ISPConfig on main server, add virtual server

Discussion in 'General' started by toffie, Mar 5, 2021.

  1. toffie

    toffie Member

    Hey all,
    I have ISPConfig installed on my base Debian server and as I have beefed up the new development server I would like to run virtualbox machines on it and that is outside the scope of this thread - so don't worry about that.

    However, I'm wondering if I somehow can set the base Debian server ISPConfig installation to point a specific domain name to the virtualbox machine - on the same hardware server but obviously on another IP.

    My base Debian ISPConfig server is hosted on the network at 192.168.111.2 and the virtualbox machine have an IP of 192.168.111.25

    My base Debian ISPConfig has several domains configured such as dev1.domain.tld and dev2.domain.tld all working as it should. But I'd like to add say a wekan.domain.tld and this domain should be routed to the virtualbox machine.

    Is it so "simple" as to go to the administration tab DNS, Add DNS-Zone enter the domain wekan.domain.tld, set the IP to 192.168.111.25 and I'm done? Or do I need the nameserver entries as well? Could those be 192.168.111.2 (probably not) or should they be my external/public IP address to the server?

    Or do I need something completely different? It feels like I'm on the right track, but not completely sure.
    So I hope you guys can help me out as this type of configuration is completely new to me.

    Thanks in advance!

    EDIT
    Oh and secondary server will just be an Apache webserver without ISPConfig as I feel it should be a "simple" server. All domain configurations should be held by the base Debian ISPConfig server.
     
    Last edited: Mar 5, 2021
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I'm not sure I completely understand your setup, but probably is this easy. Although if this is public dns you need to add the public ip, not the private.
    A dns zone needs nameserver records, but an individual host in that zone does not.
     
    toffie likes this.
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    toffie likes this.
  4. toffie

    toffie Member

    Thanks guys! Well, I only have one public IP available, I could get more IPs from our ISP, but it would be easier if I just could route a domain through ISPconfig or even directly via Bind to another internal server machine.

    Not sure if HAProxy is the way to go, feels like it could interfere with ISPConfig and its DNS and various other settings. This would have to change the default ports of the main webserver and then HAProxy take those over and route to new ports. Doesn't feel right, but I understand how that is solved at least.

    I guess that the primary server, in this case the one running ISPConfig needs to route all the traffic through the server in order to get to the next "internal" server, which surely could decrease performance on both servers and the overall experience, even if its just by a little bit.
     
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    This is simply not how DNS works, so it is not possible through DNS.

    Maybe you can use virtual machines hosted with a external provider, which have their own public IP.
     
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    If you only have one IP, then whatever answers http/https on that would need to act as a reverse proxy and know where to send your various sites. You might be able to do that how I think you're intending, with ISPConfig-managed apache answering on your server, then proxy the single site to your virtual server. You'd need to look at what apache proxy_* modules are needed and will have to consider how to handle your ssl certificate, and list your public address in DNS. I'd stay away from haproxy on the ISPConfig machine; it could make sense if you eg. moved your public ip to a network proxy/firewall device.
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    HAProxy would be necessary for DNS, mail, etc.
     
  8. ahrasis

    ahrasis Well-Known Member

    It seems like your servers are behind a nat router with one public ip, so whether upgrade that to a good proxy router with balancing etc or use your debian server as web server and proxy at the same time. The later option is a little bit tougher though.
     
  9. toffie

    toffie Member

    Thanks guys! I looked more into proxying and found that this could actually be what I need. Also it seems that this is not available in ISPConfig GUI, could you confirm this?

    Finally, I figured that, why not use Apache as proxy to forward the traffic to my virtual machine? Turns out it works perfectly :)

    In the /etc/apache2/sites-enabled/000-default.conf I added the following lines;
    <VirtualHost *:80>
    ServerName wekan.domain.tld
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://192.168.111.13:8080/
    ProxyPassReverse / http://192.168.111.13:8080/
    </VirtualHost>

    Ran this command to enable the proxy functionality;
    a2enmod rewrite headers env dir mime proxy proxy_http

    And then restarted Apache and it works perfectly.

    This is also not a "production" environment, rather a development environment where "ugly" solutions are accepted. For our cloud services we use a completely different set of softwares which work for that setup. But for this development environment where I just want to tack on some more services, because I can and have the resources for it, I feel that "ugly" and manual solutions are quite ok.

    After doing these changes to 000-default.conf I figured I could just as well have added a 000-wekan.conf file and it would probably have worked just as well - haven't tried this, just a thought, but I guess it would work.

    All this was triggered by your replies guys and while a different solution could be better in some ways, I'm extremely happy with how this turned out and I would like to thank you all for both giving your time to try and help but also trigger me to learn something new :)
     
  10. ahrasis

    ahrasis Well-Known Member

    That's true but you can always have your work around ISPConfig if you want. Just think out of the box. ;)
     

Share This Page