one public address and multiserver (web1, we2, webx) setup : how to ?

Discussion in 'Installation/Configuration' started by ledufakademy, Jul 27, 2020.

  1. ledufakademy

    ledufakademy New Member

    Hello,
    I follow manual (bought here ;-)) and the perfect server nginx, debian 10 (which no correpond to multiserver setup ;-)).
    Not so easy to jump from one doc to another when your newbie in ispconfig (lol) ;-)
    But i made it !
    My setup is protected by a pfsense firewall (in final config we will have 4 public ip adresses, shared on two differents wan link) :
    • ns1,
    • ns2,
    • webmaster (isconfig master gui)
    • web1 (server for client' sites , ssh)
    • web2 (server for client' sites , ssh)
    • db1 (mysql server 1)
    • db2 (mysql server 2)
    • mail1 (mail server 1)
    • mail2 (mail server 2)
    THE question is : How to forward http/s request for client sites hosted on web1 AND web2 , with correct URL and so ... with correct cert (let's encrypt)?

    On my old setup (no ispconfig) i proceed with HAproxy, then redirect traffic with ACL (exact URL) matching to all ours backends.
    Here If i put HAproxy before my "ispconfig" web server ... i lost all the cool features of ispconfig for GUI admin ... :-(
     
  2. ledufakademy

    ledufakademy New Member

    The more i test ispconfig the more i think it's not done for multiserver with dedicated services (like i want)
    I think i'ts made for several servers BUT with all in one :
    server1 : web, db, mail , ftp, jail etc features
    server2 : web, db, mail features
    server x : ....
    And so on , am i wrong ?
     
  3. Th0m

    Th0m Active Member HowtoForge Supporter

    ISPConfig can work perfectly fine with a setup like:
    server1: Web, SSH
    server2: DB
    server3: MX
    server4: POP/IMAP
    server5: Panel
    server6: ns1
    server7: ns2

    But also with:
    server1: Web, SSH, panel
    server2: DB, ns1
    server3: MX, POP/IMAP
    server4: ns2
     
  4. Th0m

    Th0m Active Member HowtoForge Supporter

    Are all these servers behind the same firewall?
    Usually, your servers would have a dedicated public IP each.
     
  5. nhybgtvfr

    nhybgtvfr Active Member

    you say sites on web1 AND web2, are these the same sites being mirrored on both servers or different sites. if they're the same sites it doesn't really matter how you direct the request, do it based on round-robin, source, server load, etc. haproxy does all those perfectly fine. the important part would be to either make the request/connection persistent, or use a shared redis (or similar) instance for the webservers to use for session data.
    if they're different sites, you need to redirect based on the domain name part of the request, which you can do like this:

    Code:
     frontend https--in
      bind 1.1.1.1:443 ssl crt /etc/haproxy/certs
      mode http
      option httplog
      use_backend bk_1 if { hdr_dom(host) -i www.example.com }     { dst_port 443 }
      use_backend bk_2 if { hdr_dom(host) -i apps.example.com }    { dst_port 443 }
      use_backend bk_3 if { hdr_dom(host) -i www.otherdomain.com } { dst_port 443 }
    
    and just specify the relevant backend sections for each webserver in haproxy.

    if you want to use tcp mode with ssl passthrough instead, you could try the accepted answer here: https://stackoverflow.com/questions...gh-to-multiple-domains-with-multiple-backends
     
    ahrasis and Th0m like this.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig is made for dedicated servers and services. But it is made for data centers where each node has it's own public IP and not to use it just with a single IP.
     
    ahrasis and Th0m like this.
  7. ledufakademy

    ledufakademy New Member

    Hello Th0m,
    yes but when we deploy (wordpress) it create DB on webserver "web1" mysql db ...
    Not on server "db1" ... :eek:
    Perhaps i have forgotten something ;-) ?
     
    Last edited: Jul 27, 2020
  8. ledufakademy

    ledufakademy New Member

    we can't have more than 4 or 6 ipv4 public.
    Ipv6 is in the pipe for this infrastructure :p
     
  9. nhybgtvfr

    nhybgtvfr Active Member

    yep. you've enabled db services on web1. if databases are only going to be on db1 and db2, disable the db service in ispconfig server configs for web1 and web2, and remove them from the clients db client limits, remove them from the limit templates as well if you don't want it to try creating db's on web1 and web2 for new clients as well.
     
  10. Th0m

    Th0m Active Member HowtoForge Supporter

    Are you using APS?
     
  11. ledufakademy

    ledufakademy New Member

    "if they're different sites, you need to redirect based on the domain name part of the request,"
    Yes that's it.
    But did this setup kill , let's encrypt or anything else in ISPconfig setup ?
     
  12. ledufakademy

    ledufakademy New Member

    yes.
    (Note : addons update list , is not working , repository seem to be down .. error 404)
     
  13. ledufakademy

    ledufakademy New Member

    oh yeahh ;-)
    And this will no break anything on thoses server ? (break ISPconfig conf on web1 or web 2 ) ?
     
  14. ledufakademy

    ledufakademy New Member

    According to you which setup is the best :
    1. dedicated server for each roles ?
    2. or all in one server (x servers) ?
    perf. point of view ?
     
  15. Th0m

    Th0m Active Member HowtoForge Supporter

    APS is dead and will be removed from ISPConfig in a upcoming release.

    I don't know how many clients will be on this system, but a setup that would work:
    server1: panel
    server2: smtp + imap/pop
    server3: web1 + db1
    server4: ns1
    server5: ns2

    But if you are a small hosting provider (< 50 clients), this would work aswell:
    server1: panel + web1 + db1 + ns1
    server2: smtp + imap/pop + ns2
     
  16. ledufakademy

    ledufakademy New Member

    Thank you th0m.
    We are an associative webhoster.
    Now we have 75 user (so about 6 clients domain ..)
    We have two firewall pfsense, two wan links, 3 node with each :
    • 96Go RAM,
    • Bi-xeon X5677,
    • 10 slots sATA,
    • proxmox on 2 ssd (mdadm).
    Ok , let me know if this seems to be correct for you ... (isconfig inside)
    [​IMG]
     
    Last edited: Jul 27, 2020
  17. Th0m

    Th0m Active Member HowtoForge Supporter

    And you want to run this on virtual machines, without their own public IP adress?

    I'm not a HAProxy expert, so I can't tell you too much about that part.
     
  18. ledufakademy

    ledufakademy New Member

    we got 4 public ip (with ipv6 no issue at all)
    This is why haproxy will do the job ;-) (and protect ispconfig !)
     
  19. ahrasis

    ahrasis Well-Known Member

    I have been reading this and all I can say in short, the ISPConfig multiserver should work fine with single or multiple fixed public ip with proper setup and configuration, and since you have 4, it should be more than fine.

    I can remember one quite recent thread discussing on using nginx reverse proxy that works for letsencrypt creation and renewal that may be related and useful and which I believe you can surey dig out in this forum.

    Other than that, always dry run before running live / production servers, whether you are an experienced / expert web hoster or otherwise as different softwares normally have different ways in doing things.

    So, good luck.
     
    Th0m likes this.
  20. ledufakademy

    ledufakademy New Member

    thank you ahrasis
     

Share This Page