Forums >> Programming >> Proof of Concept (POC) >>
Reverse DNS Entries with the Powered By Apache Server




Posted:
bvstone

Reverse DNS Entries with the Powered By Apache Server

 
Reverse DNS Entries with the Powered By Apache Server

Because we only have one public IP address to run multiple websites on our IBM i, we need to do what is called Reverse Proxy with the Apache server.

What this allows us to do is point requests to other domains to separate local IP addresses inside our network.  

Think of it this way.  Each site (ie, www.bvstools.com, www.fieldexit.com, etc) will point to one external IP address, but each site will have their own internal IP address.   As you probably know, the IBM i is unique in that you can create multiple IP Interfaces (or IP addresses) for just one NIC.  Pretty cool if you ask me!

Each site will also have their own HTTP server instance and configuration.  But one of the servers has to be the "gate keeper".  In this case we have one instanced named PROXY that does all the routing of requests.  That's why for years I've always mentioned that when you create IBM i web server instances to always specify a specific IP address and port (or ports).  If you don't, the server will bind to any and all interfaces set up on your system, and you'll really only be able to run one instance (no fun and a nightmare to configure).

Within the configuration for our PROXY server instance have the following entries at the top of the configuration file to allow the reverse proxy to work:

LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_connect_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_ftp_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM

These entries tell the apache server to load specific applications to that the proxy interfaces will function.

The reverse proxy entries look like the following (for each host/site there is a VirtualHost container):

<VirtualHost xx.xx.xx.16:80>
   ServerName fieldexit.com
   ServerAlias *.fieldexit.com
   ProxyPreserveHost On
   RewriteEngine     On
   RewriteRule       ^(.*)$        http://xx.xx.xx.23$1 [P]
</VirtualHost>

So, what happens here is a request comes from the internet to www.fieldexit.com.  The DNS points this to the external IP address of the website.

The request hits our firewall and is routed to the appropriate internal IP address.  In this case, we map all HTTP (port 80) requests to xx.xx.xx.16 port 80 which is an IP address on our IBM i running the PROXY web server instance.

The server sees the request is really for www.fieldexit.com and forwards the request to IP address xx.xx.xx.23, which also is on the same IBM i and running it's own web server instance, and therefore has it's own configuration.

It's pretty simple, but setting it up and getting everything correct was a bugger at first.  But now that it's been done once, it can easily be copied should we need to run additional web servers on our IBM i.


Last edited 11/03/2016 at 08:12:41


Reply




Copyright 1983-2017 BVSTools
GreenBoard(v3) Powered by the eRPG SDK, MAILTOOL Plus!, GreenTools for Google Apps, jQuery, jQuery UI, BlockUI, CKEditor and running on the IBM i (AKA AS/400, iSeries, System i).