• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Hmmmm ... two IP and two web server ... has to be a way

L

LuckyTaxi

Diamond Member
Two external IP address ... firewall/router handles NAT that redirects the traffic to the specific web server

Running IIS on one server for faculty gradebook
Running Apache on another server to accomodate various web stuff

Now, I need to host another website, but I want to separate it from our current Apache server. This new server will
also run apache and I was going to assign it the additional IP address, but realized the IIS server is utilizing it!
So, port 80 for each IP address is assigned to its perspective server. I guess I am out of luck and will have to utilize virtualhost again?!
 
I'm not sure that I completely understand your questions. If you're asking if you only have two ip addresses available then you can only run two (and not three) servers you are correct. You can either use virtual hosts to make one of the existing machines serve it or cough up another IP for the new server, which I wouldn't think would be hard given you're already running nat.....
 
yea ... duh ... two IP and three servers doestn make any sense. i just dont wanna run students websites on the current bsd box
 
Use a different port for the new server, on one of the existing IPs. Set up NAT to forward that port to the new machine, so when someone connects to http://ipaddress:8181 or whatever, it gets sent to the new machine. Or change one of the existing machines to that port so the new one can use the standard port 80. It's easier to set up something like the faculty to access a non-standard port than to make it so everyone in the outside world who accesses your website goes to the non-standard port (though that can be done through DNS and port redirects).

What are you using for firewall/router? Does it have both of the IPs assigned to its external interface to allow NAT on them both? Should be easy to set up if that's the case.

 
hmmmmm ... faculty members access the page from their homes by typing in https://servername.domain.com
That's an SSl connection, I wonder if that server only handles port 443 and i can still use this IP address for port 80 and direct that to the new bsd box. but if this is the case wouldn't they have to type in ':443' at the end of the URL?
I have to doublecheck tomorrow.

its a watchguard firebox. very easy to administer. if all else fails i'll just slap the students website on the current bsd box. though i wanted to centralize that along with some other stuff like big brother and tripwire.
 
Certainly sounds like what needs to be done. The initial connection will always be on port 443 (as long as all components of the site use the secure port and not just something like an initial login), and then the server redirects the connection to a high-numbered port just like a web server, to allow port 443 to accept more connections. Port 80 should never even come into play. At least I don't think it should, I don't know that much about SSL. If only the authentication info goes to 443, then maybe it won't work...but I think it will.
 
Originally posted by: Lord Evermore
Certainly sounds like what needs to be done. The initial connection will always be on port 443 (as long as all components of the site use the secure port and not just something like an initial login), and then the server redirects the connection to a high-numbered port just like a web server, to allow port 443 to accept more connections. Port 80 should never even come into play. At least I don't think it should, I don't know that much about SSL. If only the authentication info goes to 443, then maybe it won't work...but I think it will.
Click to expand...


you are correct, im trying to think what we did. I remember we had to address the issue of not having to have ppl type in the :443. Now, let's take apache for example.

One can direct it to listen on whatever port you want. If it's different from the default (port 80), ppl would have to add the '😛ortnumber' correct? I assume the "httpS" automatically tells IIS to accept it based on port 443 and users don't actually have to type in :443. It's like using :80 for normal URLs.

I'll give it a try tomorrow.
 
Using https in a browser URL tells the browser to make the connection to port 443 on the remote server. If you have SSL running on your webserver, it listens on port 443. I suppose you could tell the server to listen on some other port, and then specify the port in the URL so that SSL will connect on a non-standard port, but by standard, anytime https is used it connects on 443 instead of 80. Nothing has to be done to make it go to port 443, the browser knows to do that.

Some routers can be configured so that when they do the NAT translation, they also translate the incoming port. So if a browser tried to connect on port 443, it could be redirected to port 55555 on the web server (with apache or IIS configured to listen on port 55555 for SSL connections), and then when the server responds it's translated again (but only for that one connection since the server redirects the port for the actual data transfer). There isn't any reason to do that in this case though.

So basically, if you're only using that IP for HTTPS transfers, then only port 443 should be in use, and only port 443 should be getting forwarded. Port 80 should be available, as long as there aren't any images or pages on the secure server which are being accessed through regular HTTP without SSL. You should just be able to forward port 80 to the new machine, and people can connect to the IP or domain name using http and reach the new server. If they use https, they get sent to the secure server.
 
If it's redirected to a different port on the same IP, the router can then serve all requests to an alternate webserver, which is what lilcam wanted, and is a way of handling the 2ips:3webservers problem.

Example:
Two ips: IP1 and IP2. IP2 is a teachers-only IIS box, and IP1 is a BSD+Apache box running another main site. They want to put a third server in to house websites for students, but don't want that box to run the main site as well.
IP1 resolves to: students.domain.com and www.domain.com. IP2 to teachers.domain.com.
Without this kind of vhosted setup:
- User must remember to use http://students.domain.com:8080 instead of just http://students.domain.com.

With it:
- User can just enter http://students.domain.com and will be automatically redirected to http://students.domain.com:8080.

That simplifies a lot of things IMHO, and is a better way of going about it than counting on a user to remember to append :8080 to the url... 🙂
 
You missed the part where the teacher's server is only https, so port 80 isn't even in use on that IP. So he just seems to need to forward port 80 to the new server.

If that wasn't the case, then yes he'd have to do something like a redirect, which is one option I mentioned before he specified the secure server for teachers.
 
This is why I love the ISA firewall so much.

I have four website published on the same IP, all port 80. Web Publishing on ISA is awsome.


Back on topic, I think making the sites SSL is an easy way to solve your issue and make the site more secure.
 
Use apache's "Virtual Hosts" functionality. You need to have a DNS name for each website, but you can point multiple domain names to the same IP address. And if it is running apache, you can configure it (httpd.conf file) to allow each DNS name to point to its own website....

Example in httpd.conf file at the end:
### Section 3: Virtual Hosts
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
#NameVirtualHost *
NameVirtualHost your_IP_here

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *>
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
<VirtualHost your_ip_here>
DocumentRoot /usr/local/apache/publish/websitefilesone
ServerName dns_name_for_site_one
ErrorLog /usr/local/apache/logs/websiteone_error_log
CustomLog /usr/local/apache/logs/websiteone_access_log common
</VirtualHost>

<VirtualHost your_IP_here>
DocumentRoot /usr/local/apache/publish/websitetwo
ServerName dns_name_website_two
ErrorLog /usr/local/apache/logs/websitetwo_error_log
CustomLog /usr/local/apache/logs/websitetwo_access_log common
</VirtualHost>
 
Okay, I'll say that having the information could be useful if anybody else is ever wondering how to run two servers on port 80 on one IP (not that anybody ever uses Search or could find it based on this title), but I do have to point out again that this is not the situation being discussed here, and the solution he needed is already in place and working.
 
You must log in or register to reply here.
Back
Top