Forwarding web requests to different web servers

Dear all

I feel this will be easy to do, but I have no idea where to start.

I have several virtual machines behind 1 public IP. What I need is to route different web requests to different virtual machines.

for example http://mail.buzalka.cz should be forwarded to 192.168.0.1
http://archive.buzalka.cz should be forwarded to 192.168.0.100 etc.

I know how to achieve this when I create those web services on different ports like 8080 8090 etc.

But is it possible to do on same port? I.e. 80?

Many thanks in advance

V
vladobbAsked:
Who is Participating?
 
giltjrCommented:
You need what is called a reverse proxy server that sits either on your main web server or in front of all your web servers.

You can setup Apache to do this, just search on "Apache reverse proxy."
0
 
ScobberCommented:
I've had experience with NGINX Reverse proxy and it is way easier to configure then apaches variant.

Also is a lot less memory and cpu requirement

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet
0
 
Michael OrtegaSales & Systems EngineerCommented:
Can't you get your ISP/Carrier to route you an additional block of IPs? If so, as opposed to using reverse proxies, you can then address the issue via NAT using the additional block of assignable IPs. Of course, your public FQDN's would need to point at the appropriate IP. If the need is to do this with several internal hosts, then perhaps reverse proxying is the best route.

MO
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
vladobbAuthor Commented:
Dear MIchael

it is viable solution for sure, but each one IP is subject of extra cost when requested from ISP.

Thanks

V
0
 
vladobbAuthor Commented:
Dear all

is there any firewall solution with reverse proxy implemented? Simplest available if possible, no overkill.

Many thanks for ad vice

V
0
 
ScobberCommented:
I know mikrotik routers do reverse proxy,  although I'm not sure why you wouldn't roll with a Linux box running Apache or nginx's reverse proxy implementation

Iptables for the firewall and learn how to manage it all there is not that much to it (trying not to sound condescending here)
0
 
giltjrCommented:
There are devices that are considered firewall level devices that can do reverse proxy, but most of them are not inexpensive.

BIG-IP F5-LTM is a application load balancer which now has firewall capabilities.
BlueCoat's Web Application Firewall
gateprotect has a firewall with reverse proxy server.

There are probably others.  However none of these are cheap, so it depends on your budget.  I know for physical F5's start at around $20K USD.  Virtual F5 are around $3K USD, but if you don't have a virtual environment already setup then you have to add the cost of that.

I would normally agree with Scoober, get a Linux box learn iptables and use nginx or Apache.  However since you are hear asking this question my guess is this is beyond your current skills.  So depending on what your required timeline is to implement this, how quickly you learn new skills, and how comfortable you are with Linux you may want to go with something like a mikriotik router, which is inexpensive.
1
 
Michael OrtegaSales & Systems EngineerCommented:
....or add an additional block or publicly routable IP's from your carrier. Can't be too much adding additional IP's. $20/mo for a block of 5 usable IP's perhaps?

MO
0
 
vladobbAuthor Commented:
Thanks all, how about artice proxy?

Thanks for opinion

V
0
 
giltjrCommented:
Below is a link for nginx and Apache.  If you need more, just use your favorite search engine and search for "reverse proxy" and which ever one you want to use.

https://www.nginx.com/resources/admin-guide/reverse-proxy/

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
0
 
Michael OrtegaSales & Systems EngineerCommented:
Isn't NGINX a paid for service? Like $2k a year for the basic support agreement? Apache is a good alternative (free), but means you have to deploy a server in the environment to host it on or dump it on an existing server.

Paying perhaps $20/mo for additional IP's from your provider just seems like a simpler, cost effective solution, but still minimizing administrative overhead.

MO
0
 
Dave BaldwinFixer of ProblemsCommented:
I believe 'nginx' is a free download here: https://nginx.org/en/download.html  NGINX Plus is a paid product and service.
0
 
giltjrCommented:
Basic nginx is free.

Additional IP address would be easier however it really depends on how much the ISP charges, and how many addresses you need.

There is also the issue that a lot of basic home routers/firewalls don't support any more than one public IP address and thus you can't do multiple IP addresses.
0
 
ScobberCommented:
NGINX free is more then capable to provide the required functionality

All home/soho routers are garbage. If you need a modem though for adsl they are perfect in full bridge mode into something way more capable like a mikrotik juniper Cisco computer etc.. Can take he reigns of your ppp authentication + router +firewall., even the cheapest mikrotik router has all the features of the most expensive

Costs of routers is negligible, costs of ip addresses is negligible

Dedicated appliance is expensive

You probably don't need a additional firewall in the build as I'm assuming the firewall built into your router is sufficient.
0
 
nociSoftware EngineerCommented:
And then there is haproxy which is very usable also for proxying ssl sessions based on hostnamed if the browser also sends a host indication in SSL.
It is fast and easy to use.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.