Problem: apache2, nat , virtual hosts and Public IP

Forum Moderators: phranque

Message Too Old, No Replies

Problem: apache2, nat , virtual hosts and Public IP

khans

9:16 am on Oct 25, 2007 (gmt 0)

Hi!
My present conf is:
Apache 2 with many domains behind firewall/NAT.

Listen 80
NameVirtualHost *:80
<Virtualhost *:80>
Servername Domain.com
Aliasname ....
Admin ......
</virtualhost>
and many other.
Some of them use shared ssl cert with *:443.

Now I want put separate public IP for ssl certs and domains.
When I change to test configuration with one public ip:
NameVirtualHost Public_IP:80
<Virtualhost Public_IP:80>
ServerName Domain.com
..
</virtualhost>

And try connect to server virtual domains, I got always first main server domain.

In the near future I will put load balancing I cannot use private IP in virtual hosts (<Virtualhost Private_IP Public_IP>.

What can cause this situation? Firewall with NAT? Or not correct conf for virtual domain.

I tried configuration on test local server (without NAT) and everything works, so it seems that the problem is caused by virtual host NAT settings or NAT firewall.

Regards,
Hans

jdMorgan

12:49 pm on Oct 25, 2007 (gmt 0)

Be sure your firewall/router is set to port-forward internet traffic for both port 80 and port 443 to the LAN IP address(es) of your server.

Jim

khans

2:22 pm on Oct 25, 2007 (gmt 0)

It is production server so ports are forwarded and working good for last 1 year.
I have problem only because I'm changing conf.

Regards,
Hans

jdMorgan

2:29 pm on Oct 25, 2007 (gmt 0)

Apache will use the first defined server if it fails to match any other. It is useful to set up this first server as a "catch-all" because of this - make it a "dummy" server that outputs a default page saying that the configuration file is incorrect.

Jim

khans

2:47 pm on Oct 25, 2007 (gmt 0)

I wonder why it cannot find any domains. I checked few books as well httpd -S, httpd -t. And everything seems ok.

Hans

khans

2:50 pm on Oct 25, 2007 (gmt 0)

It has to be caused that I put Ousite_Public_IP and the server is behind the NAT. Just no idea how to fixed it. I tried many strange conf. but nothing helped.

Hans

jdMorgan

2:56 pm on Oct 25, 2007 (gmt 0)

Apache should be configured to use the (fixed) LAN IP address defined for your server in its LAN setup -- and the same one to which you are port-forwarding.

Jim

khans

3:36 pm on Oct 25, 2007 (gmt 0)

I cannot use NAT IP as I will need have 2 the same configuration for load balancing, but tomorrow I will try put localhost IP with public IP.
Maybe it can help.

Regards,
Hans

jdMorgan

3:45 pm on Oct 25, 2007 (gmt 0)

Depending on where you do the load balancing, you'll either need two public IP addresses port-forwarded to two LAN IP addresses, or you can use just one public IP address and one LAN IP address, and reverse-proxy some of the load from one server to the other.

Jim

khans

1:19 am on Oct 26, 2007 (gmt 0)

Hi!
I do load balancing from pfsense. On pfsense I have many VIP, which are forwarded to internal servers in Pool(192.168.1.10,192.168.1.11 etc). The way how control panel is constructed doesn't allow me to do modification of IP addresses (everything is generated from database, I can only put addtional public IP's).
So I need have exactly the same config on all machines, what exclude using private IP for each server in virtual hosts.

Regards,
Hans