0

How can you use one public IP address to host multiple domain names that span across multiple servers in your LAN?

Let's say I have 5 web servers, serving 5 different domain names, using 5 different server-side technologies, and I currently have 5 public IP addresses.

DNS is setup so that each of the 5 domain names are mapped to each of the respective public IPs, and the firewall has port-forwarders so all requests get forwarded to the respective internal ip-addresses of the correct server within the LAN.

How would I consolidate to using one IP instead of 5? I understand how dynamic-dns works and if there was just one web-server I'd have no problems. However, since there are multiple web-server, using varying technologies, I'm not sure how to accomplish using only one public IP.

Is there a server (preferably Linux based) that I can send all requests to, that is capable of transparently routing each request to a specific internal IP+port based strictly on domain name within the request?

LonnieBest
  • 1,510
  • 4
  • 22
  • 39
  • 1
    I know you prefer Linux, but if you have an IIS server in the mix you could use **URL Rewrite** and **Application Request Routing** to set it up as a flexible reverse proxy. I do this for several scenarios that include Apache web servers on Linux. – Jens Ehrich Mar 19 '19 at 17:16

3 Answers3

2

An Apache or Nginx reverse proxy would do.

Below is a simple example with nginx reverse proxy, including load balancing.

http {
  upstream backend_server_2 {     # load balanced server block
     ip_hash;
     server 10.1.1.2:8080 weight=2;
     server 10.1.1.3:8080 weight=1;
  }

  server {
     listen public_ip:80;
     server_name example1.com;
     location / {
         proxy_pass http://10.1.1.1/;
     }
  }

  server {
     listen public_ip:80;
     server_name example2.com;
     location / {
         proxy_pass http://backend_server_2/;
     }
   }
}
Chaminda
  • 95
  • 6
  • How transparent is this solution? Will the webserver see only the original source address or will it see the Nginx address as the source address of the request? I'd like to handle this at a low enough networking layer, so the webserver is fooled into thinking it has received a request that has not passed through a proxy server. For example, I can imagine a firewall extension that analyzes the domain name in the packet before routing the packet to one of the web servers within the LAN. – LonnieBest Mar 19 '19 at 19:58
  • Given solution is not a transparent proxy, so the client requests get modified at reverse proxy server (in Layer 3, Layer 4 & Layer 7 headers) before sending to back-end servers. Next option for you is to use XFF header in reverse proxy, where original client IP is preserved as a layer 7 header information. However, L3 & L4 details will get changed while proxy-ing. – Chaminda Mar 21 '19 at 16:15
  • If you need to preserve original client's L3, L4 & L7 information, you can try something like HAProxy's proxy protocol (http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) or transparent mode. But this might offer limited proxy functionality, and requires changes in network architecture. – Chaminda Mar 21 '19 at 16:16
1

You could try setting up a Load Balancer with a Reverse Proxy.

It's basically a server where all the requests goes to, but it does not process the requests; rather, it only sends the request to be processed by one of the servers behind it.

There are different algorithms to send requests to the right servers in order not to workload one of the servers more than others, but for basic setups, even making it random or sending requests to one server at one time could work. Since who's going to make the request to the actual server is Nginx, you'll lose the original user's IP address. To make it available again, you'll have to set up Nginx and your servers to pass the original IP address as a HTTP header (such as X-Forwarded-For).

Jefrey Sobreira Santos
  • 126
  • 3
  • 1
    The source IP changing is an issue. Each of the webservers log source IPs for stat purposes, which would be meaningless if each request's source IP is that of the internal "load balancer / reverse proxy server". Are you aware of anything that operates at a lower networking layer. For example, theoretically I can image a firewall module that route IP traffic by extracting the domain name out of the packet. Such a strategy would be transparent to the web server; the original source IP would be preserved and the web server could just respond to the request like normal. – LonnieBest Mar 19 '19 at 20:07
  • Use `proxy_set_header X-Forwarded-For $http_x_forwarded_for` in your Nginx config and the servers behind your reverse proxy will be able to get the source IP address on the X-Forwarded-For header. – Jefrey Sobreira Santos Mar 19 '19 at 22:38
-1

Sure you could handle it with a load balancer. But the appropriate way is to use Server Name Indication (SNI). Don't reinvent the wheel, especially in network/internet questions...

user598258
  • 1