Page 1 of 1

Is it possible to host 2 web servers within the same public IP address

Posted: Mon Dec 10, 2018 1:21 am
by freshtechs
If I have this kind of network:

ISP -> WAN (CCR1009) -> Switch -> Server1 and Server2

IPs: wan: x.x.10.5/32
Lan: 10.10.10.1/24
server1: 10.10.10.2/24
server2: 10.10.10.3/24

As I only count with one public IP address I want to know if it’s possible to dst-nat port 443/80 to server1 if firstdomain.com gets requested and to server2 if seconddomain.com gets requested.

On my domain registrar I already pointed the A records for both domains to x.x.10.5 but don’t know if it’s possible to select a different server to ports 443/80 be reachable from the same external/public IP

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Mon Dec 10, 2018 2:50 am
by mducharme
As I only count with one public IP address I want to know if it’s possible to dst-nat port 443/80 to server1 if firstdomain.com gets requested and to server2 if seconddomain.com gets requested.
I have never tried this before, but it might work if you set tls-host for the NAT rule for firstdomain.com to match firstdomain.com and same for seconddomain.com.

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Mon Dec 10, 2018 3:49 am
by freshtechs
Nope it didn't work

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Mon Dec 10, 2018 3:50 am
by shiyiqiang08
If I have this kind of network:

ISP -> WAN (CCR1009) -> Switch -> Server1 and Server2

IPs: wan: x.x.10.5/32
Lan: 10.10.10.1/24
server1: 10.10.10.2/24
server2: 10.10.10.3/24

As I only count with one public IP address I want to know if it’s possible to dst-nat port 443/80 to server1 if firstdomain.com gets requested and to server2 if seconddomain.com gets requested.

On my domain registrar I already pointed the A records for both domains to x.x.10.5 but don’t know if it’s possible to select a different server to ports 443/80 be reachable from the same external/public IP
yes you can
you can add dst-nat rule
in the rule you can assign different port at wan but same port at the server
like dst-nat rule port 1000 to dst-nat 10.10.10.2:80
like dst-nat rule port 1001 to dst-nat 10.10.10.3:80
but wan port is not the same

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Mon Dec 10, 2018 4:07 am
by freshtechs
yes you can
you can add dst-nat rule
in the rule you can assign different port at wan but same port at the server
like dst-nat rule port 1000 to dst-nat 10.10.10.2:80
like dst-nat rule port 1001 to dst-nat 10.10.10.3:80
but wan port is not the same


I need to use the 443/80 ports only. Alternative ports won't work within the websites requirement

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Mon Dec 10, 2018 4:20 am
by joegoldman
No, this requires deep packet inspection (so MIGHT be able to work sometihng with layer7 filters) as you are now reading the host head in the HTTP packet to know which server to send it to.

Your best bet is a low-resource server 3 - a proxy server, it takes in ALL 80/443 requests and proxies based on host header to get to correct internal server.

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Mon Dec 10, 2018 1:47 pm
by sebastia
It is possible directly on web servers, ex: https://opensource.com/article/18/3/con ... tes-apache

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Tue Dec 11, 2018 7:41 pm
by Kevo
You need a proxy server to handle that sort of setup. I use haproxy for that sort of thing. It can handle more than just websites as well. OPNsense and pfSense offer haproxy plugins to do this sort of thing. Otherwise you can run the proxy inside the lan and forward the ports to it and let it proxy from there to your two servers. You could also just host multiple websites on the one server. That is usually the way to go unless you really need two servers for availability or serviceability reasons.

Re: Is it possible to host 2 web servers within the same public IP address

Posted: Wed Dec 12, 2018 2:10 pm
by peterh
Yes, you will need a reverse proxy or load balancer with HTTP/S intelligence to achieve this. For port 80, the reverse proxy needs to look into the "host:" header of the HTTP request and forward the packet depending on the content. For port 443, the reverse proxy needs to process SNI (Server_Name_Indication) information and forward the packets depending on the server name given.