Multiple domains, one IP



  • Hi experts.

    I have a question in regards to pfSense which I hope you can answer with a yes or a no (if the answer is yes some pointer would be appreciated).

    If I have multiple domains, say xyz.com and zyx.com which all point to the same official IP on the WAN side of pfSense, can I use pfSense to redirect the traffic to a specified server internally (running multiple servers internally in Vmware) based on what domain the request originated from ?

    I.e if the request goes to xyz.com it is redirected to a webserver running at 192.168.1.5 listening on port 80, but if the request comes to zyx.com it is redirected to 192.168.1.6 with a webserver listening on port 80.

    Thanks in advance for your replies.



  • I think the package HA-proxy can do that.



  • I cannot seem to find that package in 1.2.3 packagemanager atleast.


  • Rebel Alliance Developer Netgate

    It's there, under "haproxy". The lower case entries are sorted after the upper case (this is fixed in 2.0)



  • I'm somewhat confused as if I'm doing this right.

    I can't really see a place in the HAProxy GUI-frontend where I specify the exact domain name that I'm wanting it to pass to which host.
    And I guess I don't need to NAT the ports on top of the HAProxy ?

    The config looks like

    /var/etc/haproxy.cfg file contents: 
    global
    	maxconn			5000
    	uid			80
    	gid			80
    	nbproc			2
    	chroot			/var/empty
    	daemon
    
    frontend www.zyx.com-merged
    	bind			88.84.x.x:80
    	mode			http
    	log			global
    	option			dontlognull
    	maxconn			5000
    	clitimeout		30000
    	default_backend		Gaara_http
    
    backend Gaara_http
    	mode			http
    	balance			roundrobin
    	contimeout		30000
    	srvtimeout		30000
    	option			httpchk HEAD / HTTP/1.0
    	server			Gaara 192.168.2.244:80   check inter 1000  weight 1000
    
    backend Wero_http
    	mode			http
    	balance			roundrobin
    	contimeout		30000
    	srvtimeout		30000
    	option			httpchk HEAD / HTTP/1.0
    	server			Wero 192.168.2.228:80   check inter 1000  weight 1000
    


  • Shameless self-bump, hoping someone has some insight.



  • I know of a site that uses Wampserver on one machine to serve a dozen sites…  Are you talking one server or several behind your router?



  • Currently I have a vmware server running behind my pfsense, with currently three different servers with different services (ssh, apache, ftp, etc).
    And the problem is I only have one official IP from my ISP.

    So the case is I want xyz.com to be redirected to server 1 regardless of service requested, and zxy.com to be redirected to server 2 regardless of service requested.
    (As long as I have specified the service).


  • Rebel Alliance Developer Netgate

    @eirikz:

    Currently I have a vmware server running behind my pfsense, with currently three different servers with different services (ssh, apache, ftp, etc).
    And the problem is I only have one official IP from my ISP.

    So the case is I want xyz.com to be redirected to server 1 regardless of service requested, and zxy.com to be redirected to server 2 regardless of service requested.
    (As long as I have specified the service).

    That will not work. The only reason it could work with HTTP is because it sends a host header that a proxy can deal with. SSH, FTP, and most other protocols do not work that way.



  • Jim's right, but as an add-on: The only workaround for this with one external IP is to use nonstandard ports and forward them to the services on each box. So port 22 for SSH to internal server 1, port 222 (or take your pick) for SSH to internal server 2, etc. FTP may not work properly at all doing this but it might, I haven't tested it. SSH and HTTP you can for sure, just have to make sure to access it at the nonstandard port. pfSense can translate a nonstandard external port to a standard internal one so you don't need to change the servers themselves to do this.



  • Yeah, that's the config I have per today, I will have to try with multiple interfaces to see how many IP's I can squeeze out of my ISP.


  • Banned

    Use a L7 capable box behind PFSense…..



  • Just a question. If they are all running on the same machine why not use apache virtual hosts? Security concerns?



  • Not the same machine, different virtual machines running under ESX Vsphere.



  • Guess you are going to need your own subnet then.


Log in to reply