Apache and IIS on the same server/port - apache

I have a server running IIS on port 80.
The same server also has Apache installed, which is listening to other ports.
What I would like to achieve is the following:
1. Set up Apache so that it also listens on port 80, but only for a specific CNAME/alias.
2. Change the IIS web site settings, so that it ignores requests made to that specific CNAME.
Basically, if someone tries to access the web site using the specified CNAME, they should receive the content hosted on the Apache server. If they access it using another alias/host name, or by specifying the IP address, they should get the content from the IIS web site.
Is there any way I could achieve that?

You can't bind two processes to the same port, on the same IP.
Your options are this:
Run Apache and IIS on different IPs, but both on port 80.
Run Apache and IIS on different Ports, but on the same IP.
Run Apache on port 80, IIS on 81, and have Apache proxy requests for specific domain names or URLs to IIS. This will be done transparently to the user. Apache will act as the front-end, handling it's own websites, and sending everything else to IIS, which will return back to Apache the results.
It sounds like what you want is #3.

Related

Setting firewall rules to enabling running Apache2HttpServer and ApacheTomcat 9 on the same machine with two different hostname/ip:port

I have a Virtual Machine Linux Debian 10, with two Host-Only Network interfaces actived respectvely 192.168.56.10 and 192.168.56.15 with static ip address.
Apache Tomcat 9 is installed and Apache2 Http Server is installed too.
My purpose is that Apache Tomcat 9 must run on 192.168.56.15:8080,
while Apache2 Http Server must run on 192.168.56.10:80.
The /etc/hosts file in my Linux is:
#
192.168.56.10 www.example.com
192.168.56.15 openam.example.com
#
The C:\Windows\System32\drivers\etc\hosts is the same.
In short I'm trying to setup a small development enviroment for Identity and Access Managment using the Forgerock's AM solution. That software has to be deployed as a .war file (openam.war) in Tomcat /webapps and it will be mapped as openam.example.com, and I want this service run on
192.168.56.15:8080/openam;
So my problem is that I want two different services responding two different interfaces but running on the same Virtual machine.
I want that only if i type 192.168.56.15:8080 or openam.example.com:8080 I recive a respond from Tomcat, but if I type 192.168.56.15:80 or openam.example.com:80 Apache Http Server doesn't have to respond. Apache Http Server have to respond only on 192.168.56.10:80 or www.example.com.
In this way I can have like two different machines one with the web server and one with the application server, responding on two different IP addresses and hostname, but running on the same machine.
Thanks for help!
You could have 2 IPs but what's the point in doing so?
I find it rather pointless to have 2 separate IPs for 2 different services on the same machine (e.g tomcat on 1 / HTTP server on the other) for a development environment inside a VM. Port handling will be handled by the operating system itself and route the request to the open port.
Keep in mind that browsers will try to connect http:// calls on port 80 by default - so unless you type 8080 into the URL the browser it is just going to use port 80.
If you do not want calls to openam.example.com to come in on port 80, the simplest way round it is to use a htaccess rule that implements a rewrite for any request that contains openam.example.com (or just anything in a subdomain portion) on port 80 to be rewritten to the appropriate URL.

Server setup for 2 webservers

I have a HTTPS website hosted by IIS. In this site I embed another HTPPS website within a iframe. The content of this iframe is hosted by Apache. Both servers, IIS and Apache, are on the same server.
Do we need to have the same SSL certificates on both webservers?
The first listens on port 8443 and the second one on port 443. Do we need to separate public IPs? Is there another way to root internally?
How would be the proper setup having two different webservers (IIS, embeded Apache) and only one external IP?
Do we need to have the same SSL certificates on both webservers?
No, you could bind different SSL certifcate if you bind different domain for your IIS or apache server.
The first listens on port 8443 and the second one on port 443. Do we need to separate public IPs? Is there another way to root internally?
No, we access the site by using the same ip with different ports.
How would be the proper setup having two different webservers (IIS, embeded Apache) and only one external IP?
In my opinion, the only things is that you should make sure the port is free for each web server.
For example, if IIS use 80, the Apache couldn't use 80.

Using Apache server beside Windows' World Wide Web Publishing Service

I have an old site (oldsite.com) running via World Wide Web Publishing Service on a Windows Server 2003 server. I've just create a new site (newsite.com) using the same server but running through Apache. The old site with its service running on port 80 already so I had to config Apache using port 8080. The problem is now when I publish my new site, the url has to be newsite.com:8080. How can I config Apache so that it can contain no port, just newsite.com?
As far as I know from personal experience and research:
Due to the nature of DNS Records you cannot specify the domain to redirect to an IP address and a port.
If both servers are listening on the same port a request would not know which site to direct to.
As the default port the domain specifies is port 80, any other port must be specified for the request to go to the correct location.
Therefor you cannot have newsite.com redirect to the server IP on port 8080, as it can only be directed to the server IP with DNS records. The port must be specified in the URL if it is on a port other than 80.
Edit: I just found this post about using a reverse proxy to do something similar to what you have described. Take a look and see if it helps you.
You cannot have two services listening on the same port. You can change the old site to listen to another port, set apache to port 80, then use mod_proxy to enable the old site to be accessed from apache using virtualhost
I have just make it work. Although in IIS Manager, there was no website listening on 0.0.0.0:80 but I still had to delete this entry by httpcfg tool. After that Apache can start normally.

Apache is listening on a different port, but how do I get it so I don't have to type in the port number?

I am running IIS and Apache HTTP Server side-by-side on my localhost machine, and Apache is listening on a different port (port 81). IIS is listening to port 80. However, I can only get to my virtual domains for Apache if I type in that port number. So for instance:
http://virtual.myvirtualdomain.com:81
http://virtual.myvirtualdomain2.com:81
How can I make it so Apache automatically knows it is port 81, and does not force me to type in the port number?
EDIT:
The answer appears to be that I need to redirect IIS to Apache. Can anyone provide clarification on how that is done with IIS 5.1?
It's not a matter of telling Apache, it's a matter of the browser knowing what to connect to. You're either going to have to have IIS redirect to Apache, or give up.
You have to type in the port number so your client knows where to connect to. This has nothing to do with the server.
On Unix systems you might be able to modify your /etc/services to list 81 as port for http. But that would effectively disable access to all websites that are located on port 80.
Alternatively you can configure your IIS on port 80 to locally proxy requests for the sites which are on apache. Then all clients would ask the IIS for a page, which would make a local connection to port 81.
I did some more research and it turns out that you can't redirect IIS 5.1 to Apache because that would require multiple Web sites (setup as redirects to the virtual hosts on Apache on port 81). This is because IIS 5.1 on Windows XP Pro can't do multiple Web sites (running at the same time without the scripting hack). Oh well.
How about you swap it? Make Apache listen on port 80, IIS on port 81 for whatever you need and have Apache redirect? Apache shouldn't be restricted to the same one-website per machine that IIS 5.1 is.
You can't. The 81 is telling your browser where to look for Apache.
You can't.
It's the job of your web client to specify the port, and until you do specify that port it won't even reach Apache.
What you could potentially do is have IIS also listen for the same HTTP/1.1 virtual hosts, and then arrange for it to issue a 302 Moved redirect to send your browser to the right port number.
Alternatively, run a second IP address on your machine, and bind IIS to the original IP address and Apache to the second. That way you don't need to use different ports at all.
There is no way to do exactly what you ask. About the only way would be to configure IIS -- for the virtual domains being served by IIS -- to forward to Apache on port 81. With this configuration, the client would not be aware that their requests were passing through IIS on their way to Apache. A little less efficient, but it would solve your needs.
When an url is typed, there is a certain port that the browser has to use to connect to the site. 80 is the default port that the server checks. If you need to connect to any other port via a browser, you would need to have the port number in the url. It is not apache that is forcing you to type 81, but rather your browser because it is set to use 80 as the port when a port number is not specified.
If you were to change apache's port to 80 and IIS port to 81, then you be able to connect to apache without the port number but you will need to use the port number when using the IIS webserver.
Not sure what the others idea is behind using apache to redirect to IIS. It sounds like to me that if you make an entry in httpd.conf of apache for IIS directory, then you be using apache to connect to the directory, not IIS.
You could set up a domain and have it connect to apache via port 81. That is one way to hide the port number (might be not true. I have never tried apache on port other than 80).

