I have a Virtual Machine Linux Debian 10, with two Host-Only Network interfaces actived respectvely 192.168.56.10 and 192.168.56.15 with static ip address.
Apache Tomcat 9 is installed and Apache2 Http Server is installed too.
My purpose is that Apache Tomcat 9 must run on 192.168.56.15:8080,
while Apache2 Http Server must run on 192.168.56.10:80.
The /etc/hosts file in my Linux is:
#
192.168.56.10 www.example.com
192.168.56.15 openam.example.com
#
The C:\Windows\System32\drivers\etc\hosts is the same.
In short I'm trying to setup a small development enviroment for Identity and Access Managment using the Forgerock's AM solution. That software has to be deployed as a .war file (openam.war) in Tomcat /webapps and it will be mapped as openam.example.com, and I want this service run on
192.168.56.15:8080/openam;
So my problem is that I want two different services responding two different interfaces but running on the same Virtual machine.
I want that only if i type 192.168.56.15:8080 or openam.example.com:8080 I recive a respond from Tomcat, but if I type 192.168.56.15:80 or openam.example.com:80 Apache Http Server doesn't have to respond. Apache Http Server have to respond only on 192.168.56.10:80 or www.example.com.
In this way I can have like two different machines one with the web server and one with the application server, responding on two different IP addresses and hostname, but running on the same machine.
Thanks for help!
You could have 2 IPs but what's the point in doing so?
I find it rather pointless to have 2 separate IPs for 2 different services on the same machine (e.g tomcat on 1 / HTTP server on the other) for a development environment inside a VM. Port handling will be handled by the operating system itself and route the request to the open port.
Keep in mind that browsers will try to connect http:// calls on port 80 by default - so unless you type 8080 into the URL the browser it is just going to use port 80.
If you do not want calls to openam.example.com to come in on port 80, the simplest way round it is to use a htaccess rule that implements a rewrite for any request that contains openam.example.com (or just anything in a subdomain portion) on port 80 to be rewritten to the appropriate URL.
Related
I have a dedicated server with 16 IPs. I wanted to know if its possible to install multiple web servers running off the different IPs. What would be the best way to do this? (I believe its possible, because how do web host reseller sites do it?). I am using CentOS 6. Thanks
Most host or resellers do not have one IP for each website; instead they use virtual hosts to allow one web server to serve multiple domains.
Once a process is listening on port (for example, port 80 which is HTTP) of an interface, that's it - you can't have another server or process listening on the same port.
As you have 16 IPs, you can run 16 servers - one listening on port 80 at each IP address.
Then further, each server can host multiple websites as virtual hosts.
You don't need 16 IPs though - you can host multiple websites using one IP.
I have tomcat installed and running on an ubuntu 12.04 LTS system utilizing port 443 for https requests (GeoTrust certificate installed).
On the same machine, apache2 responds to requests on port 80.
Now I was given to task to secure the webapps (php) running on apache2 with SSL as well, but with a different server certificate.
Is this possible at all? - My assumption would be "no", because I cannot have two servers listening on the same port, but I'm not too sure and haven't found any helpful information about this so far.
Any help would be highly appreciated..
These days, you'll still have difficulty serving more than one certificate on a single interface/port combination (e.g. 0.0.0.0:443). IF you want to use two separate ports for HTTPS, it's no problem. If you want to bind to different interfaces (e.g. 1.2.3.4:443 and 4.3.2.1:443) it's no problem. If you want them both on the same interface/port, you'll have to rely on Server Name Indication which may or may not be supported by your web server version and/or client.
If you want different certificates, you probably want different hostnames, too, so maybe you can get a second interface configured on the machine. Note that you don't need to have multiple NICs on the machine just to enable a different interface: your OS should be able to create another interface with a different IP address and still share the NIC. Then you just set DNS to point each hostname to a different IP address and make sure you bind each SSL VirtualHost to the proper IP address (instead of using 0.0.0.0 or * for the hostname).
Honestly, SNI is the easiest thing to do: just use VirtualHosts with SSL enabled (with different certs) in each one the way you'd "expect" it to work and see if the server starts up without complaint. If so, you'll need to test your clients to see if it's going to work for your audience. For the SNI scenario, I am assuming that Apache httpd would handle all of the SSL traffic and that you'd use something like mod_proxy_* or mod_jk to proxy to Tomcat.
For the split-IP scenarios, you can do whatever you want: terminate SSL within Tomcat or use httpd for everything and proxy for dynamic content to Tomcat.
I'm running VirtualBox on OSX host with Debian guest. I use Debian to run my development LAMP environment and I would like all traffic on my host port 80 to be automatically forwarded to the Debian guest.
