Multiple domains, one IP
-
Hi experts.
I have a question in regards to pfSense which I hope you can answer with a yes or a no (if the answer is yes some pointer would be appreciated).
If I have multiple domains, say xyz.com and zyx.com which all point to the same official IP on the WAN side of pfSense, can I use pfSense to redirect the traffic to a specified server internally (running multiple servers internally in Vmware) based on what domain the request originated from ?
I.e if the request goes to xyz.com it is redirected to a webserver running at 192.168.1.5 listening on port 80, but if the request comes to zyx.com it is redirected to 192.168.1.6 with a webserver listening on port 80.
Thanks in advance for your replies.
-
I think the package HA-proxy can do that.
-
I cannot seem to find that package in 1.2.3 packagemanager atleast.
-
It's there, under "haproxy". The lower case entries are sorted after the upper case (this is fixed in 2.0)
-
I'm somewhat confused as if I'm doing this right.
I can't really see a place in the HAProxy GUI-frontend where I specify the exact domain name that I'm wanting it to pass to which host.
And I guess I don't need to NAT the ports on top of the HAProxy ?The config looks like
/var/etc/haproxy.cfg file contents: global maxconn 5000 uid 80 gid 80 nbproc 2 chroot /var/empty daemon frontend www.zyx.com-merged bind 88.84.x.x:80 mode http log global option dontlognull maxconn 5000 clitimeout 30000 default_backend Gaara_http backend Gaara_http mode http balance roundrobin contimeout 30000 srvtimeout 30000 option httpchk HEAD / HTTP/1.0 server Gaara 192.168.2.244:80 check inter 1000 weight 1000 backend Wero_http mode http balance roundrobin contimeout 30000 srvtimeout 30000 option httpchk HEAD / HTTP/1.0 server Wero 192.168.2.228:80 check inter 1000 weight 1000 -
Shameless self-bump, hoping someone has some insight.
-
I know of a site that uses Wampserver on one machine to serve a dozen sites… Are you talking one server or several behind your router?
-
Currently I have a vmware server running behind my pfsense, with currently three different servers with different services (ssh, apache, ftp, etc).
And the problem is I only have one official IP from my ISP.So the case is I want xyz.com to be redirected to server 1 regardless of service requested, and zxy.com to be redirected to server 2 regardless of service requested.
(As long as I have specified the service). -
Currently I have a vmware server running behind my pfsense, with currently three different servers with different services (ssh, apache, ftp, etc).
And the problem is I only have one official IP from my ISP.So the case is I want xyz.com to be redirected to server 1 regardless of service requested, and zxy.com to be redirected to server 2 regardless of service requested.
(As long as I have specified the service).That will not work. The only reason it could work with HTTP is because it sends a host header that a proxy can deal with. SSH, FTP, and most other protocols do not work that way.
-
Jim's right, but as an add-on: The only workaround for this with one external IP is to use nonstandard ports and forward them to the services on each box. So port 22 for SSH to internal server 1, port 222 (or take your pick) for SSH to internal server 2, etc. FTP may not work properly at all doing this but it might, I haven't tested it. SSH and HTTP you can for sure, just have to make sure to access it at the nonstandard port. pfSense can translate a nonstandard external port to a standard internal one so you don't need to change the servers themselves to do this.
-
Yeah, that's the config I have per today, I will have to try with multiple interfaces to see how many IP's I can squeeze out of my ISP.
-
Use a L7 capable box behind PFSense…..
-
Just a question. If they are all running on the same machine why not use apache virtual hosts? Security concerns?
-
Not the same machine, different virtual machines running under ESX Vsphere.
-
Guess you are going to need your own subnet then.
