Forwarding web requests to different web servers

Dear all

I feel this will be easy to do, but I have no idea where to start.

I have several virtual machines behind 1 public IP. What I need is to route different web requests to different virtual machines.

for example http://mail.buzalka.cz should be forwarded to 192.168.0.1
http://archive.buzalka.cz should be forwarded to 192.168.0.100 etc.

I know how to achieve this when I create those web services on different ports like 8080 8090 etc.

But is it possible to do on same port? I.e. 80?

Many thanks in advance

V
Vladimir BuzalkaCRAAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
You need what is called a reverse proxy server that sits either on your main web server or in front of all your web servers.

You can setup Apache to do this, just search on "Apache reverse proxy."
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ScobberCommented:
I've had experience with NGINX Reverse proxy and it is way easier to configure then apaches variant.

Also is a lot less memory and cpu requirement

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet
0
Michael OrtegaSales & Systems EngineerCommented:
Can't you get your ISP/Carrier to route you an additional block of IPs? If so, as opposed to using reverse proxies, you can then address the issue via NAT using the additional block of assignable IPs. Of course, your public FQDN's would need to point at the appropriate IP. If the need is to do this with several internal hosts, then perhaps reverse proxying is the best route.

MO
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Vladimir BuzalkaCRAAuthor Commented:
Dear MIchael

it is viable solution for sure, but each one IP is subject of extra cost when requested from ISP.

Thanks

V
0
Vladimir BuzalkaCRAAuthor Commented:
Dear all

is there any firewall solution with reverse proxy implemented? Simplest available if possible, no overkill.

Many thanks for ad vice

V
0
ScobberCommented:
I know mikrotik routers do reverse proxy,  although I'm not sure why you wouldn't roll with a Linux box running Apache or nginx's reverse proxy implementation

Iptables for the firewall and learn how to manage it all there is not that much to it (trying not to sound condescending here)
0
giltjrCommented:
There are devices that are considered firewall level devices that can do reverse proxy, but most of them are not inexpensive.

BIG-IP F5-LTM is a application load balancer which now has firewall capabilities.
BlueCoat's Web Application Firewall
gateprotect has a firewall with reverse proxy server.

There are probably others.  However none of these are cheap, so it depends on your budget.  I know for physical F5's start at around $20K USD.  Virtual F5 are around $3K USD, but if you don't have a virtual environment already setup then you have to add the cost of that.

I would normally agree with Scoober, get a Linux box learn iptables and use nginx or Apache.  However since you are hear asking this question my guess is this is beyond your current skills.  So depending on what your required timeline is to implement this, how quickly you learn new skills, and how comfortable you are with Linux you may want to go with something like a mikriotik router, which is inexpensive.
1
Michael OrtegaSales & Systems EngineerCommented:
....or add an additional block or publicly routable IP's from your carrier. Can't be too much adding additional IP's. $20/mo for a block of 5 usable IP's perhaps?

MO
0
Vladimir BuzalkaCRAAuthor Commented:
Thanks all, how about artice proxy?

Thanks for opinion

V
0
giltjrCommented:
Below is a link for nginx and Apache.  If you need more, just use your favorite search engine and search for "reverse proxy" and which ever one you want to use.

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
0
Michael OrtegaSales & Systems EngineerCommented:
Isn't NGINX a paid for service? Like $2k a year for the basic support agreement? Apache is a good alternative (free), but means you have to deploy a server in the environment to host it on or dump it on an existing server.

Paying perhaps $20/mo for additional IP's from your provider just seems like a simpler, cost effective solution, but still minimizing administrative overhead.

MO
0
Dave BaldwinFixer of ProblemsCommented:
I believe 'nginx' is a free download here: https://nginx.org/en/download.html  NGINX Plus is a paid product and service.
0
giltjrCommented:
Basic nginx is free.

Additional IP address would be easier however it really depends on how much the ISP charges, and how many addresses you need.

There is also the issue that a lot of basic home routers/firewalls don't support any more than one public IP address and thus you can't do multiple IP addresses.
0
ScobberCommented:
NGINX free is more then capable to provide the required functionality

All home/soho routers are garbage. If you need a modem though for adsl they are perfect in full bridge mode into something way more capable like a mikrotik juniper Cisco computer etc.. Can take he reigns of your ppp authentication + router +firewall., even the cheapest mikrotik router has all the features of the most expensive

Costs of routers is negligible, costs of ip addresses is negligible

Dedicated appliance is expensive

You probably don't need a additional firewall in the build as I'm assuming the firewall built into your router is sufficient.
0
nociSoftware EngineerCommented:
And then there is haproxy which is very usable also for proxying ssl sessions based on hostnamed if the browser also sends a host indication in SSL.
It is fast and easy to use.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.