How to handle two Virtual Web Servers in one Linux Box?


I have one external IP address, an ASUS router and a Fedora 14 box connected to it via the DMZ.

On the Fedora machine I'm running two Virtual Machines with Virtual Box.  Each has its own IP Address.  They are:

Virtual Machine 1 is Zimbra Email & Collaboration (Turnkey Linux)
Virtual Machine 2 is Joomla Content Management (Turnkey Linux)

It's very easy for me to expose one or the other of these VMs to the world by setting the IP address of that VM to that of th DMZ, but I need both to operate simultaneously.

So, how can I configure my network to allow both of these VMs to run simultaneously and seemlessly - while providing the functionality of each package?


How can I set this system
Who is Participating?
AriMcConnect With a Mentor Commented:
With a single external IP address you need to assign different ports to the different servers.

One way is to use the NAT (or NAPT) table of your router (if it supports it) and direct port 80 to one server and another, 8080 for example, to the other. Then the URLs from the public network become:


SqueezeOJAuthor Commented:
Hi AriMc,

Thanks for your quick response.  Let me see if I understand this...

The Joomla VM (VM2) is the one that runs my public website, so I'd want to leave it on port 80.  Therefore, its IP address will stay

The Zimbra VM (VM1) is a behind-the-scenes email service for my company only, so I'd assign it to another port, such as 8080, and reach it a

That makes sense.

Now, would I need to reconfigure the Zimbra server to stop watching for traffic on port 80 and start watching for it on 8080?

Also, I assume that I'd need to do this with all over-lapping ports?  So, if they both allow ssh on port 22 then I'd want to leave the Joomla one at 22 and assign the Zimbra one to something like 8022?

How about port 25 - which is closed on Joomla but open on Zimbra?  This could probably be left alone as long as the port forward is properly set up?

1) Some routers allow port translation from 8080 to 80 while doing the NAT. In this case you don't need to reconfigure Zimbra. If your router only supports simple "one-to-one", ie.
incoming 8080 to 8080 of Zimbra, then you need to reconfigure.

2) Yes you need separate mappings for each externally available service on both computers.

3) Port 25 (STMP mail?) - you probably want only one mail server or do you see the need of having two publicly available ones?

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

arnoldConnect With a Mentor Commented:
One thing to be cautious about is that the application does not dynamically output its links.
i.e. you setup the reouter as AriMc outlined
public externalIP port 8080 to Zimbra VM server port 80.
The problem occurs when an access to a page spits out location: while the user was accessing
A possible way to handle this is to setup an Internal Reverse proxy i.e. or  will land on your Reverse proxy that will "forward" the request to the correct internal server. caution should be taken to make sure that your internal application do not exempt or grant special privileges to the requests that come from the reverse proxy.
Good point Arnold! I haven't seen many web-sites using absolute links to their own subpages because it's basically very bad design, but it's a good thing to keep in mind.
The issue is less with websites and rather more with sites that dynamically generate code I think webtrends was returning URL based on the IP on which the request came which complicates things when you have a reverse proxy in front of it since all URL links will be http://privateip:port/.
chedlinConnect With a Mentor Commented:
You can use an additional apache process as a reverse proxy (on the host or a 3rd virtual box) to do host mapping and have them both seem to be on port 80.

If you use the host machine configure apache with virtual hosts on it's internal IP address.  Here is a configuration I use (not fedora but from /etc/apache2/site-enabled)

<VirtualHost *:80>


        DocumentRoot /var/www/
        ProxyPass / http://Zimbra.internal/
        ProxyPassReverse / http://Zimbra.internal/

        ErrorLog /var/log/apache2/Zimbra-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/Zimbra-access.log combined
        ServerSignature On


and file2 would be the same but with the Joomla information.

if you need https you still have to use different ports although you could do the above if both hosts were in the same domain and you had a wildcard certificate.
Chedlin: That's a good point too but it leaves the overall system somewhat vulnerable as it requires Joomla to be alive for Zimbra to work.

AriMc: I disagree, that is why I suggested running Apache on the VirtualBox host computer (Fedora).  You can think of it along the lines of using an HTTP accelerator or load balancer, but it is using the Host header to make the routing decision.

If the resources exists you can make it a 3rd virtual machine to keep the host stripped bare, but I don't think I would personally do it that way (unless using a bare metal hyper-visor where I would have no choice).
Chedlin: Ok, I missed the part "on the host". Yes I agree in that case Joomla wouldn't be a potential vulnerability. Still, the Apache daemon on the host would be, so it would increase the complexity of the overall system.

But the main question here is the requirements of SqueezeOJ. If non-standard ports or incorrectly generated URLs from Zimbra do present a problem, then virtual server definitions on the host could provide the answer. If not, then a simple port redirection on the router in my opinion would be the cleanest solution.

SqueezeOJAuthor Commented:
Wow.  You guys have given me a lot to think about!

I'm going to need to think about the things you've given me.

I know this is getting off track, but maybe I've gotten myself in too deep.  How do most SOHO's approach running both a website and collaboration software on one virtual machine?  I was really hoping to use the Turnkey Linux appliances because they're so simple but maybe they're overly complicating the situation...
If you want simple go with the earlier port based systems.  I have a tendency to over do things
SqueezeOJAuthor Commented:
Thanks to everyone for getting involved.  The implementation of the solution may lead to a host of additional questions!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.