Re: [PLUG] Firewall & Virtual Web Servers

David Coulson on 10 Dec 2009 16:46:44 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall & Virtual Web Servers

From: David Coulson <david@davidcoulson.net>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Firewall & Virtual Web Servers

Date: Thu, 10 Dec 2009 19:46:36 -0500

Cc: Casey Bralla <MailList@nerdworld.org>

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0

Most firewalls don't handle L7 naively, so you will need a reverse proxy such as Apache w/ mod_rewrite/mod_proxy, or Squid to do that. On the other hand, I'm not sure I totally understand what you're trying to accomplish. Are you wanting to segment sites for security, or just for the fun of it? Remember, you're potentially going from one system running a web server to perhaps a dozen or more, so that is way more systems to maintain and secure. Is it worth it? The overhead in managing Apache itself is going to be pretty much the same, since you're still going to have to configure each Apache instance anyway. Virtualization is great, but remember each VM is still a Linux install that needs some care and feeding once in a while :-) On 12/10/09 7:20 PM, Casey Bralla wrote: > So I'm planning on virtualizing my servers, and I thought I'd also like to > virtualize my individual web domains. I'd appreciate advice and comments on > my (goof-ball) plan. > > > I currently host several web domains on a single web server (with a single > static IP) by utilizing Apache's virtual web server system. So far this > system works very well, except that it gets kinda complicated if some of the > web sites want to do forums, or blogs, etc. if each web page was running in > it's own virtual machine, then this would be much easier. > > Unfortunately, if each gets it's own virtual machine, how will I route traffic > to the correct virtual machine? > > Right now, my firewall forwards all port 80 traffic to a unique machine on my DMZ > which runs Apache, and then Apache determines which web domain has been > requested and automagically serves up the correct page(s). > > I'd like to do almost the same thing, but have the firewall determine which web > domain has been requested, and then forward it to the correct virtual machine. > > Is this even possible? Anybody have any suggestions how the firewall might > detect which domain has been requested? > > TIA! > > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Firewall & Virtual Web Servers
From: Sean Collins <sean@seanmcollins.com>

References:

[PLUG] Firewall & Virtual Web Servers
From: Casey Bralla <MailList@nerdworld.org>

Prev by Date: Re: [PLUG] Firewall & Virtual Web Servers

Next by Date: Re: [PLUG] Google DNS...?

Previous by thread: Re: [PLUG] Firewall & Virtual Web Servers

Next by thread: Re: [PLUG] Firewall & Virtual Web Servers

Index(es):

Date

Thread