[oclug] Proxy, other away around?
bart-oclug at jukie.net
Mon Aug 13 09:37:54 EDT 2001
* hairymonster <hairymonster at home.com> [010813 01:01]:
> Apache Web Server 1 -------|
> (domain1.com) |--------IpMasq server
> IP 10.0.0.2 | IP 10.0.0.1/24.x.x.x
> Apache Web Server 2 -------|
> IP 10.0.0.3
As identified by <bbarnett at L8R.net> this is not a trivial thing to do.
Here are the choices I see you have:
1) by far the most trivial solution would be to set them up on individual
ports and setup you port forwarding accordingly. So when someone
types in domain1.com:80 or domain2.com:80 they will connect to 10.0.0.2
and :8080, for example, would create a connection to 10.0.0.3.
If you want to make the :80 vs :8080 distinction transparent to the user
then setup a 'Redirect' apache directive so that the client will only
have to go to the incorrect server once.
This is not the cleanest solution because it kills a little bit of
extra performance but it's dead simple to implement.
2) the second, but oodles more complicated than 1, in ease of implementation
is a reverse-proxy. A proxy usually allows internal machines to connect
to the outside as clients. A reverse-proxy will allow external clients
to connect to specific hosts depending on the GET directive in the http
protocol. In the corporate world this is also called a webswitch -- but
that must be patented so I will refrain from using that as I might get
This involves a bit of C hacking. You will need to write a proxy which
listens on the external port 80, reads enough of the header to discover
if the GET request is for one domain or the other and pass it to the
appropriate internal host.
The code should not be too complicated. I expect this to be about
1000 lines of C code. It does not need to be threaded and if you don't
expect more than 100 concurrent connections it should not be threaded.
No alterations should be done to the data flow. The reverse-proxy simply
looks at the request packet (the first few lines of text that the client
sends to the server) and looks it up in it's own DNS to determine which
internal IP to connect to. Then once a session is established it just
functions as a data pipe passing client data to the server and server
replies to the client.
You could be clever and setup 2 DNS servers. One on the outside which
makes a CNAME of domain1.com and domain2.com to the same server (your
access point). While the internal DNS would make domain1.com point to
10.0.0.2 and domain2.com point to 10.0.0.3.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20010813/e02c08b0/attachment.bin
More information about the OCLUG