Home / server / Questions / 562750
Accepted
Sam
Asked: 2013-12-21 07:08:30 +0800 CST

Router/Gateway with host-header capability

  • 772

Can anyone direct me what to look for to get a Router / Gateway / Firewall for my home-office enviroment to be able to run multiple e.g. Webserver on port 80, with one public ip. I know it can be done using Apache or IIS on a server-computer. A Cisco or Netgear router?

E.g.:

host1.example.com:80 -> 192.168.0.101

host2.example.com:80 -> 192.168.0.102

router

2 Answers

  1. Best Answer

    Openwrt has good apache/squid support. I used apache even for reverse proxy. Only thing you need, were an openwrt-compatible router.

    Second thing, you need to set up apache (I suggest apache for this) in this special proxy working method. It is not so hard as it seems. If you want, I were glad to copy-paste some config example in this post.

    There is not too much problem about the CPU need of a such proxy - most routers haven't very strong cpu - because what a such hw/sw configuration does, isn't really more as if it only packets forwarded. There is no such cpu-intensive things as f.e. php-interpretation or jvm, and the apache can run with his "worker" mpm, in threaded mode, which is very fast.

    • 2

  2. Routers typically don't run servers. OpenWRT and DD-Wrt based routers can provide this functionality if they have sufficient memory. This is because they are running a Linux kernel. Web server capability is done by running a web server or proxy such as Apache or Squid.

    If you have several small sites to server, you may be able to use a Rasberry Pi or similar device to run your web sites. If you require more capacity, a small server running Linux can provide both firewall and Web Server capability. I started with a recycled desktop system with a second network card running Linux as both a Web Server and firewall.

    I do this separation at the web server. The major web servers handle delivering content based on the Host header. The Apache web server calls this functionality VirtualHosts. It is possible to proxy some or all of a Host's traffic to a second server.

    Multi-domain HTTPS is more difficult as certificates are associate with a hostname. If the domains are related, a multi-domain or wildcard certificate will work. Some servers can handle negotiating the Hostname before providing the certificate, although I have never successfully implemented this.

    You will want to have your router forward HTTP requests to your web server. Most routers provide this capability by port and/or as a DMZ address.

    • 1