Author Topic: Directing webserver domain to internal server  (Read 490 times)

akhasis

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Directing webserver domain to internal server
« on: June 18, 2019, 02:53:48 pm »
Hello:

I'm using Zentyal Community as a Gateway, web server, firewall and DNS server (among others). I have a few pages hosted in that machine, but there are also some web applications that are hosted in some internal servers other than that Zentyal main machine, either because the configuration required by this applications is not compatible with Zentyal or because I don't want to mess with Zentyal default configuration to be able to accomodate those requirements.

From inside my network, everything is working fine. But now I need to be able to access one of these web apps from outside my network. Is it possible to configure Zentyal so that it directs a domain to the server where the web app is hosted? (I insist my question only relates on how to be able to access it from outside our network, since I can use it correctly from inside)

Thank you,

doncamilo

  • Zen Warrior
  • ***
  • Posts: 130
  • Karma: +22/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #1 on: June 19, 2019, 12:17:33 pm »
Hi!

Go to the Firewall module and go to SNAT.

It's really easy  :)

Cheers!

akhasis

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #2 on: June 20, 2019, 09:35:29 pm »
Thank you!

akhasis

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #3 on: June 21, 2019, 07:47:52 am »
Well, I came earlier to work today to try to configure the SNAT feature of the firewall, but I got lost with all the options, services and so on. I hope I can get a little more insight on how to setup SNAT if I provide an example of what I need:

I have a public IP, say 213.214.215.216. Under this IP, i have a few webpages and webapps. Due to configuration reasons, some of the apps are hosted in different servers inside my local network.

For simplicity, let's say I have app1.mydomain.com, app2.mydomain.com, app3.mydomain.com. They are hosted in three different internal webservers.
  • app1.mydomain.com is hosted in the zentyal machine (gateway, firewall, webserver...) 192.168.0.1,
  • app2.mydomain.com hosted in 192.168.0.2
  • app3.mydomain.com being hosted at 192.168.0.3.

All three subdomains are directed to my public IP, and I have them configured in my Zentyal DNS so that they direct to the right webserver.

Now, that works ok from inside my local network, but when I try to access, for example, app2.mydomain.com from outside the local network, it won't work.

I have been checking this post which seems similar to my example, but wasn't able to get it solved.
https://forum.zentyal.org/index.php/topic,16572.30.html

Please, give me a hand on how to configure SNAT or DNS or both to achieve that result.

Thank you :D

doncamilo

  • Zen Warrior
  • ***
  • Posts: 130
  • Karma: +22/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #4 on: June 21, 2019, 03:00:05 pm »
Hi!

This weekend I'll have some free time and i'll try to help you.  ;D

Best regards!

doncamilo

  • Zen Warrior
  • ***
  • Posts: 130
  • Karma: +22/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #5 on: June 24, 2019, 11:30:13 am »
As first step you have to configure a port forwarding rule. Yo can do it on Firewall -> Port Forwarding. Here you can configure the firewall in order to redirect all the incomming traffic  on a particular port to an internal IP and port. It's really straigforward.
Now, if you have two or more external interfaces, you have to link your servers response to the external interface wich received the incomint request for being considered the same connection. You configures it throught SNAT.
The SNAT address is the public IP that makes the internal service accessible. The outgoing interface parameter is self explanatory, the source parameter is  the internal server IP (with 32 bits mask), the destination is "Any" (some people out in the whole world throught many public IP's), the service parameter is HTTP or HTTPS for web, etc.
So you have reached this: Some people goes to your site throught one of your public IP, Zentyal routes (port forwarding) the request to the internal IP and port of your internal server which send the data to the correct public IP (SNAT).
Best regards!

EDIT: My mistake!  I though that you had multiples external interfaces. Port forwarding should be sufficient!. (Be sure you have a dns registry for each of your servers)
« Last Edit: June 24, 2019, 11:35:19 am by doncamilo »

akhasis

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #6 on: June 24, 2019, 07:34:11 pm »
Ok, I pointed the domain to my public IP, and then forwarded the port 80 from the router to my zentyal machine. There, I configured a dns entry for each of the subdomains, pointing them to the respective machine ips, but still no luck.

From outside my lan, if I try to access app2.mydomain.com, I get a message from the server :
It works!
This is the default web page for this server.

The web server software is running but no content has been added, yet.

My guess is that the webpage is trying to load from the zentyal Webserver, instead of the second machine where that app is hosted.

From inside my lan everything works fine.

