public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: James <wireless@tampabay.rr.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user]  Re: OT: iptables w/ 2 web servers
Date: Thu, 24 Sep 2009 15:30:51 +0000 (UTC)	[thread overview]
Message-ID: <loom.20090924T171825-62@post.gmane.org> (raw)
In-Reply-To: F217E1CC-B81D-47AB-80A5-562EF11527C4@stellar.eclipse.co.uk

Stroller <stroller <at> stellar.eclipse.co.uk> writes:


> > I have one static IP
> > ... Could someone post
> > some simple iptable examples of how to route 2 different
> > web server traffic streams to 2 different machines?

> > Both are inside the same DMZ....2 different machines
> > with different (NAT) IP addresses.

> Can't be done.

Ok, that explains why I drew a blank on how to proceed.





> There is no way for IPtables to distinguish between an http request to  
> bigbreastedmommas.com at 24.73.161.102 and an http request to  
> bouncyboobs.com at 24.73.161.102, assuming both are on port 80.


So the best I can do is forward all traffic( 80, 443, etc) for the
group of websites to a proxy behind the firewall, then use software
such as what kashani suggested (proxypass, Squid, ngnix, 
lighttpd, or Varnish) and parse the traffic with some form of 
vhosts implementation on a single server (nated IP)?

I definately do not want to run anything additional on the firewall,
unless it is absolutely secure and then it would have to have an
light loading of firewall resources.

Then if the load of the combined virtual hostings becomes too large,
I use a group (cluster) of servers that and implement some sort of load
balancing across the machines that each contain complete copies of each website?

Then there is the question of how to keep the individual machines
'in sync' and the limitation that once a machine is saturated (performance
suffers too much due to insufficient  resources) there 
is no solution for expansion?

One last thing. I can get a small subnet of say 5 IP address from my
ISP for an additional 20/month. That that help me? I want to put up
dozens of small charitable web sites. None will have a huge user base,
but I was going to stream some limited video from each of them.


Any other architectual solutions here?  (outside hosting is not an option).
My ISP is very cool, and will even let me run my own primary and secondary
name service, if that helps redirect the traffic?


Ideas?



James










  reply	other threads:[~2009-09-24 15:31 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-23 21:35 [gentoo-user] OT: iptables w/ 2 web servers James
2009-09-23 21:49 ` kashani
2009-09-24  3:48 ` Stroller
2009-09-24 15:30   ` James [this message]
2009-09-24 16:58     ` [gentoo-user] " kashani
2009-09-24 17:58     ` Stroller
2009-09-25 12:40     ` Etaoin Shrdlu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=loom.20090924T171825-62@post.gmane.org \
    --to=wireless@tampabay.rr.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox