Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st March 2012, 07:32
whynot whynot is offline
Junior Member
 
Join Date: Jan 2008
Location: Boulder, CO
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Is one IP to many domains, possible to set up with ISPconfig?

Debian Squeeze host with Debian Squeeze OpenVZ containers.

I am new to ISPconfig and I am hoping ISPconfig will simplify an area I am lost in to start with. I'd appreciate being steered to the easiest way to do the below configuration:

With ISPconfig, is it possible to configure one IP on my host node and allow many different private IP address domains, each IP for a particular OpenVZ container? And if so, how is that set up?

Just to be clear, I mean I will have several domains pointing at my single static IP address and I want to use ISPconfig to make sure traffic for each unique domain goes to the right container.

Thanks!
Reply With Quote
Sponsored Links
  #2  
Old 1st March 2012, 10:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,769
Thanks: 840
Thanked 5,609 Times in 4,420 Posts
Default

Currently you can assign only one IP to a host container, but we will change that in the nextrelease so that multiple IP's can be added.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 1st March 2012, 19:09
whynot whynot is offline
Junior Member
 
Join Date: Jan 2008
Location: Boulder, CO
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Smile

I'm sorry. I have not done a good enough job explaining what I am doing and where my problem is at. I am building this at home as a real project I intend to implement but also as a first learning experience. I will only have only one incoming static IP address to my Host Node. My several domain names will all be pointed at that one static IP address...so all incoming communications (port 80 443 ) will be coming in on that one IP address. So, it doesn't matter if ISPconfig later allows multiple IP's later....I only have one to work with.

I think what I am asking is, does ISPconfig allow me to key on the incoming domain name in the URL in order to switch or direct each incoming communication to it's correct container which is dedicated to that domain name's specific operations? Or do I need to learn iptables at NetFilter in order to do this??? Or what? And where or what is the easiest thing to study to do this? For instance, is there a HowTo on this topic somewhere?

And along the same lines, I have looked at several firewall apps which say they manipulate iptables so that you don't have to, which to me means they are a higher level of operation, but when it comes to what the commands they use are, everything very quickly gets very skimpy if anything in their documentation and it looks like they are still expecting a knowledge of iptables commands very soon in trying to create anything. I have not looked at the Bastile firewall ISPconfig uses yet....as I am trying to find the right path for me to be on, first, as I have been going in circles. If you can point me also to the basic knowledge I need to acquire to successfully pass through setting up the firewall, I'd really appreciate it....especially if it is simple and basic enough for dummies to understand it. I waded through the first 5 chapters of the Netfilter "tutorial" not understanding anything...and decided, there must be something more direct and basic somewhere!!!

Thanks!
Reply With Quote
  #4  
Old 1st March 2012, 19:56
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,769
Thanks: 840
Thanked 5,609 Times in 4,420 Posts
Default

are you talking about openvz virtual machines or about vhosts / websites? You can run as many websites as yoz like on a single IP, just select the IP or * in the website settings. The routing is done by apache or nginx, no need for iptables. When it comes to openvz virtual machines, ecah virtual machine needs its own ip address. and using multiple virtual machines when you have only one external ip makes not much sense anyway.

In general, filtering by domain name is not done on firewall level. For a setup where you run multiple internal servers or virtual machines with one external IP you use normally a reverse proxy. The reverse proxy, e.g. apache or ngincx receives the icoming http reuests and forwards them to the different internal IP addresses.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 1st March 2012 at 19:59.
Reply With Quote
  #5  
Old 1st March 2012, 20:57
whynot whynot is offline
Junior Member
 
Join Date: Jan 2008
Location: Boulder, CO
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am using OpenVZ, although, I have read that Debian isn't going to support it past Squeeze, which means I guess, if one wants to upgrade debian past squeeze, LXC is the answer? Is ISPconfig going to support LXC in the future?

I want to create separate websites, one per OpenVZ container. I want the containers isolated and secure from each other's activities.

I have venet (VE Ethernet) on OpenVZ working great as long as long as my private ip containers are on the same subnet as my host node. From inside the container I can ping anything on the internet and any of my actual physical computers on the same lan can ping in through the host to the containers. However, my experiments to have the host on one subnet and the containers on a different subnet have not worked. I'm missing some command to iptables, I think, concerning dnat...but the commands I have found others using, didn't seem to work out for me.

Trying to make veth (virtual ethernet) work hasn't worked....I'm missing knowledge there, so I am hoping ISPconfig works with venet as I'd like to finally get through all this initial setup and get to doing what I wanted to work with in the first place. I have been stuck here a long time...

