I have a requirement to host multiple applications on same public IP and port. I'm new to this area and I figure out that SNI can be used to achieve my requirement. I decided to use Microsoft application gateway as the load balancer. I can configure 2 apps with 2 SSL certificates. My question is how can i access it via browser ? ex: if server FQDN is www.example.com, Since there are 2 applications running in it. how can I mention which application to load ?.
Each certificate needs to be associated with a specific FQDN for one application. Since you have 2 applications on the same IP and TCP port, you need to create two FQDN (i.e. www.my1stappli.mydomain.com and www.my2ndappli.mydomain.com), generate two certificates (one for each FQDN) and configure the Azure Application Gateway to handle each application with its own certificate. If you have only one virtual machine to handle those 2 applications, configure the Azure Application Gateway to redirect one application to port 80 of your virtual machine and to redirect the other application to port 81 of the same virtual machine.
Thus,
https://www.my1stappli.mydomain.com will be redirected to port 80 of your virtual machine
and https://www.my2ndappli.mydomain.com to port 81 of the same virtual machine
Related
In my example I am using https://portmap.io VPN service which is not exactly a pure VPN services but still uses VPN technology to break my ISP restrictions, allowing portforwarding to my own home server running in my android device.
So if I run 193.161.193.99:1200, my website gets browsed. The port 1200 is mapped to my local python server port running on port 1000. Port 1200 is given by the VPN provider.
However, if I try 193.161.193.99 without the port 1200. The portmap VPN official website gets called, cause that's the websites' IP. So basically each user of this VPN services has there own port to work with.
Question: I don't have any public IP totally in my own control to get an SSL certificate, which requires a file upload verification by the CA (CSR). So, it it anyhow possible to get an SSL certificate using 193.161.193.99:1200 ?
Note: Services like zerossl.com accepts to provide a certificate for ipv4 public addresses. So it not always essential to use a FQDN to get a cert.
Yes this is possible, you will need a domain pointing to the VPN/portmap IP and then obtain a SLL certificate from Let's Encrypt for that domain. This can be your own domain or one provided by a Dynamic DNS Service such as Duck DNS.
I'll describe how I have done it with Docker and Duck DNS in detail:
Sign in to Duck DNS, create a subdomain and point it to the VPN/portmap IP, note the token at the top of the page.
Deploy a docker container from LinuxServer.io's SWAG Image
Make sure to provide the required environment variables in your docker-compose.yml (or with docker run command):
- VALIDATION=duckdns
- DUCKDNSTOKEN={your token}
- URL={yourdomain}.duckdns.org
Note: If you want everything behind your VPN, there is a great docker container called gluetun which allows you to run the swag container behind your VPN
You will find your SSL certificates in the /config/etc/letsencrypt/live/{yourdomain}.duckdns.org folder of the SWAG container. Use those for the website/service that is running behind your forwarded port.
The certificates will get updated automatically 30 days before they expire. There is also a PKCS#12-file privkey.pfx, which is needed for services like emby. For more information on SWAG see the LinuxServer.io Docs. You may or may not need another container running that updates the Duck DNS IP periodically, I'm not sure if the SWAG container already does that.
All of this can of course be done without Docker and with your own domain. In this case you will need to map your domain or subdomain to the VPN IP in the DNS Record section of your domain provider. And then use certbot to create certificates for that domain. Docker just automates the renewal part.
I have deployed an website in IIS using my public domain name on the same domain some applications already deployed in IIS.The issue is that when we deployed website then the application which is already deployed stop working.I used same port and public domain name for both website as well as application i.e while deploying website our hostname is public domain name to access website from outside.
when you host multiple applications under the same IP, domain and port the other one will stop working. so make them unique by changing one of the IP, port or domain.
or if you want to use the same binding for all site you can host as an application under that site.
for more detail you could refer this link:
Understanding IIS Bindings, Websites, Virtual Directories, and lastly Application Pools
The port must be distinct for every running service.
I have created a Virtual Machine in Bluemix. I have installed NGINX web server on it. To access the web application that is deployed on NGINX, should I use a public IP address (for e.g. http://123.456.78.9) or is there a domain name associated with the instance (something like http://abcxyz.bluemix.net)?
When you launch any VM in cloud by default they should be not accessible from public internet unless you attach a public ip address to them.
Once you have attached a public ip address to your instance and configured the firewalls to allow incoming connections (http, ssh etc) you can update your DNS server to redirect traffic there.
AWS create a public FQDN at the time of launching the ec2 instances as
ec2-nn-nn-nn-nn-region-compute.com (where nn are ip address bits), not sure any similar thing with bluemix but it is less likely to have abcxyz.bluemix.
I have 2 IBM HTTP servers with ip's 10.10.10.2 & 10.10.10.3 with http(port 80) and https(port 443). I have also WAS on 10.10.10.4 with http(port 80) and https(port 443). Now, I have to setup the two http servers with single domain name and forward http/https requests of dynamic contents to whebsphere.
I don't know how to do that. Can anyone help me about that with an example or decent document??
I read about virtual hosts and also about http-plugin but i couldn't understand the difference or what is the specific use of each?
HTTPplugin is a WebSphere component that allows the Web Servers to communicate with the WAS Server.
VirtualHost is a configuration inside WAS.
When you deploy any web app, you will associate them with a Virtual Host.
Virtualhost is a collection of supported IP & Port numbers.
In your case, you have a domain name (say test.abc.com that receives requests at 80 and 443)
Create a virtual host that contains two entries
test.abc.com:80
test.abc.com:443
When you deploy a Web App, then associate it with this virtual host.
Generate the generic plugin (i am assuming you have not defined a Web Server configuration in WAS) and copy the generated plugin files to the Web Servers.
The HTTP Plugin would use this plugin file and route requests for Web Apps to the Application Server.
This article is very old but the basics mentioned here still hold true
http://public.dhe.ibm.com/software/dw/wes/pdf/WASWebserverplug-in.pdf
HTH
Manglu
I want to convert my pc to a web server. I installed centos server and apache server.
How I can make apache server public? I want to everyone access my web site on my pc via browser.
Thank you..
You have 2 ways, you can buy a domain and a static IP address for your computer (usually through the service provider) and configure your router and FW to allow access to the machine for port 80.
The other way is to use some sort of dynamic dns service like DynDNS to be able to bind a DNS to a dynamic IP address (you will need to run a daemon to update the account once in a while because your IP may change). The FW and router rules are still needed in this case as well.
After you do one of the these steps everyone should be able to access your apache server on your computer as long as it's on.