I am hosting a server with 150 domain names (websites), each of the ssl's requere dedicated IP address. So server windows 2008, with 150 IP addressees and 150 websites. I need to have high availability solution. So thinking setting up AWS but ELB will not be a solution... and max IP's I can get per instance is 12 addresses. So what can I do to have all 150 sites hosted on one instance and be HA with instance in different availability zone.
Asked
Active
Viewed 120 times
1
-
2Look into multi-domain certs, you can get about 50 domains on a single ELB with one. – ceejayoz May 30 '14 at 21:21
1 Answers
2
This is not an "easy" answer. Here's a few things to think on.
- Are you absolutely tied to having to use Windows Server 2008 or 2008 R2 and IIS 7.0/7.5? Do you have an option to move to IIS 8.0/8.5 on top of Server 2012/2012 R2? If so, you can take advantage of SNI (Server Name Indication) within IIS.
This will allow you to use 1 single static IP, and use many SSL Certificates bound to 1 Static IP. This means that the use of HostHeaders is employed. There are caveats to this function, but they center around older browsers like IE 5 & 6 that didn't support SNI.
You CAN use a workaround to SNI in Server 2008 and 2008 R2 on IIS 7/7.5, but it's not nearly as easy.
- For your websites, are you you using Windows and IIS for any specific reason? If you aren't serving up anything except static content, have you considered apache? It natively has this ability built in. It doesn't care about the IP Address count, and has been using SNI for a long time. I know it's not always so cut and dry, and don't take this as a "Windows sucks" post. It's merely another alternate solution. Obviously if you have dynamic content such as ASP.NET, you are tied to MS which is absolutely fine. However, if you are running PHP/MySQL/PGSQL, you may want to consider the jump even though there is a learning curve.
Our company uses Ubuntu/Apache2 on AWS and uses *.DOMAIN.COM (Wildcard) certs all day long, and has approximately 100+ unique hostnames running, and they work flawless all on 1 private IP. This is employed across multiple servers for load balancing using ELB.
The sloppy method is a port forwarding schema, which will get HORRIBLY messy administratively, especially if you have a web farm behind load balancers. I only bring this up for the sake of stating it's there, but would HIGHLY recommend you stay away from this. This would also require a fair number of public IP's to achieve this, but you could do it all with 1 single PRIVATE IP in the end. I repeat..I do NOT recommend this.
As for AWS, having built multiple VPC's, and leveraged EC2 in a production environment, I'll say that unfortunately, your situation isn't an easy one. If you don't have a large public IP presence, and you require more than 1 server for redundancy/performance (which should be the case), then using them isn't really an option for this scenario without significant tweaks.
JimCJulsonJr
- 151
- 4
-
Jim thank you very much! I plan to move to IIS8 win 2012. Unfortunately it's .net/asp websites. I know solution to go on nginx but not with IIS. Anything else you can think of? – user3692800 May 30 '14 at 23:12
-
My pleasure. If you are going to IIS 8 and Server 2012, I think that's your safest, cleanest, and quickest bet. Everything else is a band-aid for sure. There is a reason that hosted sites charge a significant dollar amount for public IP space on the Windows Realm. Particularly with E-Commerce ASP.NET on IIS. This a cost that has to be considered. – JimCJulsonJr May 30 '14 at 23:46