Hi there and many thanks for the great work creating this software My ISPConfig 3 is configured on a server with a public IP and CentOS 7 A domain example.com is pointing at the registrar to that public IP (both DNS1 and DNS2) How do I forward all the traffic of test.example.com to another local IP with an apache server but not an ISPConfig server? I tried with an A record but then when I ping test.example.com I get a response from the local IP even if I ping from outside of my LAN which is not good looking and impossible to issue a Let's Encrypt certificate Also tried to setup a new website as test.example.com which IPV4 is the the other apache server that I previously added on SYSTEM -> Server IP Addresses with or without selecting the option 'Network Configuration' at Server Config (tried both scenarios). It solves the ping issue because now it returns me the public IP but when accessing test.example.com it just lands on the example.com and do no load the other apache server Another try was to edit the /etc/httpd/conf/sites-available/test.example.com.vhost and change the IP to <VirtualHost APACHE_LOCAL_IP:80> but it does exactly the same as the previous try
I'm not sure what you really did there. How did you setup the websites, ISPConfig has an option to allow Wildcard vhosts ( set an asterisk instead of the IP to the vhost definition ). If you mix that up, e.g. setup a website using * and one using an IP will give you strange results. Use either the one or the other method, it's a sane way to disable wildcard option. What NS servers are in use for your domain, where did you set the A record, do the nameservers sync? check your domain/DNS for errors with https://mxtoolbox.com/domain/ Don't know if it applys however, your second part got me a littl confused, don't know what you want to achieve exactly
If you have to websites that are on two different servers and thus have different IP-addresses, like the first part of your message states, create two name service entries, so both website hostnames have an A record with the corresponding IP address. If this is not what you have, I am completely confused by your message, sorry about that. I second what @ztk.me wrote, I have great difficulties understanding what you have done. I answered just on another thread, maybe apply that answer also. https://www.howtoforge.com/community/threads/cant-establish-connection.79559/#post-376936
Sorry for not being clear about my goal. I have a well working example.com hosted at ISPConfig server and want to keep it as it is I need a subdomain of that example.com (test.example.com) to be processes by another apache server which has a proprietary software Both example.com and cloud.example.com should ping on the same public IP The example.com is configured at the registrar with ns1.example.com 1.1.1.1 and ns2.example.com 1.1.1.1 Let's say the public IP is 1.1.1.1 The ISPConfig server is on local IP 10.0.0.1 (DMZ on router from 1.1.1.1 to 10.0.0.1) The other apache server would be on local IP 10.0.0.2 If you go to example.com you browse the website hosted at ISPConfig server. A request is done to the registrar which points to 1.1.1.1 through ns1.example.com and ns2.example.com both with the same public IP (1.1.1.1) where a router is configured with a DMZ to 10.0.0.1 and you get the website back to your browser. This is working properly and is to keep as it is unless you think is wrong and suggest something else but my question is about the next paragraph not this one If you go to test.example.com you access a software that I do not want to be hosted at the ISPConfig server at all. So the registrar tells your browser to follow the ns1.example.com or ns2.example.com (1.1.1.1) but as soon as it lands on 10.0.0.1 (the ISPConfig server) it should route all the traffic to 10.0.0.2 without telling anything to the browser because it doesn't really need to know about that forward. Was that better?
I see, I guess you might want this https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html ( ProxyPassReverse ) and for nginx would be http://nginx.org/en/docs/http/ngx_http_upstream_module.html you should keep in mind the IP your application on 10.0.0.2 sees is 10.0.0.1 not the one of the real visitor, there are modules however to solve that issue, mod_rpaf as example. does that make sense to you? You could define apache options for the subdomain which tells apache to redirect every request to an upstream provider, same principle how php-fpm works for .php files handled by php-fpm daemon.
Code: a2enmod proxy use this for your subdomain options Code: ProxyPass "/" "http://10.0.0.2:80/" ProxyPassReverse "/" "http://10.0.0.2:80/" note that SSL is another chapter for this. and it should do the job. make sure your /etc/apache2/mods-enabled/proxy.conf has #ProxyRequests On so it is not turned on, Further reading http://brian.olore.net/wp/2013/07/when-proxypass-and-proxypassreverse-arent-enough/
That's exactly what I needed!! Just a few notes: - a2enmod doesn't seem to be available on apache 2.4 - The proxy modules configurations on my setup is at /etc/httpd/conf.modules.d/00-proxy.conf and do not include the ProxyRequests option but when I use it on the reverse proxy configuration file it makes the magic happen So I did not have to install anything because the two packages required (httpd; mod_ssl) where already installed Resuming I just had to create a file at /etc/httpd/conf.d/test.example.com.conf with the following lines: Code: <VirtualHost 10.0.0.1:80> ProxyRequests off ProxyPreserveHost On ProxyPass / http://10.0.0.2:80/ ProxyPassReverse / http://10.0.0.2:80/ </VirtualHost> and it works perfectly however I am messing around to make it work with SSL. Can you please give me some tips? Do I have to have the SSL files on the 10.0.0.1 or on the 10.0.0.2 or on both? What would be the right code to use? I tried many combinations from the link provided and some others that I found but no luck
thank you for the pointers on 2.4! For SSL reverse you need a domain you can CONNECT to, which could be anything. Either add the local IP to your public DNS or just add. /etc/hosts Code: 10.0.0.1 santas.helper.domain notes: - if you create your custom ssl-cert, make sure your CA is installed in your trusted database - you could abuse a real domain with LE-cert and remap that on your server ( use a domain from other server which this server never needs to curl/visit/check... ) and sync the cert - probably dozens of other stuff to come .... Code: <VirtualHost <IPor*_notboth_in_one_environment>:443> ServerName santas.helper.domain SSLProxyEngine On ProxyRequests off ProxyPreserveHost On ProxyPass / https://santas.helper.domain/ ProxyPassReverse / https://santas.helper.domain/ SSLEngine on SSLCertificateFile /etc/myssl/public.pem SSLCertificateKeyFile /etc/myssl/privkey.pem SSLCertificateChainFile /etc/myssl/chain-class2.pem </VirtualHost> note that is a very basic vhost file for ssl, not recommended for public webs Edit: you can play with Code: SSLProxyVerify none SSLProxyVerify optional https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxyengine I can't recommend using no cert, even for localhost