Solved

Configuring virtual machines as virtual hosts on Ubuntu Server

Posted on 2007-12-06
4
2,731 Views
Last Modified: 2012-06-27
Hi Experts,

I am trying to do something which I *thought* was pretty easy.  I have done this many times with Windows Server 2003 and it works perfectly, but now I trying to do the same thing on Ubuntu and it won't play nice!

The scenario is this:

I have a host server (Ubuntu Server 6.06 LTS); installed on the server is VMware Server.  I have created a number of virtual machines - all VMs are Windows Server 2003.  The VMs all have private IP addresses, and the Linux host has a public IP address.  Each of the VMs has Apache running, listening on port 80.  What I want to do is configure virtual hosts in Apache on the host so that HTTP requests are forwarded to the appropriate VM.

I have done this in the past, except that the host server has always been Windows Server 2003.  Normally I would add the following to the httpd.conf file:

NameVirtualHost *:80

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
#<VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

# phobbs - VirtualHost for host server
<VirtualHost *:80>
    DocumentRoot E:/web_services/web_root
</VirtualHost>

# phobbs - VirtualHost for host VM1
<VirtualHost *:80>
    ServerName vm1.<my-domain>
    ProxyRequests off
    ProxyPreserveHost Off
    ProxyPass / http://10.28.2.200/
    ProxyPassReverse / http://10.28.2.200/
</VirtualHost>

# phobbs - VirtualHost for host VM2
<VirtualHost *:80>
    ServerName vm2.<my-domain>
    ProxyRequests off
    ProxyPreserveHost Off
    ProxyPass / http://10.28.2.201/
    ProxyPassReverse / http://10.28.2.201/
</VirtualHost>

I manage the DNS records for <my-domain>, so I have created subdomains vm1 and vm2 which both point to the public IP address of the host.  Under Windows Server, the above config works perfectly.  Any requests of the form http://vm1.<my-domain> are redirected to the first VM which has a static IP of 10.28.2.200, and similarly, any requests of the form http://vm2.<my-domain> are redirected to the second VM which has a static IP of 10.28.2.201.  Works perfectly.

Under Ubuntu it doesn't seem to be working though.  It took me a little while to discover that the config is slightly different.  httpd.conf is an empty file; mods are loaded by including *.load and *.conf in the /etc/apache2/mods-enabled directory.  And virtual hosts are defined in /etc/apache2/sites-available/default.

So, first I added some modules to be loaded:

proxy.conf
proxy.load
proxy_http.load
vhost_alias.load

Next I edited /etc/apache2/sites-available/default vy adding some virtual hosts directives to the end of the file::

# phobbs - VirtualHost for host VM1
<VirtualHost *>
    ServerName vm1.<my-domain>
    ProxyRequests off
    ProxyPreserveHost Off
    ProxyPass / http://10.28.101.11/
    ProxyPassReverse / http://10.28.101.11/
</VirtualHost>

# phobbs - VirtualHost for host VM1
<VirtualHost *>
    ServerName vm2.<my-domain>
    ProxyRequests off
    ProxyPreserveHost Off
    ProxyPass / http://10.28.101.12/
    ProxyPassReverse / http://10.28.101.12/
</VirtualHost>

Essentially the same config as for the Windows server, except that I am not specifying port 80 because the host also listens on port 443.

From the host I can telnet to the VMs on port 80, which suggests to me that I should be able to forward requests to the VMs.

However, here is what happens:

When I browse to http://vm1.<my-domain> from another PC, I get the following error in the browser:

~~~~~~~~~~~~~~~~~~
Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
~~~~~~~~~~~~~~~~~~

The error message above suggests to me that the http server is trying to read the root directory on the host, which it presumably doesn't have permission to do.


In the Apache error log on the host, I see this:

~~~~~~~~~~~~~~~~~~
[Fri Dec 07 09:17:03 2007] [error] [client 123.200.252.74] client denied by server configuration: proxy:http://10.28.101.11/
[Fri Dec 07 09:17:03 2007] [error] [client 123.200.252.74] client denied by server configuration: proxy:http://10.28.101.11/error/
HTTP_FORBIDDEN.html.var
~~~~~~~~~~~~~~~~~~


I should mention that the networking type between the host and the VMs is host-only.  I have configured the VMware vmnet2 interface to have an IP address of 10.28.101.1 and netmask of 255.255.255.0.  Also, I am running a VPN server on the host (Linux) server.  When I connect to the VPN with my Windows PC, I can successfully browse to http://10.28.101.11/ and I get the Apache welcome message.

Can anyone shed light on what might be happening here?  I'm sure that it is just some config somewhere that I don't know about.

Cheers,

Paul Hobbs
0
Comment
Question by:mrgordonz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 500 total points
ID: 20424633
Change what you have for the virtual hosts to:

<VirtualHost *:80>
    ServerName vm2.<my-domain>
    ProxyPass / http://10.28.101.12/
    ProxyPassReverse / http://10.28.101.12/
</VirtualHost>

Make sure you have the lines:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

somewhere in your configuration files.

This should work, if not, try changing it so that you proxy requests to say www.google.com.au, this will prove it is working from the host machine.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20424635
whoops, instead of :80 make it :443
0
 

Author Comment

by:mrgordonz
ID: 20424843
Hi Again WixRd-Linux!!

I was wondering if you would be the first to jump in on this one. :)

This was much quicker to fix - I did as you suggested and added the Directory directive, and it all works like a charm.  Here are the virtual host settings:


# phobbs - VirtualHost for host VM1
<VirtualHost *>
    ServerName vm1.<my-domain>
    ProxyPass / http://10.28.101.11/
    ProxyPassReverse / http://10.28.101.11/
    <Directory proxy:http://10.28.101.11/>
        Order Allow,Deny
        Allow from all
    </Directory>
</VirtualHost>

# phobbs - VirtualHost for host VM2
<VirtualHost *>
    ServerName vm2.<my-domain>
    ProxyPass / http://10.28.101.12/
    ProxyPassReverse / http://10.28.101.12/
    <Directory proxy:http://10.28.101.12/>
        Order Allow,Deny
        Allow from all
    </Directory>
</VirtualHost>

I have left out the :80 because Apache complains when I try to restart it:

[error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Anyway - thx for the super quick response.  Here's another 500 pts for you!

BTW - I am about to post another question about configuring Postfix.  If you know much about this, feel free to dive in and grab some more points.
0
 

Author Closing Comment

by:mrgordonz
ID: 31413289
WizRd-Linux scores another home run!
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question