I have a simple static website (foo.com) served with Apache2. The static website has a link to get to an application served using tomcat. To do so, the link just points to foo.com:8080/app
The end goal is to avoid having the port number. I also want to avoid using mod_proxy or mod_jk because the two contents (the static pages and app) are fairly unrelated, so I think it would be an overkill. The common use case is static page->app [never come back]
Here are some options I have considered:
-
Run the app on a different machine, and map its IP to a subdomain (s1.foo.com). Then on this machine, use iptables to forward the 80 port to 8080, so that s1.foo.com/app works as expected.
-
Get an additional IP address for the one server. Have a subdomain point to that IP address, then use iptables to forward IP:8080 to IP:80.
My questions are 1) Are these sensible? 2) What steps should I follow so that I don't mess up my rule chains? 3) Are there better alternatives?
Thank you,
Best Answer
Your best option is to get a second IP for the server, set it up as an IP alias. The first IP is set on network interface eth0, the next one on eth0:0 (a third would be eth0:1, and so on).
Here's a general guide, but it might be easier to look for recent instructions for your Linux distro specifically:
http://www.cyberciti.biz/faq/linux-creating-or-adding-new-network-alias-to-a-network-card-nic/
Once you've done that, you set Apache up to bind to the first IP (as it is now) and Tomcat to bind to the new IP, e.g.
Then set your DNS up something like:
No need to use :8080 at all, or any redirection/IP Tables forwarding. The links just point to http://tomcat.example.org/whatever/
Note that it is a new network interface, so you will want to check your IPTables rules and:
a) Close port 8080 on your first interface when you are no longer using it
b) Make sure you check / set IPTables to lock down the new IP address so only port 80 is allowed in.