[TriLUG] serving multiple HTTPS sites on same server with redirection
Blackburn, Marvin
mblackburn at glenraven.com
Wed May 8 16:53:03 EDT 2013
redhat 5.7
We have a system with one nic with two ip addresses: eth0 is x.x.x.5 and eth0:0 is x.x.x.6
we also run apache and have multiple sites -- some http(s) going to each ip. We can run these to 443/8443 or we can run them on 80/8443 whichever we configure apache to listen on without a problem
However, if we try to redirect 80 to 8080 and 443 to 8443 everything seems to go to eth0.
We've used this redirection on systems with only one ip and have never had a problem.
A sample iptables config is:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
#### NAT for redirection
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT
Any help would be appreciated.
_____________________________________
"He's no failure. He's not dead yet."
William Lloyd George
More information about the TriLUG
mailing list