Single public IP, 2 Domain reverse proxy



  • Hi,

    I am new to this forum so please be gentle with me  :)
    I have searched the PfSense forum but haven't been able to find the answer to my problem.

    I have 1 public IP address and want to manage 2 domains.  These need to be forwarded to the relevant web server based on domain name.

    For example:-

    www.aaa.com –-----> 192.168.0.150
    www.bbb.com -------> 1921.68.0.151

    Is this possible?  I can see that redirecting sub domains is possible but aren't sure about separate domain names.

    Thanks in advance for any help offered!

    Warren



  • It would be easier for you if the sites were hosted on the same server using virtual domains, but alas…

    Perhaps the HAProxy package?  I've never needed to use it but I think I remember others using it for this purpose.



  • Thanks for the speedy response KOM,

    Does anyone know if the HAPoxy package would work for this purpose?

    I would image this is a fairly common requirement and I don't mind creating a HowTo if someone can outline any possible solution.

    Thanks again,

    Warren



  • Haproxy can certainly determine a backend to use by examining the host header send in browser requests. Configure acl's(host matches) in the frontend for that. If its a different subdomain or a different tld does not matter..

    Though if you want the same with https then you cant get a wildcard cert that matches both domains for clients that dont send SNI information.. And will have to pick a 'default' cert to send to such clients..



  • Why not Squid3's reverse proxy?  That's what I'm doing with multiple no-ip.org domain names on different domains (name1.no-ip.org, name2.ddns.net, etc).


  • Banned

    @toddos:

    Why not Squid3's reverse proxy?

    Some people prefer small working packages to broken monstrosities. :P



  • Thanks for all your help guys,

    Does anyone have an example of how to get HAproxy up and running with multiple domains?
    I have searched the PfSense forum but seem to be getting lost with all the different advice.





  • Thanks for taking the time to write a quick guide PiBa, your a star!



  • @PiBa:

    I've put a small example together: https://docs.google.com/document/d/1YflytSq7P8oZBSCVUKWS1v2P0CdShbxeCsbTZ59JCRo/pub

    Hi PiBa, for some reason your example has been removed from google docs.
    Could you please post the document again?

    Thanks,
    Warren



  • For some reason the example was taken offline by google, ive asked them for verification why it was 'inappropriate'.. Anyway hereby attached as PDF..

    Edit 2015-07-02:
    Ive updated the document 'pfSenseHAProxy v2.zip' to include some information about HTTPS / SNI configuration for the backend selection.

    [pfSenseHAProxy v2.zip](/public/imported_attachments/1/pfSenseHAProxy v2.zip)



  • Same thing for squid3 reverse proxy (which doesn't seem that monstrous to me).  I skipped the parts about adding the Web Servers and Mappings, those guides are already written.


    Andy



  • @PiBa, I have been looking at your guide, and was wondering the ports you use on the Backend servers, are not standard ports, 80/443.
    When using HTTP you set the ports for 301+302 I see those 2 servers are on the same IP, but port 301 and 302, are they the listening ports on your actual webserver ??

    Thanks
    /Michael



  • Hi Michael,

    Yes those are listening on my 'webserver' / testbox.. When writing the guide i was using only 2 machines (1 pfSense & 1 webserver), where i indeed had the webserver listening on multiple ports with a different index.html served on each one just to check if the haproxy side of things was working properly. When using different webservers you could use port 80 or 443 on all of them and make the difference by their ip's. Or you could actually host multiple webapplications on different ports from 1 machine, while serving all of them on the 'outside' on the standard 80 / 443 ports. But a webserver could likely also accomplish that with configuring some virtualhosts..

    Anyway i hope this helps understand the screenshots a little better.. Sorry for the confusion.

    Latest 'doc' is currently available here (im still using those non standard ports there though ;) ): https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki

    Regards,
    PiBa-NL