Currently my debian server is set up with 2 network adapters, one Host-Only and one NAT (the latter simply to give it an internet connection, it's not meant for server duty).
On my OSX host I've configured mod_proxy like so:
ProxyPass / http://debian/
(debian being the hostname of the debian guest). This works for me as my host shares an internal network with "debian", however if I quickly want to show something to a collegue and send them my url (192.168, etc) then they won't be so lucky.
How can I set up my configuration in such a way that my OSX apache server basically acts as a full on proxy solution for my debian server?
Thanks
If I'm reading your question correctly, it sounds as though you understand ProxyPass to work similar to an HTTP 301/302 status, which is incorrect. A 302 HTTP status will say to the requesting client, "Hey, get this from some other address yourself." In this case, debian would have to be visible to your colleague.
However, ProxyPass (and reverse proxies in general) make the connection for you; the client doesn't need to (and very often doesn't) have direct access to the upstream server, in this case debian. Long story short, unless I'm reading this wrong, you should be good already, as long as Apache on your host machine (your physical box) is listening on an IP address they can see.
I am running IIS and Apache HTTP Server side-by-side on my localhost machine, and Apache is listening on a different port (port 81). IIS is listening to port 80. However, I can only get to my virtual domains for Apache if I type in that port number. So for instance:
http://virtual.myvirtualdomain.com:81
http://virtual.myvirtualdomain2.com:81
How can I make it so Apache automatically knows it is port 81, and does not force me to type in the port number?
EDIT:
The answer appears to be that I need to redirect IIS to Apache. Can anyone provide clarification on how that is done with IIS 5.1?
It's not a matter of telling Apache, it's a matter of the browser knowing what to connect to. You're either going to have to have IIS redirect to Apache, or give up.
You have to type in the port number so your client knows where to connect to. This has nothing to do with the server.
On Unix systems you might be able to modify your /etc/services to list 81 as port for http. But that would effectively disable access to all websites that are located on port 80.
Alternatively you can configure your IIS on port 80 to locally proxy requests for the sites which are on apache. Then all clients would ask the IIS for a page, which would make a local connection to port 81.
I did some more research and it turns out that you can't redirect IIS 5.1 to Apache because that would require multiple Web sites (setup as redirects to the virtual hosts on Apache on port 81). This is because IIS 5.1 on Windows XP Pro can't do multiple Web sites (running at the same time without the scripting hack). Oh well.
How about you swap it? Make Apache listen on port 80, IIS on port 81 for whatever you need and have Apache redirect? Apache shouldn't be restricted to the same one-website per machine that IIS 5.1 is.
You can't. The 81 is telling your browser where to look for Apache.
You can't.
It's the job of your web client to specify the port, and until you do specify that port it won't even reach Apache.
What you could potentially do is have IIS also listen for the same HTTP/1.1 virtual hosts, and then arrange for it to issue a 302 Moved redirect to send your browser to the right port number.
Alternatively, run a second IP address on your machine, and bind IIS to the original IP address and Apache to the second. That way you don't need to use different ports at all.
There is no way to do exactly what you ask. About the only way would be to configure IIS -- for the virtual domains being served by IIS -- to forward to Apache on port 81. With this configuration, the client would not be aware that their requests were passing through IIS on their way to Apache. A little less efficient, but it would solve your needs.
When an url is typed, there is a certain port that the browser has to use to connect to the site. 80 is the default port that the server checks. If you need to connect to any other port via a browser, you would need to have the port number in the url. It is not apache that is forcing you to type 81, but rather your browser because it is set to use 80 as the port when a port number is not specified.
If you were to change apache's port to 80 and IIS port to 81, then you be able to connect to apache without the port number but you will need to use the port number when using the IIS webserver.
Not sure what the others idea is behind using apache to redirect to IIS. It sounds like to me that if you make an entry in httpd.conf of apache for IIS directory, then you be using apache to connect to the directory, not IIS.
You could set up a domain and have it connect to apache via port 81. That is one way to hide the port number (might be not true. I have never tried apache on port other than 80).
What are some good ways to do this? Is it even possible to do cleanly?
Ideally I'd like to use packet headers to decide which server should handle requests. However, if there is an easier/better way let me know.
It's impossible for both servers to listen on the same port at the same IP address: since a single socket can only be opened by a single process, only the first server configured for a certain IP/port combination will successfully bind, and the second one will fail.
You will thus need a workaround to achieve what you want. Easiest is probably to run Apache on your primary IP/port combination, and have it route requests for IIS (which should be configured for a different IP and/or port) to it using mod_rewrite.
