How to configure a front-end apache server and save valuable I.P.s

Server Config
1

Hi,

Many of you may already know how to do this, however for those that are stuck with the need to redirect website through one I.P. that then need to route to unique servers or VM’s on your internal network that each have their own private I.P. here is one way to do this.

We will use an example of three different servers, FrontEnd, BackEndA, BackEndB

FRONTEND:

Nothing special has to be configured in the FrontEnd apache2.conf or httpd.conf.

I choose to put a virtual_web_router file in ‘sites-enabled’ and in this file I have a pretty simple configuration:


<VirtualHost *:80>
    ServerName *.siteone.ca
    ServerAlias *.siteone.ca
    ProxyPreserveHost On
    ProxyPass / http://172.16.1.181/  #This is for BackEndA
    ProxyPassReverse / http://172.16.1.181/
    <Proxy http://172.16.1.181> 
       Allow from 172.16.1.181
   </Proxy>
</VirtualHost>


<VirtualHost *:80>
    ServerName www.sitetwo.com
        ServerAlias sitetwo.com
    ProxyPreserveHost On
    ProxyPass / http://172.16.0.110/ #This is for BackEndB
    ProxyPassReverse / http://172.16.0.110/
    <Proxy http://172.16.0.110> 
      Allow from 172.16.0.110
    </Proxy>
</VirtualHost>

Now in your backend servers you need to have apache configured to listen by name (which most people have set already) and you set your virtual host normally.

BackEndA:

 #siteone.com
<VirtualHost *:80>
DocumentRoot /var/www/siteone
ServerName www.siteone.com
ServerAlias siteone.com
<Directory "/var/www/siteone">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

BackEndB

 #sitetwo.com
<VirtualHost *:80>
DocumentRoot /var/www/sitetwo
ServerName www.sitetwo.com
ServerAlias sitetwo.com
<Directory "/var/www/sitetwo">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

Now there is nothing stopping you from having more than one site on either BackEndA or BackEndB servers. You simply create another proxy-pass route to a same I.P. and use a different virtual host name. Then you also need to create the real website files for your domain on the BackEnd server.

This will work through a Firewall NAT too.

Please be aware that I did not include security considerations in this mini-how-to so you need to be vigiliant in hardening both front and back end servers.

Hope this helps.

Regards,
Steve