From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MqreA-0005QT-Ah for garchives@archives.gentoo.org; Thu, 24 Sep 2009 16:58:22 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 91695E080E; Thu, 24 Sep 2009 16:58:20 +0000 (UTC) Received: from www01.badapple.net (www01.badapple.net [64.79.219.163]) by pigeon.gentoo.org (Postfix) with ESMTP id 70F8BE080E for ; Thu, 24 Sep 2009 16:58:20 +0000 (UTC) Received: from [10.73.152.3] (nat-dip6.cfw-a-gci.corp.yahoo.com [209.131.62.115]) (Authenticated sender: ramin@badapple.net) by www01.badapple.net (Postfix) with ESMTPSA id EB5B04180AA for ; Thu, 24 Sep 2009 09:58:19 -0700 (PDT) Message-ID: <4ABBA52B.5030404@badapple.net> Date: Thu, 24 Sep 2009 09:58:19 -0700 From: kashani User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: OT: iptables w/ 2 web servers References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: ab992e10-a98e-4574-b98b-0e2c9d3018ca X-Archives-Hash: 45cda2a6bc2a647004ffd95bb7b75de6 James wrote: > So the best I can do is forward all traffic( 80, 443, etc) for the > group of websites to a proxy behind the firewall, then use software > such as what kashani suggested (proxypass, Squid, ngnix, > lighttpd, or Varnish) and parse the traffic with some form of > vhosts implementation on a single server (nated IP)? That's not quite correct. Let's assume you don't install anything on the firewall. Instead you'll forward port 80 to a single server internally on port 4080 which you've set Squid, Varnish, Ngnix, or Lighttpd to listen on. internet -> firewall:80 -> server1:4080 Your proxy accepts the connection and then looks at its config or in most case the proxy is smart enough to use DNS to go to the server it needs. Using DNS might be an issue in your case since the IPs will resolve to the single public IP. site1 -> server1:80 site2 -> server2:80 site3 -> server3:3128 site4 -> server1:80 site5 -> server123.dreamhost.com:80 site6 -> localhost:80 site6/newapp -> server7:80 site6/newapp1 -> server8:80 and so on. You can really do just about anything here. All connections are going to come through your proxy, but the serving of the pages will be done by the web servers. I would not worry about the number of connections to your proxy, all the proxy solutions list above about are capable of handling a few thousand connections. Here's the link to the Apache proxy module. It should give you some ideas on what you can do. I recommend using some other proxy software than Apache just to simplify the setup and make it easier to hold the system in your head. Also prefork Apache is the slowest and uses the most resources of your options which is another reason to use a seperate proxy. http://httpd.apache.org/docs/2.2/mod/mod_proxy.html kashani