Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Varnish and Multiple servers and multiple ports

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CyanPixie
      last edited by

      Hi All,

      I am pretty new to pfsense since my Sophos server wasn't fitting my requirements I decided to give pfsense a whirl again.

      However, I am now trying to replicate some settings I have had with Sophos on pfsense, specifically presenting my web servers. The scenario is like this.

      Internal Server1 has a site on 80.
      Internal Server2 has 2 sites on 8080 and 8081 and I would like to publish them out as such on my public ip with another name.

      I have configured varnish as:
      Server 1 is fine and serving out on 80 on its own port on the internet ie mail.domain.com:80.

      However with Varnish I can only seem to serve the other websites as their own sites, eg bob.domain.com:80 and fred.domain.com:80 but I want them both to be bob.domain.com:8080 and bob.domain.com:8081.

      Are there any Varnish guru's out there who know how I can do this or am I using the wrong package or is this not possible at all on pfsense?

      I have searched the forums, but not seen a similar problem.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • F
        firewalluser
        last edited by

        How many fixed IP's at your disposal?
        How many domain names (not subdomains) at your disposal?
        What sort of webserver(s), ie IIS, Apache, NginX, something else are involved?

        Is MS Exchange webmail interface involved?

        Is Internal Server 1 a physical/virtual machine with its own lan ip address or a website?
        Same Q for Internal server 2?

        Whats the reasons for choosing Varnish?

        Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

        Asch Conformity, mainly the blind leading the blind.

        1 Reply Last reply Reply Quote 0
        • C
          CyanPixie
          last edited by

          Fixed IP - just the 1
          Domain Names - I have a few, but would like this all on just the one internet domain.
          Web Servers - they are Centos/Fedora servers, so Apache.
          No, there is no Exchange involved - it uses WAY too many resources!

          Yes, server 1 and server 2 use their own internal addresses.

          I chose Varnish since it looked like a good solution which might have been easier to use and might have worked well. I was looking at using the Squid3 reverse proxy, that would be if it would be a better solution. If there is another way, it would be appreciated if you could point me in the right direction.  ;D I am already using Squid for transparent proxy, so have had to put the Varnish listener on another port anyway.

          Thanks for listening.

          1 Reply Last reply Reply Quote 0
          • G
            gabe
            last edited by

            If I got it right, seems like a peculiar necessity.
            Anyway, I'd go with nginx + varnish (if you need caching) combination, and multiple subdomains also. Taking into consideration that remembering an URL is simpler than remembering a port number when it's about end-user interaction.
            But if you still want to go with varnish and in the way you want it, you need to put its daemon listening on all the ports you want (in your example, 80, 8080, 8081). Then define the all backends you have serving varnish. And, finally, you just set the flux and point the correct backend for the request, based on the server.port attribute. This last one done through the vcl_recv subroutine.

            I have no means to test it, but should be something like:

            sub vcl_recv {
  if (server.port == 8080) {
    set req.backend = webserver2;
  }
  elsif (server.port == 8081) {
    set req.backend = webserver3;
  }
  else {
    set req.backend = webserver1;
  }
}

            This documentation can help you with it: https://www.varnish-cache.org/docs/trunk/users-guide/vcl-backends.html
            If it doesn't work, at least I hope it guides you to the right path. :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.