HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Websites with same domain name, different IP addresses? (http://www.howtoforge.com/forums/showthread.php?t=57322)

cbj4074 17th May 2012 22:57

Websites with same domain name, different IP addresses?
 
I apologize if this question has been raised before; I did perform a search (and it returned 12 pages, with no relevant results in the first four).

I am wondering about the logic behind preventing two websites from having the same domain name -- when the IP addresses on which to listen are different.

I'm sure someone is thinking, "Why would you ever want to do that?"

I want to do it because I am migrating a website from one IP address to another IP address -- on the same server/ISPConfig installation.

Ideally, I would create identical websites -- one on each IP address -- so that once I update the DNS record (hosted externally), it doesn't matter which IP address the site-visitor hits when he visits the domain in question. The user experience should be the same for each IP address.

Is there a technical reason for which Apache cannot accommodate this setup?

Wouldn't it be perfectly valid to do something like this in the Apache configuration?

Code:

<VirtualHost 1.2.3.4>
DocumentRoot /www/example
ServerName www.example.com
</VirtualHost>

<VirtualHost 4.5.6.7>
DocumentRoot /www/example
ServerName www.example.com
</VirtualHost>

If I try that locally, Apache does not throw warnings/errors, and pages continue to be served from localhost without issue.

Thanks for any insights.

falko 18th May 2012 17:48

I'm sure this is technically possible, but it's just a decision we made to prevent users from creating the same web site twice.

cbj4074 18th May 2012 18:06

Thank you for the prompt reply, Falko.

Would you consider this to be a valid "feature request"? Due to the fact that ISPConfig forbids this configuration, I now have to:

1.) Move the site in question to a completely different physical server (even though I have plenty of unused IP addresses on the current server). This is a major headache because we don't allow remote MySQL connections, so a second database has to be stood-up on the new server, and the data in each DB merged later on. (Replication would be ideal, but is outside the scope of this change.)

2.) Update the DNS records to point to the other server.

3.) Once look-ups are resolving to the new IP address (on the separate physical box), change the domain in the Website tab on the original server.

4.) Update DNS to point back to the original server (but different IP address).

5.) Delete the "temp" site.

It seems that need to move a website from one IP address to another, on the same server, should be fairly common, especially given the lack of ubiquitous support for SNI at this time.

till 18th May 2012 18:09

If you select * in the website settings, then you can access the site from both IP addresses.

If thats not a option, then just create a copy of the vhost file of the existing site in /etc/apache2/sites-available, the name of the file does not matter, edit the ip address inside the file and save it. Then create a symlink in /etc/apache2/sites-enabled/ pointing to that file and restart apache.

cbj4074 18th May 2012 18:18

Thanks for the reply, Till.

Quote:

If you select * in the website settings, then you can access the site from both IP addresses.
I require a dedicated IP address for SSL on this particular domain. And this box is configured to support SNI, so there are dozens of other websites that are bound to all interfaces ("*"), each with a unique/proper SSL certificate.

Does that mean selecting "*" this is not an option in this particular case? What if I change all of the sites that leverage SNI to be bound to a specific IP address (other than the new one I just added to support SSL on this site).

If not, I will try the other steps you suggested. They make sense.

Thanks again!

till 21st May 2012 10:25

If sni works or not depends mostly on the briwsers that are used to access the sites, especially IE was very late in implementing SNI. If SSL by SNI is fine for you, then you can use * for all sites.

cbj4074 21st May 2012 16:38

Thanks, Till.

As a bit of background, I just added a second IP address to this server. I'm already using SNI for about a dozen sites on this box, and it works as well as expected as far as the server is concerned (the lack of browser support [mostly IE and Android] is another issue). Each of those sites has "*" selected for the IP address.

I would like to continue using SNI on all of the existing sites, except one. I need a particular site to have a dedicated IP address, and SSL (SNI is not acceptable for this site).

Should I leave all of the existing sites set to "*" and change only the one site that requires a dedicated IP address to the corresponding literal IP (within the ISPConfig interface)?

cbj4074 13th July 2012 00:51

Hi, everyone. I'm still wondering how to do this:

Quote:

Originally Posted by cbj4074 (Post 279443)
I would like to continue using SNI on all of the existing sites, except one. I need a particular site to have a dedicated IP address, and SSL (SNI is not acceptable for this site).

Should I leave all of the existing sites set to "*" and change only the one site that requires a dedicated IP address to the corresponding literal IP (within the ISPConfig interface)?

As a bit of background, I have one IP address created in ISPConfig. I have several websites that are bound to "*" in ISPConfig's Website -> Domain tab (no website is bound to the literal IP address).

How can I use SSL for the one website that I want to be the "primary", without the attendant SNI issues with older browsers (such as IE6), but at the same time use SNI (each site with its own self-signed certificate) for all other domains on the same IP address?

In other words, if I type the server's IP address in my browser's URL field, with the https protocol, I want to hit the "primary" site to which the proper SSL certificate is issued. Naturally, I want to hit the same primary site when I enter it's domain name (with https). Finally, I want to hit the various other sites that are hosted at the same IP address by domain name, with https, and leverage SNI for each.

The basis of my concern is that I have enabled SSL for sites other than the primary domain, and things have not behaved as expected. I have been directed to the wrong website whenever I try to connect over SSL.

Thanks for any help!

till 13th July 2012 09:45

Quote:

As a bit of background, I have one IP address created in ISPConfig. I have several websites that are bound to "*" in ISPConfig's Website -> Domain tab (no website is bound to the literal IP address).
Dont mix * and IP addresses in websites, thsi will cause redirect failures in apache. Either use * for all sites or select the IP address for all sites but dont mix that as a IP address is always a stroinger match then a wildcard in apache.

Quote:

How can I use SSL for the one website that I want to be the "primary", without the attendant SNI issues with older browsers (such as IE6), but at the same time use SNI (each site with its own self-signed certificate) for all other domains on the same IP address?
Assign a separate IP address to the site. This IP may not be shared with any other website.


All times are GMT +2. The time now is 14:58.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.