Website forwarded to another apache server

Discussion in 'General' started by Manny Capri, Jul 21, 2018.

  1. Manny Capri

    Manny Capri New Member

    Hi there and many thanks for the great work creating this software

    My ISPConfig 3 is configured on a server with a public IP and CentOS 7
    A domain is pointing at the registrar to that public IP (both DNS1 and DNS2)

    How do I forward all the traffic of to another local IP with an apache server but not an ISPConfig server?

    I tried with an A record but then when I ping I get a response from the local IP even if I ping from outside of my LAN which is not good looking and impossible to issue a Let's Encrypt certificate

    Also tried to setup a new website as which IPV4 is the the other apache server that I previously added on SYSTEM -> Server IP Addresses with or without selecting the option 'Network Configuration' at Server Config (tried both scenarios). It solves the ping issue because now it returns me the public IP but when accessing it just lands on the and do no load the other apache server

    Another try was to edit the /etc/httpd/conf/sites-available/ and change the IP to <VirtualHost APACHE_LOCAL_IP:80> but it does exactly the same as the previous try
  2. ISPConfig Developer ISPConfig Developer

    I'm not sure what you really did there.
    How did you setup the websites, ISPConfig has an option to allow Wildcard vhosts ( set an asterisk instead of the IP to the vhost definition ).
    If you mix that up, e.g. setup a website using * and one using an IP will give you strange results. Use either the one or the other method, it's a sane way to disable wildcard option.

    What NS servers are in use for your domain, where did you set the A record, do the nameservers sync?
    check your domain/DNS for errors with

    Don't know if it applys however, your second part got me a littl confused, don't know what you want to achieve exactly
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    If you have to websites that are on two different servers and thus have different IP-addresses, like the first part of your message states, create two name service entries, so both website hostnames have an A record with the corresponding IP address.
    If this is not what you have, I am completely confused by your message, sorry about that. I second what wrote, I have great difficulties understanding what you have done.
    I answered just on another thread, maybe apply that answer also.
  4. Manny Capri

    Manny Capri New Member

    Sorry for not being clear about my goal.

    I have a well working hosted at ISPConfig server and want to keep it as it is
    I need a subdomain of that ( to be processes by another apache server which has a proprietary software

    Both and should ping on the same public IP
    The is configured at the registrar with and
    Let's say the public IP is
    The ISPConfig server is on local IP (DMZ on router from to
    The other apache server would be on local IP

    If you go to you browse the website hosted at ISPConfig server. A request is done to the registrar which points to through and both with the same public IP ( where a router is configured with a DMZ to and you get the website back to your browser. This is working properly and is to keep as it is unless you think is wrong and suggest something else but my question is about the next paragraph not this one

    If you go to you access a software that I do not want to be hosted at the ISPConfig server at all. So the registrar tells your browser to follow the or ( but as soon as it lands on (the ISPConfig server) it should route all the traffic to without telling anything to the browser because it doesn't really need to know about that forward.

    Was that better?
  5. ISPConfig Developer ISPConfig Developer

    I see, I guess you might want this ( ProxyPassReverse )
    and for nginx would be
    you should keep in mind the IP your application on sees is not the one of the real visitor, there are modules however to solve that issue, mod_rpaf as example.

    does that make sense to you?

    You could define apache options for the subdomain which tells apache to redirect every request to an upstream provider, same principle how php-fpm works for .php files handled by php-fpm daemon.
    Manny Capri likes this.
  6. ISPConfig Developer ISPConfig Developer

    Last edited: Jul 21, 2018
    Manny Capri likes this.
  7. Manny Capri

    Manny Capri New Member

    That's exactly what I needed!!

    Just a few notes:
    - a2enmod doesn't seem to be available on apache 2.4
    - The proxy modules configurations on my setup is at /etc/httpd/conf.modules.d/00-proxy.conf and do not include the ProxyRequests option but when I use it on the reverse proxy configuration file it makes the magic happen

    So I did not have to install anything because the two packages required (httpd; mod_ssl) where already installed
    Resuming I just had to create a file at /etc/httpd/conf.d/ with the following lines:
        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass /
        ProxyPassReverse /
    and it works perfectly however I am messing around to make it work with SSL.
    Can you please give me some tips?
    Do I have to have the SSL files on the or on the or on both?
    What would be the right code to use?
    I tried many combinations from the link provided and some others that I found but no luck
  8. ISPConfig Developer ISPConfig Developer

    thank you for the pointers on 2.4!

    For SSL reverse you need a domain you can CONNECT to, which could be anything.
    Either add the local IP to your public DNS or just add.
    Code: santas.helper.domain
    - if you create your custom ssl-cert, make sure your CA is installed in your trusted database
    - you could abuse a real domain with LE-cert and remap that on your server ( use a domain from other server which this server never needs to curl/visit/check... ) and sync the cert
    - probably dozens of other stuff to come ....

    <VirtualHost <IPor*_notboth_in_one_environment>:443>
        ServerName santas.helper.domain
        SSLProxyEngine On
        ProxyRequests off
        ProxyPreserveHost On
        ProxyPass / https://santas.helper.domain/
        ProxyPassReverse / https://santas.helper.domain/
        SSLEngine on
        SSLCertificateFile /etc/myssl/public.pem
        SSLCertificateKeyFile /etc/myssl/privkey.pem
        SSLCertificateChainFile /etc/myssl/chain-class2.pem
    note that is a very basic vhost file for ssl, not recommended for public webs ;)

    you can play with
    SSLProxyVerify none
    SSLProxyVerify optional
    I can't recommend using no cert, even for localhost
    Last edited: Jul 25, 2018

Share This Page