[TriLUG] serving multiple HTTPS sites on same server with redirection

Blackburn, Marvin mblackburn at glenraven.com
Wed May 8 17:06:39 EDT 2013


typo : .  We can run these to 443/8443 or we can run them on 80/8443 
should be 
443/8443 and 80/8080

-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf Of Blackburn, Marvin
Sent: Wednesday, May 08, 2013 4:53 PM
To: Trilug Mailing List (trilug at trilug.org)
Subject: [TriLUG] serving multiple HTTPS sites on same server with redirection

redhat 5.7

We have a system with one nic with two ip addresses: eth0 is x.x.x.5 and eth0:0 is x.x.x.6
we also run apache and have multiple sites -- some http(s) going to each ip.  We can run these to 443/8443 or we can run them on 80/8443 whichever we configure apache to  listen on without a problem

However, if we try to redirect 80 to 8080 and 443 to 8443 everything seems to go to eth0.

We've used this redirection on systems with only one ip and have never had a problem.

A sample iptables config is:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
#### NAT for redirection 
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT


Any help would be appreciated.

_____________________________________
"He's no failure. He's not dead yet."
William Lloyd George



-- 
This message was sent to: Marvin Blackburn <mblackburn at glenraven.com>
To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web	: http://www.trilug.org/mailman/options/trilug/mblackburn%40glenraven.com
TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions





More information about the TriLUG mailing list