[oclug] Proxy, other away around?

Bart Trojanowski bart-oclug at jukie.net
Mon Aug 13 09:37:54 EDT 2001 

* hairymonster <hairymonster at home.com> [010813 01:01]:
> Apache Web Server 1 -------|
> (domain1.com)              |--------IpMasq server
> IP 10.0.0.2                |        IP 10.0.0.1/24.x.x.x
>                            |
> Apache Web Server 2 -------|
> (domain2.com)
> IP 10.0.0.3

As identified by <bbarnett at L8R.net> this is not a trivial thing to do.
Here are the choices I see you have:

1) by far the most trivial solution would be to set them up on individual
  ports and setup you port forwarding accordingly.  So when someone 
  types in domain1.com:80 or domain2.com:80 they will connect to 10.0.0.2
  and :8080, for example, would create a connection to 10.0.0.3.

  If you want to make the :80 vs :8080 distinction transparent to the user
  then setup a 'Redirect' apache directive so that the client will only
  have to go to the incorrect server once.

  This is not the cleanest solution because it kills a little bit of
  extra performance but it's dead simple to implement.

2) the second, but oodles more complicated than 1, in ease of implementation
  is a reverse-proxy.  A proxy usually allows internal machines to connect
  to the outside as clients.  A reverse-proxy will allow external clients
  to connect to specific hosts depending on the GET directive in the http
  protocol.  In the corporate world this is also called a webswitch -- but
  that must be patented so I will refrain from using that as I might get
  sued :)

  This involves a bit of C hacking.  You will need to write a proxy which
  listens on the external port 80, reads enough of the header to discover
  if the GET request is for one domain or the other and pass it to the
  appropriate internal host.

  The code should not be too complicated.  I expect this to be about
  1000 lines of C code.  It does not need to be threaded and if you don't
  expect more than 100 concurrent connections it should not be threaded.
  
  No alterations should be done to the data flow.  The reverse-proxy simply
  looks at the request packet (the first few lines of text that the client
  sends to the server) and looks it up in it's own DNS to determine which
  internal IP to connect to.  Then once a session is established it just
  functions as a data pipe passing client data to the server and server
  replies to the client.

  You could be clever and setup 2 DNS servers.  One on the outside which 
  makes a CNAME of domain1.com and domain2.com to the same server (your
  access point).  While the internal DNS would make domain1.com point to
  10.0.0.2 and domain2.com point to 10.0.0.3.

Bart.

-- 
				WebSig: http://www.jukie.net/~bart/sig/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20010813/e02c08b0/attachment.bin

More information about the OCLUG mailing list