Welcome to WebmasterWorld Guest from 34.229.24.100

Forum Moderators: phranque

Message Too Old, No Replies

multiple domains, multiple ip addresses, same webserver

Is it possible?

     
8:14 pm on Sep 19, 2003 (gmt 0)

Full Member

10+ Year Member

joined:June 24, 2002
posts:304
votes: 0


Here's one for you admin gurus.

I have multiple domains, multiple ip addresses. I want to set them up on just one webserver. Is this possible?

I know that you can make a virtual domain for webservers, and the request that comes from the browser defines to that webserver which domain it wants. But that is not what I want.

I want to know if a browser resolves a domain name to a certain ip address and the request comes down on that ip address to the webserver, then could the webserver logic say "ok, this request came for this ip address so I will send it this site information".

I am currently running tomcat standalone, but am interested in either that or just apache, or whatever, just to know if it is possible.

Thanks in advance.

Zuko

8:52 pm on Sept 19, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 11, 2003
posts:442
votes: 0


We're doing exactly this on Apache. If you have specific questions about this type of setup, let me know.

We're not doing anything special that I can think of to make this work.

9:36 pm on Sept 19, 2003 (gmt 0)

Full Member

10+ Year Member

joined:June 24, 2002
posts:304
votes: 0


Hey Marcs,
Thanks for the reply.

Please let me know if you're doing this with vitrual domains.

I have no problem setting this up on the same ip address, I just want to do this so that certain domains respond to certain ip address requests.

What are you using to configure this? I know the way that I don't want to do it is called "virtual domains". What would be the terminology for this technique?

Thanks again in advance.

Zuko

9:42 pm on Sept 19, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member txbakers is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Sept 1, 2001
posts:4392
votes: 0


I have an interest in this topic as well - I'm on IIS and need to start using SSL Certificates for my various websites on the one server.

I still can't understand how my behind the firewall server can have unique external IP addresss and still be behind the router/firewall.

9:43 pm on Sept 19, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 11, 2003
posts:442
votes: 0


You will want to use virtual hosts :

<virtualhost www.your_site.com>
ServerAdmin webmaster@your_site.com
ServerName www.your_site.com
DocumentRoot /www/htdocs/your_site
TransferLog logs/your_site-access-log
</virtualhost>

9:44 pm on Sept 19, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 11, 2003
posts:442
votes: 0


I still can't understand how my behind the firewall server can have unique external IP addresss and still be behind the router/firewall.

Your firewall/router simply needs to know where (what machine) to send traffic for those IPs to.

9:50 pm on Sept 19, 2003 (gmt 0)

Full Member

10+ Year Member

joined:June 24, 2002
posts:304
votes: 0



txbakers,
be sure to open up port 443 on your firewall for the ssl communication on those external ip addresses as well.

Marcs,
One last question.

IF you type in a browser the request: [ip.ip.ip.ip...]

where ip.ip.ip.ip is the ip address of each individual website, do you get each respective website that those ip's resolve to from the domain name?

Thanks again.

Zuko

9:58 pm on Sept 19, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member txbakers is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Sept 1, 2001
posts:4392
votes: 0


The router takes one WAN IP address, and then we forward port 80 requests to the IP address of the web server. Right now it's one machine and I'm using Host Headers.

When I buy multiple IPs they will be outside the firewall, but the internal machine still will have 1.

10:04 pm on Sept 19, 2003 (gmt 0)

Full Member

10+ Year Member

joined:June 24, 2002
posts:304
votes: 0


txbakers,
Might want to assign multiple internal ip addresses to that webserver.

each internal address will be configured on the webserver to serve each respective site. (This is my original howto question that I am still looking for the anwser, otherwise just use hostnames, and use 1 internal address, and for that matter, just use 1 public ip address for all of the domains if you cannot figure out how to configure the webserver to serve sites based on the ip rather than the domain name)

setup pinholes in the firewall where requests for public ip address A on port 80 and 443, go to internal address A, requests form public ip address B, etc.....

make sure though that you open up port 443 or SSL communications will not work.

Zuko

1:19 am on Sept 20, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 16, 2000
posts:122
votes: 0


I have multiple domains, multiple ip addresses. I want to set them up on just one webserver. Is this possible

Yes it is possible. Bind uses the domain's zone file to resolve an IP to a domain name, so each IP can resolve to a different domain. SSL sites must have a unique IP to work correctly.

