-1

I have a website, mydomain.com. I want to be able to access an internal server through a subdomain of that website, server.mydomain.com. I setup a dns for that server through Windows 2003 so that I can type server.mydomain.com into the address bar and it will resolve as the corresponding apache server, however this only works while inside the network.

My ultimate goal is to setup a https://server.mydomain.com that will route to my apache server so i can access svn and trac that are running on that machine.

Any advice for getting this to happen?

shagism
  • 105
  • 1
  • 3
  • 8
  • I think I figured it out from one of the answers below. I needed to create an "A" record for my subdomain that points to my public IP and then NAT that particular connection to the local server – shagism Nov 23 '10 at 00:02

3 Answers3

1
  • Configure NAT on the router (public ip to servers private IP). Setup the appropriate ACL's while you're at it (e.g. only allow port 80, etc...).
  • Configure public DNS to point the subdomain to the public IP used in the step above. Configure internal DNS to point to the private IP.
CurtM
  • 2,960
  • 1
  • 17
  • 11
  • While all of these ideas are wonderful, I am not sure how to do many of them. My router is my server (Windows 2003), I believe I have setup a subdomain that is pointing toward my private IP address belonging to my other server. – shagism Nov 22 '10 at 22:30
  • Ok, so if your Windows 2003 server is acting as your router, you'll need to configure it to perform NAT in order for Internet based clients to reach your internal Apache server. Here's an article that explains that process. http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html You'll also still need to configure an "A" record with your public DNS provider that points to the IP you configure to NAT to your Apache server. Let me know if that helps, and if you need specifics on other steps. – CurtM Nov 22 '10 at 22:36
  • Thanks, this is helpful. I will read the article and then attempt to solve this. – shagism Nov 22 '10 at 23:14
  • Okay, after reading the article I have done those exact things, but I have not configured an "A" record with my public DNS provider that points to the IP I configure to NAT to my Apache server. So, I need to contact my ISP? – shagism Nov 22 '10 at 23:18
  • Correct, if your ISP also manages your DNS that's who you'll need to work with to get that A records registered and visible to internet based clients. Also - as a test of the NAT configuration, you should be able to reach the apache server by external IP from outside your network as well. – CurtM Nov 22 '10 at 23:28
  • Okay, with your help I have managed to get access from outside my internal network. The problem now is that I have access to server.mydomain.com and it gives the standard apache "It Works!" but when I try to access server.mydomain.com/trac to see the trac site on this server it just hangs and never resolves – shagism Nov 22 '10 at 23:46
  • Ok, so did you get access externally by the hostname or by the IP address? If it was by the IP address, it's possible apache's looking for the http header (subdomain.mydomain.local) in order to route to the proper virtual directory. If it's by hostname, and that same hostname works just fine internally, I'm at a loss (at least initially). – CurtM Nov 22 '10 at 23:53
  • Okay, that is an acceptable answer since it could be myriad of reasons. I vpn'd into another network and accessed the server via server.mydomain.com and got the "It Works!" page. Not sure why I can't navigate inside of the server. Thank you very much for your help, I would upvote you if I could but I do not have that privilege yet. – shagism Nov 23 '10 at 00:00
  • Also, I'm reaching a little bit when it comes to my limited knowledge of Apache, but I would bet the issue lies within the httpd.conf and the configuration of the virtual hosts. I hope that helps. – CurtM Nov 23 '10 at 00:02
  • I will check out the httpd.conf file when I get in to work tomorrow. Thanks. I clicked on the check mark...not sure if that is the "accept" you were talking about. – shagism Nov 23 '10 at 00:04
0

Do you have ports forwarded though the router, did you set DNS to point to a local IP?

These are all things you may want to look at.

EDIT

Ok well I think (please correct me if wrong) you want to access this server from out side the LAN. If this Indeed is the case you need to change the local IP to the WAN IP. Again please correct me if wrong.

