From: kashani <kashani-list@badapple.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: OT: iptables w/ 2 web servers
Date: Thu, 24 Sep 2009 09:58:19 -0700 [thread overview]
Message-ID: <4ABBA52B.5030404@badapple.net> (raw)
In-Reply-To: <loom.20090924T171825-62@post.gmane.org>
James wrote:
> So the best I can do is forward all traffic( 80, 443, etc) for the
> group of websites to a proxy behind the firewall, then use software
> such as what kashani suggested (proxypass, Squid, ngnix,
> lighttpd, or Varnish) and parse the traffic with some form of
> vhosts implementation on a single server (nated IP)?
That's not quite correct.
Let's assume you don't install anything on the firewall. Instead you'll
forward port 80 to a single server internally on port 4080 which you've
set Squid, Varnish, Ngnix, or Lighttpd to listen on.
internet -> firewall:80 -> server1:4080
Your proxy accepts the connection and then looks at its config or in
most case the proxy is smart enough to use DNS to go to the server it
needs. Using DNS might be an issue in your case since the IPs will
resolve to the single public IP.
site1 -> server1:80
site2 -> server2:80
site3 -> server3:3128
site4 -> server1:80
site5 -> server123.dreamhost.com:80
site6 -> localhost:80
site6/newapp -> server7:80
site6/newapp1 -> server8:80
and so on. You can really do just about anything here.
All connections are going to come through your proxy, but the serving of
the pages will be done by the web servers. I would not worry about the
number of connections to your proxy, all the proxy solutions list above
about are capable of handling a few thousand connections.
Here's the link to the Apache proxy module. It should give you some
ideas on what you can do. I recommend using some other proxy software
than Apache just to simplify the setup and make it easier to hold the
system in your head. Also prefork Apache is the slowest and uses the
most resources of your options which is another reason to use a seperate
proxy.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
kashani
next prev parent reply other threads:[~2009-09-24 16:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-23 21:35 [gentoo-user] OT: iptables w/ 2 web servers James
2009-09-23 21:49 ` kashani
2009-09-24 3:48 ` Stroller
2009-09-24 15:30 ` [gentoo-user] " James
2009-09-24 16:58 ` kashani [this message]
2009-09-24 17:58 ` Stroller
2009-09-25 12:40 ` Etaoin Shrdlu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ABBA52B.5030404@badapple.net \
--to=kashani-list@badapple.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox