From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 11 Mar 2004 - 15:16:10 GMT
On Thu, Mar 11, 2004 at 09:52:35AM -0500, Chris Besignano wrote:
> Each of my vservers will be running apache2, mysql, exim, pop3d, sshd,
> and proftpd. I will need to redirect requests to these services from
> external (internat) clients to each vserver. Has anyone written a howto
> explaining this type of setup, or, can someone explain to me how they
> have their box configured to do this. I am assuming this is how may web
> hosts have their servers configured so this isn't really a new thing.
no, that isn't the way how web hosts have their servers
configured ... there are basically two ways how it _is_
done currently (YMMV)
a) there are a number of IPs assigned for one machine
each vserver uses one (or more) IPs for their apache
and provide pages for this ip/domain
b) there is only one 'external' IP, and only one vserver
(or host) which runs apache, providing different
virtual domains on that single IP
and there is also the combination of both, which will
be the commonly used variant.
a specialized solution would be to use apache on the
host, bound to the external ip only, using a ruleset
forwarding requests based on the virtual host name
to other apaches running inside the virtual servers
this could be accomplished with a simple rewrite
rule set on the host apache (see mod_rewrite for
details)
HTH,
Herbert
> Thanks for the help.
>
> Herbert Poetzl wrote:
>
> >On Thu, Mar 11, 2004 at 08:41:09AM -0500, Chris Besignano wrote:
> >
> >
> >>I need to run a few different websites on my box using vservers. What
> >>method does everyone use to route the traffic from eth1 (externel
> >>interface, real ip) to the vservers bound to eth0 (internal ip,
> >>192.168.x.x network)?
> >>
> >>
> >
> >there is no way to _route_ traffic from eth1 to an
> >ip bound to eth0, what you want is to nat the
> >incomming connections to yield valid for the local
> >ips, for example:
> >
> >iptables -t nat -A PREROUTING --dst <ext-ip> -p tcp --dport 80
> > -j DNAT --to 192.168.0.1
> >
> >keep in mind, that you cannot access different web
> >servers (running on different hosts/vservers) through
> >one external ip/port unless you use a smart proxy,
> >which knows how to read and forward the HTTP requests
> >
> >if you want to reach the internet from a local ip
> >range, then you do similar on outgoing traffic:
> >
> >iptables -t nat -A POSTROUTING --src 192.168.0.1
> > -j SNAT --to <ext-ip>
> >
> >
> >
> >>Darryl Ross wrote:
> >>
> >>
> >>
> >>>Dariush Pietrzak wrote:
> >>>
> >>>
> >>>
> >>>>>services in the host to ONLY bind the host's IP address, instead of
> >>>>>all
> >>>>>
> >
> >that is what the v_* sysv scripts are for
> >(limiting _host_ services to just some ips)
> >
> >HTH,
> >Herbert
> >
> >
> >
> >>>>Not true.
> >>>>
> >>>>The whole point of vservers networking is that you can give some ip
> >>>>to thw
> >>>>whole server, and then when services inside bind to '0.0.0.0' they
> >>>>get anlo
> >>>>what was allocated for given vserver.
> >>>>If what you say was true, there wouldn't be much difference between
> >>>>vserver setup and chrooted services.
> >>>>
> >>>>
> >>>Did you read what he said??
> >>>
> >>>As per your quote above, emphasis is mine:
> >>>
> >>>
> >>>
> >>>>services in the __host__ to ONLY bind the __host's__ IP address
> >>>>
> >>>>
> >>>which is exactly what you want to do. If you need to run a service in
> >>>the host, as well as inside the vservers (eg, ssh), you need to tell
> >>>the host sshd to only bind to the main IP, not the IP addresses of all
> >>>the vservers.
> >>>
> >>>Cheers
> >>>Darryl
> >>>
> >>>
> >_______________________________________________
> >Vserver mailing list
> >Vserver_at_list.linux-vserver.org
> >http://list.linux-vserver.org/mailman/listinfo/vserver
> >
> >
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver