Varnish and Multiple servers and multiple ports



  • Hi All,

    I am pretty new to pfsense since my Sophos server wasn't fitting my requirements I decided to give pfsense a whirl again.

    However, I am now trying to replicate some settings I have had with Sophos on pfsense, specifically presenting my web servers. The scenario is like this.

    Internal Server1 has a site on 80.
    Internal Server2 has 2 sites on 8080 and 8081 and I would like to publish them out as such on my public ip with another name.

    I have configured varnish as:
    Server 1 is fine and serving out on 80 on its own port on the internet ie mail.domain.com:80.

    However with Varnish I can only seem to serve the other websites as their own sites, eg bob.domain.com:80 and fred.domain.com:80 but I want them both to be bob.domain.com:8080 and bob.domain.com:8081.

    Are there any Varnish guru's out there who know how I can do this or am I using the wrong package or is this not possible at all on pfsense?

    I have searched the forums, but not seen a similar problem.

    Thanks!



  • How many fixed IP's at your disposal?
    How many domain names (not subdomains) at your disposal?
    What sort of webserver(s), ie IIS, Apache, NginX, something else are involved?

    Is MS Exchange webmail interface involved?

    Is Internal Server 1 a physical/virtual machine with its own lan ip address or a website?
    Same Q for Internal server 2?

    Whats the reasons for choosing Varnish?



  • Fixed IP - just the 1
    Domain Names - I have a few, but would like this all on just the one internet domain.
    Web Servers - they are Centos/Fedora servers, so Apache.
    No, there is no Exchange involved - it uses WAY too many resources!

    Yes, server 1 and server 2 use their own internal addresses.

    I chose Varnish since it looked like a good solution which might have been easier to use and might have worked well. I was looking at using the Squid3 reverse proxy, that would be if it would be a better solution. If there is another way, it would be appreciated if you could point me in the right direction.  ;D I am already using Squid for transparent proxy, so have had to put the Varnish listener on another port anyway.

    Thanks for listening.



  • If I got it right, seems like a peculiar necessity.
    Anyway, I'd go with nginx + varnish (if you need caching) combination, and multiple subdomains also. Taking into consideration that remembering an URL is simpler than remembering a port number when it's about end-user interaction.
    But if you still want to go with varnish and in the way you want it, you need to put its daemon listening on all the ports you want (in your example, 80, 8080, 8081). Then define the all backends you have serving varnish. And, finally, you just set the flux and point the correct backend for the request, based on the server.port attribute. This last one done through the vcl_recv subroutine.

    I have no means to test it, but should be something like:

    sub vcl_recv {
      if (server.port == 8080) {
        set req.backend = webserver2;
      }
      elsif (server.port == 8081) {
        set req.backend = webserver3;
      }
      else {
        set req.backend = webserver1;
      }
    }
    

    This documentation can help you with it: https://www.varnish-cache.org/docs/trunk/users-guide/vcl-backends.html
    If it doesn't work, at least I hope it guides you to the right path. :)