I want to know if a browser resolves a domain name to a certain ip address and the request comes down on that ip address to the webserver, then could the webserver logic say "ok, this request came for this ip address so I will send it this site information".

If the browser requested an IP address, and only one domain resolved to that IP, the correct information would be returned, unless the webserver was configured to return something else for the requested IP.
4:49 am on Sept 25, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:May 22, 2003
posts:61
votes: 0


With IIS (Internet Information Server OR Services), there is a feature called "host headers". What that allows you to do is have multiple domains on a single IP address. IIS will take the requests for various domain names and, even though all of those domains utilize the same IP address, it will direct the request to the appropriate site. No need for virtual domains. You can run many sites on 1 IP, 1 connection, etc.

IIS support SSL certificates for each site as well.

It works great.

5:01 am on Sept 25, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:May 22, 2003
posts:61
votes: 0


txbakers,

I don't know if you understood what zuko105 was saying there or if you even need this at all. Thought this might be a little easier put.

Your firewall has both an External IP and an Internal IP (192.168.0.1 or something). All requests from outside world would enter your firewall via the External IP, however, the firewall/router has the ability to map those requests to internal addresses (192.168.0.2 or something) via it's Internal IP. Your site still appears as External to the visitor, but your router appears as local to your network.

Did that even make sense?

1:48 pm on Sept 25, 2003 (gmt 0)

Full Member

10+ Year Member

joined:June 24, 2002
posts:304
votes: 0


Kudos Davegerard,
That was a much better explanation than mine.

Zuko

2:03 pm on Sept 25, 2003 (gmt 0)

Administrator from CA 

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 8, 2003
posts:3883
votes: 61


When I buy multiple IPs they will be outside the firewall, but the internal machine still will have 1.

Can't do that, tx. You'll need to assign seperate internal IPs for every site on the machine.

You can't use host headers with SSL. Chicken-and-egg problem - the server needs to secure the connection before it gets to the point where the HTTP headers are transmitted. And if it doesn't know which site is being requested, it won't use the proper certificate.

tx, You'll need to do One-to-One NAT mapping on the PIX. Basically, let's assume you have an internal class C of 10.10.10.10.0/24, and your provider assigned you 192.168.0.0/24 (I realize this is private space, but follow me for a sec). Check it:

Let's assume your DNS has the following entries:

192.168.0.3 - www.widgetco.com
192.168.0.4 - www.pearlwidgets.com
192.168.0.5 - www.widgetsandmore.com
192.168.0.6 - www.bankofjake.com

When you set up the PIX, this will remain unchanged - you'll still assign live IP addresses in DNS. You'll tell your PIX to do one to one NAT mapping, like so:

192.168.0.3 - 10.10.10.3
192.168.0.4 - 10.10.10.4
192.168.0.5 - 10.10.10.5
192.168.0.6 - 10.10.10.6

And then, you'll set your server up with the internal (10.x) addresses. The actual commands used for the PIX are fairly trivial, but probably outside the scope of this topic.

12:43 am on Oct 8, 2003 (gmt 0)

New User

10+ Year Member

joined:Oct 8, 2003
posts:2
votes: 0


I am in the same situation. Our programmers are working on the project using one Windows 2003 server to host mutilple web sites, each having an unique external ip.. Without a firewall, we can browse the unique web site using [ip.ip.ip.ip....] My job is the hardware and OS. My problem is looking for a firewall, allowing MANY to ONE NAT. Can anyone recommand such firewall or router with firewall?
12:49 am on Oct 8, 2003 (gmt 0)

Administrator from CA 

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 8, 2003
posts:3883
votes: 61


MANY to ONE NAT

I'd do one-to-one with a lot of IP addresses, much like I've described above. You can get as many internal addresses as you need from the available private space that's been allocated by IANA.

Oh, and pretty much any commercial (real) firewall will do what you're looking for. I'm a fan of the PIX for solid-state stuff, and like to roll my own BSD boxes on occasion as well.

2:31 am on Oct 8, 2003 (gmt 0)

New User

10+ Year Member

joined:Oct 8, 2003
posts:2
votes: 0


Bakedjake,

Can you recommand a least price PIX for my project? So far I have only used a PIX 501.

We really want to use one server to do the job.