Forwarding web requests to different web servers

Vladimir Buzalka
Vladimir Buzalka used Ask the Experts™
on
Dear all

I feel this will be easy to do, but I have no idea where to start.

I have several virtual machines behind 1 public IP. What I need is to route different web requests to different virtual machines.

for example http://mail.buzalka.cz should be forwarded to 192.168.0.1
http://archive.buzalka.cz should be forwarded to 192.168.0.100 etc.

I know how to achieve this when I create those web services on different ports like 8080 8090 etc.

But is it possible to do on same port? I.e. 80?

Many thanks in advance

V
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014
Commented:
You need what is called a reverse proxy server that sits either on your main web server or in front of all your web servers.

You can setup Apache to do this, just search on "Apache reverse proxy."
Commented:
I've had experience with NGINX Reverse proxy and it is way easier to configure then apaches variant.

Also is a lot less memory and cpu requirement

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet
Michael OrtegaSales & Systems Engineer

Commented:
Can't you get your ISP/Carrier to route you an additional block of IPs? If so, as opposed to using reverse proxies, you can then address the issue via NAT using the additional block of assignable IPs. Of course, your public FQDN's would need to point at the appropriate IP. If the need is to do this with several internal hosts, then perhaps reverse proxying is the best route.

MO

Author

Commented:
Dear MIchael

it is viable solution for sure, but each one IP is subject of extra cost when requested from ISP.

Thanks

V

Author

Commented:
Dear all

is there any firewall solution with reverse proxy implemented? Simplest available if possible, no overkill.

Many thanks for ad vice

V
Commented:
I know mikrotik routers do reverse proxy,  although I'm not sure why you wouldn't roll with a Linux box running Apache or nginx's reverse proxy implementation

Iptables for the firewall and learn how to manage it all there is not that much to it (trying not to sound condescending here)
Top Expert 2014
Commented:
There are devices that are considered firewall level devices that can do reverse proxy, but most of them are not inexpensive.

BIG-IP F5-LTM is a application load balancer which now has firewall capabilities.
BlueCoat's Web Application Firewall
gateprotect has a firewall with reverse proxy server.

There are probably others.  However none of these are cheap, so it depends on your budget.  I know for physical F5's start at around $20K USD.  Virtual F5 are around $3K USD, but if you don't have a virtual environment already setup then you have to add the cost of that.

I would normally agree with Scoober, get a Linux box learn iptables and use nginx or Apache.  However since you are hear asking this question my guess is this is beyond your current skills.  So depending on what your required timeline is to implement this, how quickly you learn new skills, and how comfortable you are with Linux you may want to go with something like a mikriotik router, which is inexpensive.
Michael OrtegaSales & Systems Engineer
Commented:
....or add an additional block or publicly routable IP's from your carrier. Can't be too much adding additional IP's. $20/mo for a block of 5 usable IP's perhaps?

MO

Author

Commented:
Thanks all, how about artice proxy?

Thanks for opinion

V
Top Expert 2014
Commented:
Below is a link for nginx and Apache.  If you need more, just use your favorite search engine and search for "reverse proxy" and which ever one you want to use.

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
Michael OrtegaSales & Systems Engineer
Commented:
Isn't NGINX a paid for service? Like $2k a year for the basic support agreement? Apache is a good alternative (free), but means you have to deploy a server in the environment to host it on or dump it on an existing server.

Paying perhaps $20/mo for additional IP's from your provider just seems like a simpler, cost effective solution, but still minimizing administrative overhead.

MO
Dave BaldwinFixer of Problems
Most Valuable Expert 2014
Commented:
I believe 'nginx' is a free download here: https://nginx.org/en/download.html  NGINX Plus is a paid product and service.
Top Expert 2014
Commented:
Basic nginx is free.

Additional IP address would be easier however it really depends on how much the ISP charges, and how many addresses you need.

There is also the issue that a lot of basic home routers/firewalls don't support any more than one public IP address and thus you can't do multiple IP addresses.
Commented:
NGINX free is more then capable to provide the required functionality

All home/soho routers are garbage. If you need a modem though for adsl they are perfect in full bridge mode into something way more capable like a mikrotik juniper Cisco computer etc.. Can take he reigns of your ppp authentication + router +firewall., even the cheapest mikrotik router has all the features of the most expensive

Costs of routers is negligible, costs of ip addresses is negligible

Dedicated appliance is expensive

You probably don't need a additional firewall in the build as I'm assuming the firewall built into your router is sufficient.
nociSoftware Engineer
Distinguished Expert 2018
Commented:
And then there is haproxy which is very usable also for proxying ssl sessions based on hostnamed if the browser also sends a host indication in SSL.
It is fast and easy to use.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial