Weblog entry #2 for cvweiss
See all weblog entries made by cvweiss.
I've been trying to figure out an easy way to do something along these lines:
- incoming requests for xyz.com on port 80 redirects/communicates with localhost port 6789
- incoming requests for abc.com on port 80 redirects/communicates with localhost port 9876
- etc. etc.
Squid seems to be overkill, and not easily understood (by me), and I'm not sure if this is feasible to do with just iptables. Searching through the packages I can't seem to find anything that will do the job. I don't want caching, just communication redirects to the right port.
I'm sure there is an easy solution to this, and yet I'm completely missing it somehow. How would you go about this?
Comments on this Entry
If not, you need to do something at a higher level.
[ Parent | Reply to this comment ]
What type of higher level abstraction are you referring to?
[ Parent | Reply to this comment ]
For example, tomcat might have the ip address 10.1.1.1, apache might have the ip address 10.1.1.2. Both on the same box.
Now you can use iptables. This is the prefered method.
If you only have a single ip address, you can't base the rules on ip addresses, but on the Host: header sent to the server. You need something that can look inside a packet for the hostname, then make a decision based on that, i.e. you can't really use iptables (well, you can base it on pattern matching, but it's a hack).
So for this, you either you mark the packets in some way, and then pass them to iptables, or you use a proxy like Apache or squid.
For the price of a second ip address, the first is probably a better and cleaner option.
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I'll look into mod_jk. However, this would require running an extra apache server just for processing the redirects since each site is to have its own instance of a web server.
I admit, I haven't done any searching on iptables for this task, since it seems a bit much for it - from your comments I may be wrong, I'll have to look into it. I've tried searching for squid, but most pages in my search results are standard this-is-how-to-install-squid pages; nothing specific towards what I'm asking. Perhaps you, or anyone else, know of some good examples or have a bookmark for the pages I can't find.
Are there any other methods that might be used do this?
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
[ Parent | Reply to this comment ]
Maybe there exists some other lightweight solution for this purpose?
[ Parent | Reply to this comment ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Not the ideal solution, but certainly possible. Personally I'd use the lightweight HTTP forwarder "pound" which has been described on this site previously.
If you're interested in string matching this guide was one that Google found and shows a nice overview.
[ Parent | Reply to this comment ]
[ Send Message | View dkg's Scratchpad | View Weblogs ]
i find redir works quite well with the runit suite, or with djb's daemontools. If you want a system service to redirect these ports (or you want to do this as a non-root user, and you don't want to muck around with iptables), you can just make a new service directory for the port in question, and it will run cleanly.
[ Parent | Reply to this comment ]