Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Varnish and Multiple servers and multiple ports

    General pfSense Questions
    3
    4
    2096
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CyanPixie last edited by

      Hi All,

      I am pretty new to pfsense since my Sophos server wasn't fitting my requirements I decided to give pfsense a whirl again.

      However, I am now trying to replicate some settings I have had with Sophos on pfsense, specifically presenting my web servers. The scenario is like this.

      Internal Server1 has a site on 80.
      Internal Server2 has 2 sites on 8080 and 8081 and I would like to publish them out as such on my public ip with another name.

      I have configured varnish as:
      Server 1 is fine and serving out on 80 on its own port on the internet ie mail.domain.com:80.

      However with Varnish I can only seem to serve the other websites as their own sites, eg bob.domain.com:80 and fred.domain.com:80 but I want them both to be bob.domain.com:8080 and bob.domain.com:8081.

      Are there any Varnish guru's out there who know how I can do this or am I using the wrong package or is this not possible at all on pfsense?

      I have searched the forums, but not seen a similar problem.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • F
        firewalluser last edited by

        How many fixed IP's at your disposal?
        How many domain names (not subdomains) at your disposal?
        What sort of webserver(s), ie IIS, Apache, NginX, something else are involved?

        Is MS Exchange webmail interface involved?

        Is Internal Server 1 a physical/virtual machine with its own lan ip address or a website?
        Same Q for Internal server 2?

        Whats the reasons for choosing Varnish?

        1 Reply Last reply Reply Quote 0
        • C
          CyanPixie last edited by

          Fixed IP - just the 1
          Domain Names - I have a few, but would like this all on just the one internet domain.
          Web Servers - they are Centos/Fedora servers, so Apache.
          No, there is no Exchange involved - it uses WAY too many resources!

          Yes, server 1 and server 2 use their own internal addresses.

          I chose Varnish since it looked like a good solution which might have been easier to use and might have worked well. I was looking at using the Squid3 reverse proxy, that would be if it would be a better solution. If there is another way, it would be appreciated if you could point me in the right direction.  ;D I am already using Squid for transparent proxy, so have had to put the Varnish listener on another port anyway.

          Thanks for listening.

          1 Reply Last reply Reply Quote 0
          • G
            gabe last edited by

            If I got it right, seems like a peculiar necessity.
            Anyway, I'd go with nginx + varnish (if you need caching) combination, and multiple subdomains also. Taking into consideration that remembering an URL is simpler than remembering a port number when it's about end-user interaction.
            But if you still want to go with varnish and in the way you want it, you need to put its daemon listening on all the ports you want (in your example, 80, 8080, 8081). Then define the all backends you have serving varnish. And, finally, you just set the flux and point the correct backend for the request, based on the server.port attribute. This last one done through the vcl_recv subroutine.

            I have no means to test it, but should be something like:

            sub vcl_recv {
              if (server.port == 8080) {
                set req.backend = webserver2;
              }
              elsif (server.port == 8081) {
                set req.backend = webserver3;
              }
              else {
                set req.backend = webserver1;
              }
            }
            

            This documentation can help you with it: https://www.varnish-cache.org/docs/trunk/users-guide/vcl-backends.html
            If it doesn't work, at least I hope it guides you to the right path. :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy