Scared to try to use NS and vhosts

mmh… I’m missing something? :open_mouth:

Ok gentlemen, just to clarify, with regards to our need to get our 5 sites off our current vps,

I spent some time to get NS apache to serve 3 different static index.html pages to 3 different domain requests against the same ip.

Just to clarify my idea of what apache vhost is.

test3.com not test3.com/test3 to ip 1 on serverA
test4.com not test4.com/test4 to ip 1 on serverA
test5.com not test5.com/test5 to ip 1 on serverA

Now these tests are just static html, never mind trying to use something like wordpress as @Nas posted a how to for, never mind trying to get wordpress in NS to serve multiple sites.

So what I’m seeing here is that Nethserver is not going to work for us at this time, is that correct?

This isn’t a rant or complaint, I’m not going to swear off NS or run off in a huff, it’s simply a question of whether or not the tool can fit our needs at this time because I can’t keep spending the hours trying to reinvent the wheel and failing to accomplish the clients goal.

@GG_jr @davidep

Can someone explain in simple words how the vhost work in NS ?
Not how it should but how it is actually working.

From this we can try to make a template, and/or add a interface that can add parameters from the UI.
But first before making the UI I need to understand how NS implements virtual hosts.

1 Like

Create three host aliases under DNS page, then create three shared folders by setting each one as “web site root” of the respective (v)host name.

See also

http://docs.nethserver.org/en/latest/shared_folder.html

1 Like

I did that.
That’s covered in all my posts above. :unamused:

f*$& I am so stupid.
I was using server alias instead of hosts.

sigh.

Thanks for the push @davidep

The question I have is, did I misread this or read into it what it wasn’t? The sentence is correct… but misleading, or not?

The Virtual host selector lists all Server alias defined under the DNS page.

http://docs.nethserver.org/en/latest/shared_folder.html#web-access

Because after I added the domains and ip under hosts I deleted all the aliases and the server now works as I expect, so what I read into the docs doesn’t match with what @davidep just posted, so either I’m just stupid or we need to make some changes to the docs. Prob both.

Could we reword it like (?)

The Virtual host selector lists all items available from "DNS > Alias server" page.

I don’t understand, if I did that, removing the server alias and write the domain name in the host tab, I cannot use them in the virtualhost of the shared folder

I’m sorry, it simply doesn’t make sense to me, but I’m basically ignorant anyway.
That vhost selector list under shared folders lists server aliases from dns it seems… why, what’s the point, the intended function?
I don’t see how it relates to vhosts as I understand them, now that I have no server aliases and have populated the hosts and now have a working vhost system. idk what’s going on really, so I have nothing to offer.

Can you list files under /etc/httpd/nethserver.d there is something that i don’t understand.

@davidep

Hi, still stupid here, but I’ve run out of time today.

Was messing around today, installed wordpress straight from wordpress.org into the base NS, copied the owncloud.conf over to a new wordpress.conf, edited with wordpress of course, and dumped the wp files into a folder next to owncloud, browsing to testserver/wordpress, wordpress works great.

Was looking at the vhosts some more. Wondered to myself… why do I need to have entries in dns - hosts? This is standalone behind a gateway.

But here’s the thing… I think that in order to use vhosts it’s necessary to use server alias or e-smith will not create the vhost confs. I think that when I originally created the server aliases those confs for the ibay directories were left over even though I deleted the aliases and made entries in hosts. The reason I say this is that the 00default:80.vhost has all the test domains listed in it but if I browse to any domain I always get the index.html that is the last listed domain in that 00default file.

So nothing works like I posted above anymore and I’m even more confused.

So, I’m making notes for myself here… and tomorrow, if I have time, I may recreate those entries in server alias to see what happens.

My end goal here is to spin up an NS instance in Google cloud, with a wordpress installation hosting 5 sites for 5 domains with email on a single ip… but this is getting out of hand…

Hi @fasttech ,

AFAIK, this can be done only through Reverse Proxy (you have only one public IP and you must publish to the Web different domains (www, webmail), NOT ALIASES, hosted on the same machine, with the same port (80, 443).

Of course, maybe I’m wrong.

When I have looked for MS ISA Server replacement (ISA/Forefront TMG can do Reverse Proxy), I read on a forum that you need another Linux Machine to do Reverse Proxy if your Linux Firewall/Router can’t do that.

Endian and Sophos can do Reverse Proxy from UI but only for paid versions.

I ask for this feature for a long time and for many, many times, but …
Apache can do Reverse Proxy but I don’t know how.
I think that if Apache is a part of NS, this can be done on the same machine.
I read some docs from Apache website but I’m not good enough to make this.

http://www.apachetutor.org/admin/reverseproxies
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

EDIT:

@Hunv just published here:

Proposal for ns7 VirtualHost page

about this.

@fasttech @GG_jr

If you need help in configuring the reverse proxy on the Nethserver, feel free to contact me. I’ve got it running (but I’m not a Pro in Linux/Apache at all ;)).

Hi Kristian,

Thank you very much for your offer!

Can you do something for NS Community?
I think this is a great improvement for NS!
And many of us need this.

BR,
Gabriel

PS:

NS 7 is still far away.
We need this feature also in NS 6.7 because we will use this version for a long time (I understand that the upgrade to NS 7 will be not so facile because of all improvements).

I can post my configuration, but I don’t think that this is like it is intended to be.
Basically I simply created a new file at /etc/httpd/conf.d that must have the ending .conf.
The content of that file is:

<VirtualHost *:80>    
	ServerName subdomain.domain.com    
	ProxyPreserveHost On    
	ProxyPass / http://10.10.0.10/    
	ProxyPassReverse / http://10.10.0.10/
</VirtualHost>

<VirtualHost *:443>   
	ServerName subdomain.domain.com    
	ProxyPreserveHost On    
	SSLEngine On    
	SSLProxyEngine Off    
	SSLCertificateFile /etc/httpd/conf.d/subdomain.domain.com.pem    
	SSLCertificateKeyFile /etc/httpd/conf.d/subdomain.domain.com.key    	
	SSLCertificateChainFile /etc/httpd/conf.d/intermediate_cl1_ca.pem    
	SSLCACertificateFile /etc/httpd/conf.d/root_ca.pem    
	ProxyPass / http://10.10.0.10/    
	ProxyPassReverse / http://10.10.0.10/
</VirtualHost>

But I am ignoring the Template-Stuff of Nethserver doing this.

Port 80:
The configuration redirects every request to Nethserver that is to the domain subdomain.domain.com to my server 10.10.0.10 and passes also the HTTP-Header.

Port 443:
If a query to subdomain.domain.com is to the Nethserver, it will forward the HTTPS-Request as an HTTP-Request to my Webserver 10.10.0.10. The HTTP-Answer will be “converted” to an HTTPS-Answer by the ReverseProxy (=Nethserver) and send back to the Client.
The infrastructure for this scenario is
Client => HTTPS => Nethserver => HTTP => Webserver
So the Webserver don’t need to be configured to do something with HTTPS (except you are using Tomcat in some cases as I figured out). You need valid SSL-Certificates for the HTTPS stuff.

Thats how I did it.

PS:
You can repeat the config above for each (sub)domain you have. Just change the “ServerName”-Parameter. The first config that matches your Parameters will be processed by the build in Apache in Nethserver.

PPS:
After you updated the .conf-File you have to execute this command at the console of Nethserver:
signal-event nethserver-httpd-update

3 Likes

If someone need info on proxy pass, take also a look to the manual :wink: http://docs.nethserver.org/en/latest/proxy_pass.html

2 Likes

This is where I started

2 Likes

Looking forward adding it to the WebUI you should create a new doc about it :slight_smile:

1 Like

Hi Gabriel,
Virtual hosts is not Reverse proxy. Virtual hosts are different than Reverse proxy even if in some functionality they can behave the same

A reverse proxy can “fetch” information from internal servers and then serve this information to the internet clients on requests, as if itself was the content provider.

Reverse proxy can be used for balancing request to multiple internal servers for example.

Virtual Hosts are multiple “different” directories under the same apache / nginx / tomcat server.
Even if the pages are served from the same server they are in different folders and can be associated with different DNS hosts or domains.

By “different” i mean that for each host/domain (URL) that the server is queried, you can define the options on what to serve, what is the folder for serving the information, type HTTP or HTTPS or other options.

For example www is a different host or can be an alias of the original FQDN of NethServer. Either it can be defined to serve different content (from a specified distinct folder) or it can be the same folder as /srv/www

I have made those clarifications as not to confuse the roles of the VHOSTS and Rev. Proxies.

Hope this helps :slight_smile:

2 Likes

Hi Bogdan,

Thank you for your clarifications.

I will give an example and I will put at the end two questions and I will explain why:

I understand that the problem is to use one public IP for publishing different hosts, something like this:

Let’s say that the WAN IP is 91.195.63.5.
We have different domains, registered into a external name server, which are pointing to this IP:
http://www.mydomain.com
http://www.mydomain2.com
http://www.mydomain3.com
https://mail.mydomain.com
https://mail.mydomain2.com
https://mail.mydomain3.com

We have two servers in DMZ (or even one, it’s the same thing):

  • for web hosting: 10.0.0.2
  • for mail hosting: 10.0.0.3

To reach www or mail from WAN (RED) to DMZ (ORANGE) we must create rules through NS firewall (portforwarding), something like this (short version):

for www.mydomain.com: rule 1: RED (91.195.63.5) -> ORANGE (10.0.0.2:80)
for www.mydomain2.com: rule 2: RED (91.195.63.5) -> ORANGE (10.0.0.2:80)
for www.mydomain3.com: rule 3: RED (91.195.63.5) -> ORANGE (10.0.0.2:80)
for mail.mydomain.com: rule 4: RED (91.195.63.5) -> ORANGE (10.0.0.3:443)
for mail.mydomain2.com: rule 5: RED (91.195.63.5) -> ORANGE (10.0.0.3:443)
for mail.mydomain3.com: rule 6: RED (91.195.63.5) -> ORANGE (10.0.0.3:443)

When I had this situation, no matter what I wanted to reach, worked only for the first rules from each categories (rule 1 and rule 4).

As far I have used MS ForeFront TMG or even ISA Server, it worked.
When I have replaced MS ForeFront with SOPHOS (Trial) it worked.
When I have replaced MS ForeFront with Endian Community it doesn’t worked.
At that time, I understand that I need to use Reverse Proxy.

We are lucky and we have own public subnet and I used for WAN 2 additional IP adresses, with proper register in external name server:

www. mydomain.com and mail.mydomain.com pointing to 91.195.63.5
www. mydomain2.com and mail.mydomain2.com pointing to 91.195.63.6
www. mydomain3.com and mail.mydomain3.com pointing to 91.195.63.7

and:

for www.mydomain.com: rule 1: RED (91.195.63.5) -> ORANGE (10.0.0.2:80)
for www.mydomain2.com: rule 2: RED (91.195.63.6) -> ORANGE (10.0.0.2:80)
for www.mydomain3.com: rule 3: RED (91.195.63.7) -> ORANGE (10.0.0.2:80)
for mail.mydomain.com: rule 4: RED (91.195.63.5) -> ORANGE (10.0.0.3:443)
for mail.mydomain2.com: rule 5: RED (91.195.63.6) -> ORANGE (10.0.0.3:443)
for mail.mydomain3.com: rule 6: RED (91.195.63.7) -> ORANGE (10.0.0.3:443)

How can you do all this with only one IP?
With Reverse Proxy or with Virtual Host?

I ask because I don’t want to make again the same mistake to put the wrong question or to give the wrong answer.

TIA,
Gabriel

1 Like