Website forwarded to another apache server

Discussion in 'General' started by Manny Capri, Jul 21, 2018.

  1. Manny Capri

    Manny Capri New Member

    Hi there and many thanks for the great work creating this software

    My ISPConfig 3 is configured on a server with a public IP and CentOS 7
    A domain example.com is pointing at the registrar to that public IP (both DNS1 and DNS2)

    How do I forward all the traffic of test.example.com to another local IP with an apache server but not an ISPConfig server?

    I tried with an A record but then when I ping test.example.com I get a response from the local IP even if I ping from outside of my LAN which is not good looking and impossible to issue a Let's Encrypt certificate

    Also tried to setup a new website as test.example.com which IPV4 is the the other apache server that I previously added on SYSTEM -> Server IP Addresses with or without selecting the option 'Network Configuration' at Server Config (tried both scenarios). It solves the ping issue because now it returns me the public IP but when accessing test.example.com it just lands on the example.com and do no load the other apache server

    Another try was to edit the /etc/httpd/conf/sites-available/test.example.com.vhost and change the IP to <VirtualHost APACHE_LOCAL_IP:80> but it does exactly the same as the previous try
     
  2. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    I'm not sure what you really did there.
    How did you setup the websites, ISPConfig has an option to allow Wildcard vhosts ( set an asterisk instead of the IP to the vhost definition ).
    If you mix that up, e.g. setup a website using * and one using an IP will give you strange results. Use either the one or the other method, it's a sane way to disable wildcard option.

    What NS servers are in use for your domain, where did you set the A record, do the nameservers sync?
    check your domain/DNS for errors with
    https://mxtoolbox.com/domain/


    Don't know if it applys however, your second part got me a littl confused, don't know what you want to achieve exactly
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If you have to websites that are on two different servers and thus have different IP-addresses, like the first part of your message states, create two name service entries, so both website hostnames have an A record with the corresponding IP address.
    If this is not what you have, I am completely confused by your message, sorry about that. I second what @ztk.me wrote, I have great difficulties understanding what you have done.
    I answered just on another thread, maybe apply that answer also. https://www.howtoforge.com/community/threads/cant-establish-connection.79559/#post-376936
     
  4. Manny Capri

    Manny Capri New Member

    Sorry for not being clear about my goal.

    I have a well working example.com hosted at ISPConfig server and want to keep it as it is
    I need a subdomain of that example.com (test.example.com) to be processes by another apache server which has a proprietary software

    Both example.com and cloud.example.com should ping on the same public IP
    The example.com is configured at the registrar with ns1.example.com 1.1.1.1 and ns2.example.com 1.1.1.1
    Let's say the public IP is 1.1.1.1
    The ISPConfig server is on local IP 10.0.0.1 (DMZ on router from 1.1.1.1 to 10.0.0.1)
    The other apache server would be on local IP 10.0.0.2

    If you go to example.com you browse the website hosted at ISPConfig server. A request is done to the registrar which points to 1.1.1.1 through ns1.example.com and ns2.example.com both with the same public IP (1.1.1.1) where a router is configured with a DMZ to 10.0.0.1 and you get the website back to your browser. This is working properly and is to keep as it is unless you think is wrong and suggest something else but my question is about the next paragraph not this one

    If you go to test.example.com you access a software that I do not want to be hosted at the ISPConfig server at all. So the registrar tells your browser to follow the ns1.example.com or ns2.example.com (1.1.1.1) but as soon as it lands on 10.0.0.1 (the ISPConfig server) it should route all the traffic to 10.0.0.2 without telling anything to the browser because it doesn't really need to know about that forward.

    Was that better?
     
  5. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    I see, I guess you might want this https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html ( ProxyPassReverse )
    and for nginx would be http://nginx.org/en/docs/http/ngx_http_upstream_module.html
    you should keep in mind the IP your application on 10.0.0.2 sees is 10.0.0.1 not the one of the real visitor, there are modules however to solve that issue, mod_rpaf as example.

    does that make sense to you?

    You could define apache options for the subdomain which tells apache to redirect every request to an upstream provider, same principle how php-fpm works for .php files handled by php-fpm daemon.
     
    Manny Capri likes this.
  6. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    Last edited: Jul 21, 2018
    Manny Capri likes this.
  7. Manny Capri

    Manny Capri New Member

    That's exactly what I needed!!

    Just a few notes:
    - a2enmod doesn't seem to be available on apache 2.4
    - The proxy modules configurations on my setup is at /etc/httpd/conf.modules.d/00-proxy.conf and do not include the ProxyRequests option but when I use it on the reverse proxy configuration file it makes the magic happen

    So I did not have to install anything because the two packages required (httpd; mod_ssl) where already installed
    Resuming I just had to create a file at /etc/httpd/conf.d/test.example.com.conf with the following lines:
    Code:
    <VirtualHost 10.0.0.1:80>
        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass / http://10.0.0.2:80/
        ProxyPassReverse / http://10.0.0.2:80/
    </VirtualHost>
    and it works perfectly however I am messing around to make it work with SSL.
    Can you please give me some tips?
    Do I have to have the SSL files on the 10.0.0.1 or on the 10.0.0.2 or on both?
    What would be the right code to use?
    I tried many combinations from the link provided and some others that I found but no luck
     
  8. ztk.me

    ztk.me ISPConfig Developer ISPConfig Developer

    thank you for the pointers on 2.4!

    For SSL reverse you need a domain you can CONNECT to, which could be anything.
    Either add the local IP to your public DNS or just add.
    /etc/hosts
    Code:
    10.0.0.1 santas.helper.domain
    
    notes:
    - if you create your custom ssl-cert, make sure your CA is installed in your trusted database
    - you could abuse a real domain with LE-cert and remap that on your server ( use a domain from other server which this server never needs to curl/visit/check... ) and sync the cert
    - probably dozens of other stuff to come ....


    Code:
    <VirtualHost <IPor*_notboth_in_one_environment>:443>
        ServerName santas.helper.domain
     
        SSLProxyEngine On
        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass / https://santas.helper.domain/
        ProxyPassReverse / https://santas.helper.domain/
    
        SSLEngine on
        SSLCertificateFile /etc/myssl/public.pem
        SSLCertificateKeyFile /etc/myssl/privkey.pem
        SSLCertificateChainFile /etc/myssl/chain-class2.pem
    </VirtualHost>
    
    
    note that is a very basic vhost file for ssl, not recommended for public webs ;)


    Edit:
    you can play with
    Code:
    SSLProxyVerify none
    SSLProxyVerify optional
    
    https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxyengine
    I can't recommend using no cert, even for localhost
     
    Last edited: Jul 25, 2018

Share This Page