PDA

View Full Version : How to share web content between internal and external domains


bizkid64
24th April 2009, 22:12
I have a Debian/Lenny server running ISPConfig3 (very nice product by the way, can't wait for the documentation)

I want to be able to serve the content from the same /web/ folder to external and internal users. The external ip xx.xx.xxx.217, and the internal ip for the server is 192.168.0.101. How exactly do I configure this?

(Basically I want to be able to see exactly how these pages are looking on my production server without having to use a proxy server to look in from outside my network.)

Hopefully I'm asking this clearly enough. Thanks in advance.

tebokkel
25th April 2009, 10:18
Assuming you're setup for outside access (ie, it works from the inside with an external proxyserver)..

Put the site's domainname and IP-address in your hosts-file on your workstation(s) (/etc/hosts or \windows\system32\drivers\etc\hosts). Restart browser and you should be able to browse them without the external proxy.

The alternative is using some tricky split-view DNS, but that's probably also overkill :D

Oh, and BTW, an even better solution would be to put the webserver in a DMZ, with it's public IP, protected with a firewall and another firewall to your internal network. That way it's transparent to you and safe as it should be..

Paul

bizkid64
25th April 2009, 23:13
I will probably eventually set up a DMZ, as you suggest, but right now, I'm just experimenting with different configurations, testing content, and trying to learn how to use ISPConfig.

I am set up for external access, and I can view the website throught a proxy server. What I can't seem to do, is configure ISPConfig so that the same website is served through the internal network IP. I want to link the same folder on the webserver to two different IP addresses. I know there's a way to do this my modifying the directives in the httpd.conf file, because I've done it before. I'm hoping there's an easy way to get ISPConfig to set up the same thing.

It may be related, but I'd also like some guidance on why, when and how I would use the subdomain and aliasdomain functions in ISPConfig.

Thanks again.

falko
26th April 2009, 12:59
http://www.howtoforge.com/forums/showthread.php?t=432&highlight=hosts+file+windows

bizkid64
27th April 2009, 17:53
I appreciate the responses, but I guess I'm either not phrasing my question clearly or I'm not understanding the relevance of your responses. I know how to configure the host file and that works just fine.

When I create a website linked to the external IP address, ISPConfig creates the following folder structure to store the web content to be served:

/var/www/clients/client1/web1/web.

I also want users connecting over the internal network to be able to view the content in that same folder, but the only way I've found in ISPConfig to do that is to create a second website linked to the internal IP address, which results in a second folder structure

/var/www/clients/client1/web2/web.

In order to what I want, it's easy enough to go in with a text editor and manually change the server directory directive in the .vhost file for the second website to point to the folder

/var/www/clients/client1/web1/web.

I've done that, and what I want to do seems to work just fine (although I haven't tested in very rigorously yet.) It just seemed like there should be some way to do the same thing using that nice ISPConfig interface.

Hopefully that makes my question a little clearer.

till
28th April 2009, 09:26
You have to axxess websites by domain name and not IP address. Falko posted the solution for that above.

bizkid64
29th April 2009, 04:18
I see now what you were trying to tell me, and yes it now seems easy to do what I what to do, using name-based virtual hosts. The problem is that because I will be using SSL, according to the Apache documentation I'll have to use IP-based virtual hosts, which makes this all that much trickier. If you have any thoughts on that, I'd appreciate it.

tebokkel
29th April 2009, 10:12
You cannot use virtual hosts with SSL.

There's only one SSL-host per IP-address possible, so no virtual hosts.

If you want to have multiple SSL-hosts on one server, either get 1 (public) IP for each server or start mapping them on different ports (ie 443, 444, 445, etc).

The nature of SSL is that the connection is secured before any HTTP-information (like destination hostname) is transferred. This causes an chicken and egg problem, since the hostname is also included in the SSL certificate that is used to secure the connection..
Have a look at http://en.wikipedia.org/wiki/Virtual_hosting#Cons

Paul