[TriLUG] serving multiple HTTPS sites on same server with redirection
Blackburn, Marvin
mblackburn at glenraven.com
Fri May 10 13:51:17 EDT 2013
Unfortunately, this didn't work.
In the first case, iptables does not support ip aliasing.
I couldn't get the second one working either.
I've tried several varations. Whichever we use get directed to pages served by the primary ip address.
Thanks for the suggestions though.
-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf Of Heath Roberts
Sent: Wednesday, May 08, 2013 5:53 PM
To: Triangle Linux Users Group General Discussion
Subject: Re: [TriLUG] serving multiple HTTPS sites on same server with redirection
I haven't tested this, but I think you just need to specify the interfaces.
Right now you're just telling iptables to forward anything matching :80 to
:8080. You need to tell it to match x.x.x.5:80 to x.x.x.5:8080 and
x.x.x.6:80 to x.x.x.6:8080 (and similarly for port 443). We can do it with
the interface (eth0:80) instead of the address, though. I think this will
work:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-PORT 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT
--to-PORT 8443
iptables -t nat -A PREROUTING -i eth0:0 -p tcp --dport 80 -j REDIRECT
--to-PORT 8080
iptables -t nat -A PREROUTING -i eth0:0 -p tcp --dport 443 -j REDIRECT
--to-PORT 8443
if not, you may need to switch from REDIRECT to DNAT:
iptables -t nat -A PREROUTING -p tcp -d x.x.x.5 --dport 80 -j DNAT
--to-destination x.x.x.5:8080
iptables -t nat -A PREROUTING -p tcp -d x.x.x.5 --dport 443 -j DNAT
--to-destination x.x.x.5:8443
iptables -t nat -A PREROUTING -p tcp -d x.x.x.6 --dport 80 -j DNAT
--to-destination x.x.x.5:8080
iptables -t nat -A PREROUTING -p tcp -d x.x.x.6 --dport 443 -j DNAT
--to-destination x.x.x.5:8443
More information about the TriLUG
mailing list