Apache proxy for multiple servers: comparing two solutions

apache-2.2PROXYrewritevirtualhost

I need to setup Apache proxies for multiple servers, one proxy for one server. I can do this in two ways:

Setup one virtual host and multiple proxies. Each server is served as a sub-directory of the virtual host: aaa.bbb.ccc/test1 and aaa.bbb.ccc/test2

<VirtualHost *:443>
    ServerName aaa.bbb.ccc
    RewriteEngine on
    RewriteRule ^/test1$ /test1/ [R]
    RewriteRule ^/test1(.*) http://localhost:8080$1 [P]          
    RewriteRule ^/test2$ /test2/ [R]
    RewriteRule ^/test2(.*) http://localhost:8081$1 [P]
    <Location "/test1">
        ...
    </Location>
    <Location "/test2">
        ...
    </Location>
    ....
</VirtualHost>

Setup N virtual hosts and N proxies, serving N servers. Each server will be served with one virtual host.

NameVirtualHost *:443
<VirtualHost *.443>
    ServerName aaa.bbb.ccc
    RewriteEngine on
    RewriteRule ^(.*) http://localhost:8080$1 [P]
    <Location "/">
        ...
    </Location>
</VirtualHost>
<VirtualHost *.443>
    ServerName ddd.bbb.ccc
    RewriteEngine on
    RewriteRule ^(.*) http://localhost:8081$1 [P]
    <Location "/">
        ...
    </Location>
</VirtualHost>

Both works. However I don't know which one is better. Can someone compare the pros and cons of the two approaches?

Best Answer

There is generally really nothing wrong with either way. But the real big difference between the two is going to be certificate management. Option 1 only requires 1 certificate for SSL. Option 2 depends on what you are doing for hosts names. If the only thing that is changing is the sub-domain, you can use a wild card certificate or you will need a certificate for each virtual host. Both can become expensive.

Generally what will be the biggest real driver between the two options are going to be "business" type decisions. Making a cleaner separation between the internal servers.

How you are actually exposing the internal servers to the outside, is not the most effective way. Technically it is working, but you can come into a lot of issues. Links on the pages can render wrong. On the external website, you would actually be exposing internal links and give the appearance the site is broken. Images and Javascript will also not function correctly or do some funky stuff. You should really be using Proxy and ReverseProxy

ProxyRequests off
ProxyPass /test1/ http://127.0.0.1:8080/
ProxyPass /test2/ http://127.0.0.1:8081/
ProxyHTMLURLMap http://127.0.0.1:8080 /app1
ProxyHTMLURLMap http://127.0.0.1:8081 /app2

<Location /test1/>
        ProxyPassReverse /
        ProxyHTMLEnable On
        ProxyHTMLURLMap  /      /test1/
</Location>

<Location /test2/>
        ProxyPassReverse /
        ProxyHTMLEnable On
        ProxyHTMLURLMap /       /test2/
</Location>

Related Solutions

Apache2 multiple hostnames redirected to one

To be fairly honest with you, the best approch i can see for this would be if you setup your main domain normally like this:

<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /www/domain 
</virtualhost>

Then you create a new virtualhost that will hold all domains you want to redirect like this:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias foo.example.com bar.example.com others.example.com
    DocumentRoot /www/redirect_folder 
</virtualhost>

Inside that folder make a simple index.php page that summons the 301 so any domains hold in there will be redirect to your main domain with the 301 code.

<?
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.example.com" );
?>

Why do you think it is better this way ?

This way you won't have to keep updating a bunch of places everytime you have a new domain to hold and redirct to your main domain and it won't be serving your users with the current name but will actually redirect them to your main domain in question.

If you are the server owner you can make it even better, you can put the 2nd virtualhost as the first virtualhost in your httpd.conf of vhost.conf file and whenever you hit the IP of your server it will lead you to the redirection page which will lead your users to the main domain in this case instead of having to set a bunch of ServerAlias you can just create the DNS A record for that given subdomain or domain leading to your IP and the server will take care of the rest.

In this last case all you would need for your virtual host would be:

<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /www/redirect_folder 
</virtualhost>

as you dont need the ServerAlias since every and each request that hits your server IP will go to your first vhost.

In addition if you wanted to do this using .htaccess, it would be something like this i belive:

RewriteEngine on
rewritecond %{http_host} ^foo.example.com [nc]
rewriterule ^(.*)$ http://www.example.com/$1 [r=301,nc]

Ssl – Apache proxy over port 443

cmiiw 443 is https protocol, and browser will assume it's https. if you're really using ssl, on another https server, you must install the certificate on http proxy.

https:443 (cert ssl) ==> http:80

Best Answer

Related Solutions

Apache2 multiple hostnames redirected to one

Ssl – Apache proxy over port 443

Related Topic