
SQUID 3 is due out sometime in the near future. It will probably handle reverse proxy FTP and https....
|
|
|
[Original]
[Print]
[Top]
|
|
The content of this page is collected from Linux Forum, All copyrights and other associated rights are reserved by the original authors of the articles.