Early on, I was advised by someone who runs a OpenVZ set up with lots of containers to accomplish the networking of the containers in the following manner, but this appears to be over my head and I haven't found tutorials that shed the necessary light to know the commands to accomplish this, which is why I was wondering if ISPconfig would provide a easier routing scheme of the network for me that is still secure:

I was told to have the host node's firewall to direct all port 80 & 443 traffic and also all IP traffic to container 101, where a firewall like shorewall exists. This fiirewall maps the port numbers to the containers individual IP addresses and sends all IP traffic directly to their respective containers. As for domain http/s traffic, this firewall directs all of it to container 102 which is setting inside container 101's DMZ. (I have no idea what putting this in the DMZ does for me.) Container 102 contains Apache running in Virtutal Host Mode which then handels all external incoming and internal outgoing domain name based http/s traffic by bi-directionally translating it. It does this by reading the incoming domain names and changes the headers of the incoming communications, which then maps the URL domain names to their assigned port numbers - which are high numbers (unique numbers assigned to each container) by swapping the new port number replacing port 80 in the addressing and then sending the new addressing back to the firewall in Container 101, which recognizes the port number in its mapping of port numbers to IP addresses and immediately sends it to the proper Container. Each container then has it's own apache server listening on it's unique port number for that container. And in this way, I could run many separate websites secure from one another.

I have no notes on the return path. I am assuming it is suppose to simply work in the same reverse path.

Also, this is the first time I have heard the phrase " reverse proxy" applying to what I need to do.

So, will ISPconfig get me past setting up the networking of the containers and the firewalling I need to do in this area so that I can skip the above use of Container 101's firewall and Container 102's apache processing that I described above?

And also, can you point me at the basic knowledge or application that I am going to need
to create the firewalls with each container when I finally get that far??? I notice that ISPconfig uses Bastile Firewall....what do I need to know to use it?

Thanks for your thoughts on plotting a course for me at my level!
Reply With Quote
  #6  
Old 2nd March 2012, 10:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,769
Thanks: 840
Thanked 5,609 Times in 4,420 Posts
Default

LXC is still missing features that are required for hosting. But if LXC gets these features, we might support it in ISPConfig.

Quote:
So, will ISPconfig get me past setting up the networking of the containers and the firewalling I need to do in this area so that I can skip the above use of Container 101's firewall and Container 102's apache processing that I described above?
ISPConfig is a hosting control panel, setting up iptable routers is not within the scope of ispconfig. You can run other software inside containers that you created in ispconfig that does this job.

Th bastille firewall is a simple iptables based firewall script. It is used to open / close ports in hosting servers. It is not meant as router.

But why do you want to use such a complicated setup? The setup you describe might be installed by Linux professionals with many years experience, thats nothing for beginners.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 2nd March 2012, 21:47
whynot whynot is offline
Junior Member
 
Join Date: Jan 2008
Location: Boulder, CO
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hi Till Brehm!

The reason I was trying to follow such a complicated way of doing this, is because I had temporarily met a linux professional who listened to what I wanted to do, and who then quickly verbally outlined how he would do it. I then later wrote down everything I remembered about what he had said, and then began attempting to do it that way....because I thought that must be the way to do it.

I'd really appreciate a simpler, easier outline using easier to use apps, if you would care to take the time to show me the path I should follow. Right now, I can get the networking working correctly on OpenVZ using their venet. That is where I am at on squeeze.

I just want to be able to set up independent isolated websites for myself and my friends as needed, some of which will be used to launch internet startup business ideas, each website being inside a separate container of its own, like having it's own server, and in some cases, I want to be able to send secure information from one container to another as part of a process connecting with another process in another container automatically.

How do I get from where I am, to working inside the containers installing and programming stuff?

Thanks!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 3.0.3.3 fresh instalation - email tab is empty artur_gib Installation/Configuration 14 28th January 2014 20:02
Centos 5.4 ispconfig 3 host multiple domains vuphan Server Operation 0 4th May 2010 20:15
ISPConfig installation into multiple OpenVZ containers letezo Installation/Configuration 11 3rd March 2009 23:47
ISPCONFIG and Virtual Users And Domains With Postfix, Courier And MySQL QuikSoft Installation/Configuration 5 6th December 2006 19:01
4 questions about ispconfig and domains, please help! dimas Installation/Configuration 7 1st August 2006 12:55


All times are GMT +2. The time now is 07:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.