Apache and IIS side by side (both listening to port 80) on windows2003

What are some good ways to do this? Is it even possible to do cleanly?
Ideally I'd like to use packet headers to decide which server should handle requests. However, if there is an easier/better way let me know.
It's impossible for both servers to listen on the same port at the same IP address: since a single socket can only be opened by a single process, only the first server configured for a certain IP/port combination will successfully bind, and the second one will fail.
You will thus need a workaround to achieve what you want. Easiest is probably to run Apache on your primary IP/port combination, and have it route requests for IIS (which should be configured for a different IP and/or port) to it using mod_rewrite.
Keep in mind that the alternative IP and port IIS runs on should be reachable to the clients connecting to your server: if you only have a single IP address available, you should take care to pick an IIS port that isn't generally blocked by firewalls (8080 might be a good option, or 443, even though you're running regular HTTP and not SSL)
P.S. Also, please note that you do need to modify the IIS default configuration using httpcfg before it will allow other servers to run on port 80 on any IP address on the same server: see Micky McQuade's answer for the procedure to do that...
I found this post which suggested to have two separate IP addresses so that both could listen on port 80.
There was a caveat that you had to make a change in IIS because of socket pooling. Here are the instructions based on the link above:
Extract the httpcfg.exe utility from the support tools area on the Win2003 CD.
Stop all IIS services: net stop http /y
Have IIS listen only on the IP address I'd designated for IIS: httpcfg set iplisten -i 192.168.1.253
Make sure: httpcfg query iplisten (The IPs listed are the only IP addresses that IIS will be listening on and no other.)
Restart IIS Services: net start w3svc
Start the Apache service
For people with only one IP address and multiple sites on one server, you can configure IIS to listen on a port other than 80, e.g 8080 by setting the TCP port in the properties of each of its sites (including the default one).
In Apache, enable mod_proxy and mod_proxy_http, then add a catch-all VirtualHost (after all others) so that requests Apache isn't explicitly handling get "forwarded" on to IIS.
<VirtualHost *:80>
ServerName foo.bar
ServerAlias *
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
</VirtualHost>
Now you can have Apache serve some sites and IIS serve others, with no visible difference to the user.
Edit: your IIS sites must not include their port number in any URLs within their responses, including headers.
You need at least mod_proxy and mod_proxy_http which both are part of the distribution (yet not everytime built automatically). Then you can look here: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Simplest config in a virtualhost context is:
ProxyPass /winapp http://127.0.0.1:8080/somedir/
ProxyPassReverse /winapp http://127.0.0.1:8080/somedir/
(Depending on your webapp, the actual config might become more sophisticated. )
That transparently redirects every request on the path winapp/ to the windows server and transfers the resulting output back to the client.
Attention: Take care of the links in the delivered pages: they aren't rewritten, so you can save yourself lotsa hassle if you generally use relative links in your app, like
<a href=../pics/mypic.jpg">
instead of the usual integration nightmare of every link being absolute:
<a href="http://myinternalhostname/somedir/crappydesign.jpg">
THE LATTER IS BAD ALMOST EVERY SINGLE TIME!
For rewriting links in pages there's mod_proxy_html (not to confuse with mod_proxy_http!) but that's another story and a cruel one as well.
Either two different IP addresses (like recommended) or one web server is reverse-proxying the other (which is listening on a port <>80).
For instance: Apache listens on port 80, IIS on port 8080. Every http request goes to Apache first (of course). You can then decide to forward every request to a particular (named virtual) domain or every request that contains a particular directory (e.g. http://www.example.com/winapp/) to the IIS.
Advantage of this concept is that you have only one server listening to the public instead of two, you are more flexible as with two distinct servers.
Drawbacks: some webapps are crappily designed and a real pain in the ass to integrate into a reverse-proxy infrastructure. A working IIS webapp is dependent on a working Apache, so we have some inter-dependencies.
I see this is quite an old post, but came across this looking for an answer for this problem. After reading some of the answers they seem very long winded, so after about 5 mins I managed to solve the problem very simply as follows:
httpd.conf for Apache leave the listen port as 80 and 'Server Name' as FQDN/IP :80.
Now for IIS go to Administrative Services > IIS Manager > 'Sites' in the Left hand nav drop down > in the right window select the top line (default web site) then bindings on the right.
Now select http > edit and change to 81 and enter your local IP for the server/pc and in domain enter either your FQDN (www.domain.com) or external IP close.
Restart both servers ensure your ports are open on both router and firewall, done.
This sounds long winded but literally took 5 mins of playing about. works perfectly.
System:
Windows 8, IIS 8, Apache 2.2
Installing Windows 10 I had this problem: apache(ipv4) and spooler service(ipv6) listening the same 80 port.
I resolved editing apache httpd.conf file changing the line
Listen 80
to
Listen 127.0.0.1:80
That's not quite true. E.g. for HTTP Windows supports URL based port sharing, allowing multiple processes to use the same IP address and Port.
You will need to use different IP addresses. The server, whether Apache or IIS, grabs the traffic based on the IP and Port, which ever they are bound to listen to. Once it starts listening, then it uses the headers, such as the server name to filter and determine what site is being accessed. You can't do it will simply changing the server name in the request