Thanks again for your interest

doncamilo

  • Zen Warrior
  • ***
  • Posts: 130
  • Karma: +22/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #7 on: June 25, 2019, 04:32:30 pm »
Hi!

The port forwarding has a parameter "IP destination" (or similar, english is not my mother language). You have to configure it with the IP of your http server. Check this parameter.

Tell me if you need some help.  :)

Do you remembered to configure virtualhost?  ;)

Cheers!

akhasis

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #8 on: June 26, 2019, 03:00:38 pm »
If I understand correctly, you are suggesting me to send the domains to their host machine depending on the port they are being accessed through.

What I want is all of them to be accessed through the default http(s?) port, and them serve them from their corresponding host machine. I already have them working like that inside my lan, but don't know how to do so when they are accessed from the internet.

Also, I don't know what you mean by "configure virtualhost". Maybe there is the solution?

doncamilo

  • Zen Warrior
  • ***
  • Posts: 130
  • Karma: +22/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #9 on: June 26, 2019, 04:55:18 pm »
 :)

Your Zentyal server exposes a network interface to the Internet. It has an public IP.

Using Port Forwarding you can forward the incoming traffic from the internet throught a concret port of Zentyal to the private IP of a LAN machine on the same (or another) port.

So, if someone connects to your Zentyal server throught his public IP on port 80 (for instance) Zentyal will forward the request to (for example) the LAN machine wich has IP 192.168.1.56 on port 80 (or 2345, or...) which is the effective web server.

The magic that you need is done in Virtual host that is the way that uses Apache in order to serve many web applications.

Read this: https://www.ostechnix.com/configure-apache-virtual-hosts-ubuntu-part-1/

Tell me If you need help.

Cheers!
« Last Edit: June 26, 2019, 05:00:52 pm by doncamilo »

akhasis

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #10 on: June 27, 2019, 08:31:17 pm »
After reading the article you linked, I think Port Forwarding plus Virtual Hosts isn't the solution either.

As far as I could understand, with Port Forwarding I can only assign an IP to an incoming port. What I want is all the requests to the webapps to be made through one port, and then Zentyal to direct them to the right IP inside my local network.

Each webapp is hosted in a different web server (a different phisical machine) inside my LAN, so they are not virtual but "real" hosts, each having their own IP. The reasons why they aren't all hosted in my Zentyal machine and thus, virtual hosts can't be used, are explained in m first post (they need different libraries, different resources and, in some cases, web servers that are not Apache).

I have to clarify that these apps haven't been made by us, but they are open source ones, so we couldn't choose to make them all compatible or use similar software so that all of them could be hosted in virtual hosts in a same machine.

I have attached a diagram to, hopefully, make it easier to understand what I need. I have to insist that it is already working correctly if the request is made from inside my lan, I just need to make it work the same when somebody makes the same request from the internet.

Please let me know if there is something else that I can explain better.

Thank you again.

Edit: the diagram couldn't be uploaded because some lack of space (not sure what the message meant). I'll try to recreate it here though it will look uglier:

Code: [Select]

                                     _> webserver1 containing app1.mydomain.com
                                     |
Internet -> Zentyal machine -> Lan -> webserver2 containing app2.mydomain.com
                                     |
                                     _> webserver3 containing app3.mydomain.com


I want that, if somebody from the internet requests app3.mydomain.com, webserver3 to serve it, but if app1.mydomain.com is requested, webserver1 will serve it

doncamilo

  • Zen Warrior
  • ***
  • Posts: 130
  • Karma: +22/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #11 on: June 27, 2019, 11:10:30 pm »
 :)

The port is the way the OS links the connections to the applications. So one port only can serve one app at time

You can redirect many ports each one to a local machine. So you'll access them from the internet this way specifying the port in the url:

For instance:
http://mydomain.com:8081 goes to the machine with internal IP 192.168.1.x on his local port
http://mydomain.com:8082 goes to the machine with internal IP 192.168.1.y on his local port
http://mydomain.com:8083 goes to the machine with internal IP 192.168.1.z on his local port

This is the 'trick' webadmin uses in order to mantein free the 443 HTTPS canonical port

"mydomain.com" being the zone name which points to the public IP of the  Zentyal server on DNS.

Cheers!

akhasis

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +1/-0
    • View Profile
Re: Directing webserver domain to internal server
« Reply #12 on: June 28, 2019, 09:28:29 am »
Ok, so I will do.

Thank you  ;D