Jacob
  • 9,204
  • 4
  • 45
  • 56
  • The DNS points to a local IP, yes. The ports seem to be forwarded through the router, routing is being done by server (Windows 2003) – shagism Nov 22 '10 at 21:57
  • Correct. I want to access this from outside the LAN. So, I need to get a separate WAN IP to access this from the outside? I can't just use subdomains of my public IP? – shagism Nov 22 '10 at 22:27
  • Ok well you have a few options at this point.------------------------- 1. You could set up a subdomain with a CNAME to point to the port that you use if assuming you use another port. ------------------------------------ 2 you could just use the domain with a colon and a nonstandard port (ex domain.com:8080) but for both options you need to change the ip in DNS to your WAN address so when an outside address pulls a query it does not get a lan address back. – Jacob Nov 22 '10 at 22:37
  • Interesting. So, I change the IP in my DNS to my 1 public address that I have. I believe I may have already setup the subdomain with a CNAME, in Server 2003 I went to Administrative Tools->DNS->MAIN SERVER there is an alias with the data being defined as the local server that I want to access – shagism Nov 22 '10 at 23:03
  • That looks correct, if you need any help implementing what I suggested than look at my userpage and shoot me an email...( not sure if can publicly post email) – Jacob Nov 22 '10 at 23:10
0
  1. Is your domain public ? or just local (ie google.com vs mycompany.local)

  2. How many public adresses do you have ?

    • If 1 for both mydomain.com and server.mydomain.com, use PAT on your router, and set server.mydomain.com as CNAME of mydomain.com. But you won't be able to join server. on the port 80 if you already have a webserver at mydomain.com
    • If more than 1, set server.mydomain.com as A record, with the public IP address you want to use.

Another solution would be to setup some kind of reverse proxy on your mydomain.com webserver, and if the client tries to reach server.mydomain.com, the request is forwarded to the apache/svn server.

Moreover, the proxy could handle ssl, and offload the webserver.

EDIT :

  • 1 ip address :

mydomain.com = DNS A record for your public IP address server.mydomain.com = CNAME for mydomain.com

Forward (PAT) on your router :

<public ip>:80/tcp => to the old webserver
<public ip>:8080/tcp => to the new webserver. 
  • 2 ip addresses :

server.mydomain.com = DNS A record for your secondary ip address.

And if needed, forward/open port80/tcp on the router/firewall to the webserver.

  • proxy way :

The http proxy (squid, apache...) will redirect the requests based on the domain name they've been made.

If the client asks for mydomain.com, the proxy redirects to the old webserver, 80/tcp. If the client asks for server.mydomain.com, the proxy redirects to the new one, on 80/tcp.

This can be done I think with virtual hosts on Apache.

Hoping this helps !

petrus
  • 5,297
  • 26
  • 42
  • My main domain is public, mydomain.com. – shagism Nov 22 '10 at 22:11
  • I am confused by the second point. I have 1 public address. – shagism Nov 22 '10 at 22:11
  • If I am understanding the second point, you are saying that I wouldn't be able to access the subdomain on port 80. I think when I was setting up it I set the port forwarding up so that port 8081 is used to access that server, although I don't think I ever got that working – shagism Nov 22 '10 at 22:14
  • I would love to know more about the reverse proxy idea. – shagism Nov 22 '10 at 22:29
  • Okay, I will try to explain what I did and you can maybe tell me where I went wrong. I created a CNAME called server.mydomain.com and had the "data" portion of the CNAME defined as the server.mydomain.local that I want to access. I went into the Windows SERVER 2003 Routing program and added server.mydomain.local to the firewall exceptions with the incoming and outgoing port of 8081. – shagism Nov 22 '10 at 23:06
  • Okay, I will try to explain what I did and you can maybe tell me where I went wrong. I created a CNAME called server.mydomain.com and had the "data" portion of the CNAME defined as the server.mydomain.local that I want to access. I went into the Windows SERVER 2003 Routing program and added server.mydomain.local to the firewall exceptions with the incoming and outgoing port of 8081. I went onto server.mydomain.local directly and looked in the ports.conf file and it had LogLevel debug Listen 80 Listen 8081 Listen 443 in it. – shagism Nov 22 '10 at 23:11