Websites Publishing



  • Dear Guys,
    Please I need an idea for the following:
    if I have 2 websites in 2 different servers (locally) and both of them with the same port 443. So, How can I publish them to the internet ?
    Example:
    https://site1.mydomain.com - local IP 172.16.20.2
    https://site2.mydomain.com - local IP 172.16.20.3
    Note that I have 1 WAN with a single static IP
    Thanks



  • 😊

    Very old question.
    The answer is always the same : you can't.

    Visitor from Internet will have "site1.mydomain.com" and "site2.mydomain.com" at their disposal and you insist of having both the same IPv4 "a.b.c.d" for these two URL's.
    So, the users - their browsers, wind up using a.b.c.d:443 where 443 is without any discussion - explanations not needed.

    IPv4 NAT rules won't help you here.

    @mohkhalifa said in Websites Publishing:

    How can I publish them to the internet ?

    You said you have a domain called mydomain.com , right ?
    You actually have nothing - the only thing you have is the possibility to administer where "mydomain.com" points to, among others. You do this with the - probably - GUI interface the domain registrar made accessible to you. You rent "mydomain.com', you never actually own it as such a concept doesn't exist on the net.

    site1.mydomain.com has to go to 172.16.20.2
    site2.mydomain.com has to go to 172.16.20.3

    I never used it Have a - very long - look at this package :

    57b1aa39-76cb-45ae-9055-1b31c26dc928-image.png

    (or the devel version, don't know what the real difference is)

    At the end, you will for yourself certify this rule :

    Web, domain, mail, VOIP based, games, etc servers belong in what been called a dedicated, VPS, cloud or whatever. While doing so, every domain name will have it's own IPv4 - and it's own IPv6.

    And you probably already know : "http" fades out. IPv4 fades out.

    It's probably a "boy's dream" to host a web site on your on premisses, everybody has done it ones to see if it could be done. And yes, you can be 'part' of the Internet, at least web based part. As you would find out the reasons why actually do not want to do that (any more).
    If you manage to host at 'your place' a domain server (a special DNS server) or a mail server : your close to become an real expert ^^



  • @Gertjan said in Websites Publishing:

    Very old question.
    The answer is always the same : you can't.
    Visitor from Internet will have "site1.mydomain.com" and "site2.mydomain.com" at their disposal and you insist of having both the same IPv4 "a.b.c.d" for these two URL's.
    So, the users - their browsers, wind up using a.b.c.d:443 where 443 is without any discussion - explanations not needed.

    Actually, it is possible. The headers contain the URL for the site. With deep packet inspection, you can read that and process accordingly.



  • @JKnott said in Websites Publishing:

    Actually, it is possible. The headers contain the URL for the site. With deep packet inspection, you can read that and process accordingly.

    allright .... no we are talkin expert level ....

    WTF r u crazy ?
    but hell yeah i like that idea .... kinda sort of konfig everybody loves ;)

    but serious....
    the answer as @Gertjan told is haProxy / letsEnrypt WildCard / and some DNS records

    am i missin some of the fun ?



  • @noplan said in Websites Publishing:

    am i missin some of the fun ?

    You're spot-on.

    @JKnott : Inspecting packets -means MITM on https. That's even for experts 'hard'.
    Many have been sent into the this proxy forest. Very few came back.



  • @Gertjan

    Lights on !
    oh yeahh sing it loud n proud

    MITM ....

    @mohkhalifa do not walk down this trail !

    br NP





  • @JKnott said in Websites Publishing:

    @Gertjan

    Rewriting URLs to host multiple domains on a single IP address with Apache

    👍

    I run myself Apache2 with a couple of domain names, using for each domain name an IPv4 and an IPv6.
    ( but I have no NAT neither firewall or comparable in front of my servers )

    When I saw the local .2 and .3 I defaulted to think of two individual devices, each running a web server like Apache2.
    It could be a unique server with 2 IP's, using a single Apache2 instance, with two 'virtual' web servers, each serving one individual IP. But mapping two local IP"s to the same device makes no sense, as everything is behind a NAT anyway.



  • @Gertjan

    My understanding is that multiple URLs point to the same IP address and then Apache sorts things out, using the host name from the header. As it says in that article "Instead, you can use one of Apache's less well-known features to host multiple domains on a single IP address". To me, that means multiple URLs point to 1 address on one server. That can be done by using the URL that's part of the header. Look at the host field here where it says "The domain name of the server (for virtual hosting)". That is what Apache uses to sort out the different server requests to the same IP address.



  • @mohkhalifa
    It will be easy if you host both websites in one server.
    What is the web server you are using ?
    If it supports SNI, then you can host 2 https site with the same TCP 443 port.
    Yes, as @Gertjan @JKnott already mentioned before in this thread, they had just told you how to get it done when they are chatting.



  • I do this a lot when I don't have enough public IP addresses for my (client's) needs. It's not convenient, but you can do this by making the requester use a custom port number - let's say port 444 instead of 443. On the firewall, you not only forward port 444 to a different IP than 443, you also port-translate it from 444 to 443 - that way you don't have to modify the server to actually listen on 444 unless you want to. (Might want to if accessing the server from the inside).

    From the outside, this can be transparent to the users if they can click on a link that redirects them to the URL with port 444. If they have to manually type that into the URL, it can work, but it's ugly and users will get it wrong.

    Alternatively, as has been suggested, put both websites on the same server and use host headers to get to the correct site.


  • LAYER 8

    i don't understand where is the problem
    i'm actually doing that kind of config with haproxy
    i have www on a ubuntu server, grafana on raspberry and owncloud on another virtual machine

    www 172.17.0.100
    grafana 192.168.10.202
    cloud 172.17.0.99

    the domain is always kiokoman.eu.org
    haproxy is sending the request to the right server based on 'host start with'

    and i have only one public ip 217.133.80.167



  • @kiokoman

    I believe the original post was about having 2 independent servers, with different domain names on 1 IP address. That article I linked to describes how to do that.



  • Dear All,
    Please note as I described, I have 2 servers (Citrix XenApp and VMware Horizon) and need to publish them to the internet. So, Is there a direct and easy way to do it ?
    Thanks



  • @kiokoman mentionned your best choice :
    HA-proxy.

    It will receive traffic for both URLs - unpack the TLS traffic, and, upon detection of the corresponding URL used, send the traffic to the correct internal LA based server.
    This will cover everything for you except the word 'easy' ....

    See the YouTube>Netgate>haproxy video - and several others.


Log in to reply