-2

Networking Noob here in some dire need for help!

Say I have only one public IP (let's say 54.0.0.1) I want to use and several servers in a domain locally.

I have created and registered a domain example.com.

Now I would like to have one server with the public IP 54.0.0.1 that administers the traffic coming in from people entering example.com into their browser, and redirects the traffic to different servers in the local network, depending what subdomain they entered.

E.g. if someone types shop.example.com the DNS recognizes example.com, resolves the request to 54.0.0.1 at which point the server redirects the traffic to the shop server with the address 172.0.0.3 in the same network as the Public Server but with no direct internet access. And then if someone enters contact.example.com they get redirected to a 3rd server with the local address 172.0.0.4 etc.

Is this scenario even possible with only one Public IP? And if yes, any tips on how to accomplish this in Amazon Webservice would be appreciated. I have informed myself about NAT-Gateways, Proxys and DNS but I can't seem to put it all together.

T. Moser
  • 111
  • 1
  • 10

2 Answers2

1

I would stop trying to use a specific IP address all together. Just create an AWS Application Load Balancer and place it in front of all the different EC2 servers serving all of your domains. An ALB can handle directing the request to the appropriate server, as well as serving the appropriate SSL certificate for each server. Also, you can use Amazon's free SSL certificates from the ACM service with an ALB.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • The thing is that AWS only provides me with 5 public elastic IPs and I want to "cheat" multiple servers behind one IP. In the scenario that you describe, doesn't every server need it's own elastic IP? – T. Moser Nov 20 '17 at 16:32
  • The thing is you can't assign a static IP to an AWS Application Load Balancer at all. You don't need a single static IP to do any of the things you are describing. No every server does not need it's own elastic IP in the scenario I describe. I believe you are confused because SSL certificates used to require a static IP address, but this hasn't been the case for a while now. SNI is now used to examine the request to determine which SSL certificate to serve https://en.wikipedia.org/wiki/Server_Name_Indication – Mark B Nov 20 '17 at 16:35
0

Yes it can be possible. Create one application load balancer. Then create the web servers as you described which hosts multiple subdomains.

Then create a target group per subdomain and forward the traffic from application load balancer. In application load balancer you have to define the rule(host-based routing) where, if the request comes for shop.example.com then forward it to that particular target group. You can also create(in ACM) and attach a wildcard SSL certificate for your domain on ALB.

Also, you don't need to use public IP/Elastic IP in this case as making ALB interfacing will do the trick.

Please refer: https://awstutorialseries.com/blog/post/host-based-routing-application-load-balancers http://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancer-getting-started.html

ExploringApple
  • 1,348
  • 2
  • 17
  • 30
  • 1
    This is a misleading answer to the Q (which was terrible) The question was specifically about using a single IP address. As you probably remember, ALBs do not bind to a single IP address but only to domain names – Vorsprung Nov 20 '17 at 16:08
  • I'm really open to other ways of accomplishing my end goal, and your answer has helped me out a lot. I think ALB is the way to go here after reading some articles. But should I not use a Network Load Balancer instead? – T. Moser Nov 20 '17 at 16:18
  • @T.Moser An ALB gives you lots of advantages for serving websites like SSL certificate offloading (and the free AWS ACM SSL certificates), web socket support, path mapping, etc. You wouldn't be able to accomplish what you are trying with a NLB because it can't examine the request and forward it to the correct EC2 server based on the domain name. Only use an NLB if you absolutely must have a static IP for your endpoint, or if you need to do TCP load balancing instead of HTTP/HTTPS. – Mark B Nov 20 '17 at 16:38