Keep in mind that the alternative IP and port IIS runs on should be reachable to the clients connecting to your server: if you only have a single IP address available, you should take care to pick an IIS port that isn't generally blocked by firewalls (8080 might be a good option, or 443, even though you're running regular HTTP and not SSL)
P.S. Also, please note that you do need to modify the IIS default configuration using httpcfg before it will allow other servers to run on port 80 on any IP address on the same server: see Micky McQuade's answer for the procedure to do that...
I found this post which suggested to have two separate IP addresses so that both could listen on port 80.
There was a caveat that you had to make a change in IIS because of socket pooling. Here are the instructions based on the link above:
Extract the httpcfg.exe utility from the support tools area on the Win2003 CD.
Stop all IIS services: net stop http /y
Have IIS listen only on the IP address I'd designated for IIS: httpcfg set iplisten -i 192.168.1.253
Make sure: httpcfg query iplisten (The IPs listed are the only IP addresses that IIS will be listening on and no other.)
Restart IIS Services: net start w3svc
Start the Apache service
For people with only one IP address and multiple sites on one server, you can configure IIS to listen on a port other than 80, e.g 8080 by setting the TCP port in the properties of each of its sites (including the default one).
In Apache, enable mod_proxy and mod_proxy_http, then add a catch-all VirtualHost (after all others) so that requests Apache isn't explicitly handling get "forwarded" on to IIS.
<VirtualHost *:80>
ServerName foo.bar
ServerAlias *
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
</VirtualHost>
Now you can have Apache serve some sites and IIS serve others, with no visible difference to the user.
Edit: your IIS sites must not include their port number in any URLs within their responses, including headers.
You need at least mod_proxy and mod_proxy_http which both are part of the distribution (yet not everytime built automatically). Then you can look here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Simplest config in a virtualhost context is:
ProxyPass /winapp http://127.0.0.1:8080/somedir/
ProxyPassReverse /winapp http://127.0.0.1:8080/somedir/
(Depending on your webapp, the actual config might become more sophisticated. )
That transparently redirects every request on the path winapp/ to the windows server and transfers the resulting output back to the client.
Attention: Take care of the links in the delivered pages: they aren't rewritten, so you can save yourself lotsa hassle if you generally use relative links in your app, like
<a href=../pics/mypic.jpg">
instead of the usual integration nightmare of every link being absolute:
<a href="http://myinternalhostname/somedir/crappydesign.jpg">
THE LATTER IS BAD ALMOST EVERY SINGLE TIME!
For rewriting links in pages there's mod_proxy_html (not to confuse with mod_proxy_http!) but that's another story and a cruel one as well.
Either two different IP addresses (like recommended) or one web server is reverse-proxying the other (which is listening on a port <>80).
For instance: Apache listens on port 80, IIS on port 8080. Every http request goes to Apache first (of course). You can then decide to forward every request to a particular (named virtual) domain or every request that contains a particular directory (e.g. http://www.example.com/winapp/) to the IIS.
Advantage of this concept is that you have only one server listening to the public instead of two, you are more flexible as with two distinct servers.
Drawbacks: some webapps are crappily designed and a real pain in the ass to integrate into a reverse-proxy infrastructure. A working IIS webapp is dependent on a working Apache, so we have some inter-dependencies.
I see this is quite an old post, but came across this looking for an answer for this problem. After reading some of the answers they seem very long winded, so after about 5 mins I managed to solve the problem very simply as follows:
httpd.conf for Apache leave the listen port as 80 and 'Server Name' as FQDN/IP :80.
Now for IIS go to Administrative Services > IIS Manager > 'Sites' in the Left hand nav drop down > in the right window select the top line (default web site) then bindings on the right.
Now select http > edit and change to 81 and enter your local IP for the server/pc and in domain enter either your FQDN (www.domain.com) or external IP close.
Restart both servers ensure your ports are open on both router and firewall, done.
This sounds long winded but literally took 5 mins of playing about. works perfectly.
System:
Windows 8, IIS 8, Apache 2.2
Installing Windows 10 I had this problem: apache(ipv4) and spooler service(ipv6) listening the same 80 port.
I resolved editing apache httpd.conf file changing the line
Listen 80
to
Listen 127.0.0.1:80
That's not quite true. E.g. for HTTP Windows supports URL based port sharing, allowing multiple processes to use the same IP address and Port.
You will need to use different IP addresses. The server, whether Apache or IIS, grabs the traffic based on the IP and Port, which ever they are bound to listen to. Once it starts listening, then it uses the headers, such as the server name to filter and determine what site is being accessed. You can't do it will simply changing the server name in the request