Topic: Subdomain redirection or multiple public IP addresses

[daniel]

Is it possible to set SME server running in server/gateway mode to redirect a subdomain to a separate machine behind the firewall?  Example:  Wan side www.domain.com:443 goes to the SME server.  Behind the SME server is machine2.domain.com running an app on port 443.  Is it possible that anytime machine2.domain.com:443 is requested from the wan side it forwards https to the actual machine2 behind the firewall instead of sending https to the sme server?

What about assigning two public IP addresses to the WAN side of the SME server and having all traffic from the second public IP address be forwarded to a separate internal machine?

Thanks in advance for any suggestions.

[CharlieBrady]

Is it possible to set SME server running in server/gateway mode to redirect a subdomain to a separate machine behind the firewall?

Search here for domain proxypass.

[janet]

daniel

SME only supports one public IP.
Click the FAQ link at top of forums for the other answer Charlie refers to.

You really should read the available documentation and learn to do searches as both questions have been answered here many many times.

[daniel]

Yes I did find some of the information.  THanks.

After following the proxypass domain setup, I have SME passing wan traffic to the internal machine if its http.  If I try running the server-manager on the internal machine through the WAN I get the error the error "Your browser does not appear to support cookies or has cookies support disabled.  This site requires cookies - please turn cookie support on or try again using a different browser"  This happens in both IE and Firefox.  Does proxypass not transfer cookies?  I am able to get to the primary site on the internal machine via https.  I assume the SME server is passing port 443 correctly through to the internal machine. 

advice?

[cactus]

After following the proxypass domain setup, I have SME passing wan traffic to the internal machine if its http.  If I try running the server-manager on the internal machine through the WAN I get the error the error "Your browser does not appear to support cookies or has cookies support disabled.  This site requires cookies - please turn cookie support on or try again using a different browser"  This happens in both IE and Firefox.  Does proxypass not transfer cookies?  I am able to get to the primary site on the internal machine via https.  I assume the SME server is passing port 443 correctly through to the internal machine. 

I guess the cookie domain set in the cookie is not the same as the external domain the browser is seeing and hence the browser does not use the (proper) cookie. Perhaps you can adjust or modify the cookie domain?

[CharlieBrady]

I guess the cookie domain set in the cookie is not the same as the external domain the browser is seeing and hence the browser does not use the (proper) cookie. Perhaps you can adjust or modify the cookie domain?

The cookie domain is set by the login script of SME server server-manager. I don't think we should be asking end-users to modify that code.

I think cactus is right to think about the cookie domain as the likely issue. What external DNS name are you using, what is your proxypass target, and what is the domain configured on the target server? A mismatch somewhere along that path will cause the cookie to be ignored.

You should raise this issue in the bug tracker. There might be some simple change possible in the server-manager authentication system which will allow it to via a proxy pass.

Alternatively you might find some configuration on the server doing the proxying which will work. You want the FQDN at all three steps to match (external DNS, proxypass target and the domain configured on the target server). You might be able to do that via a custom entry in DNS or /etc/hosts on the server doing the proxying - it would need to resolve to the internal proxy target.

[daniel]

When doing
#db domains show server.charton-mgmt.biz 
I get the following:

server.charton-mgmt.biz=domain
Nameservers=internet
ProxyPassTarget=http://192.168.93.9/
TemplatePath=ProxyPassVirtualHosts

I followed this link in the wiki http://wiki.contribs.org/SME_Server:Documentation:FAQ#Proxy_Pass

My main server is www.charton-mgmt.com, so this passes charton-mgmt.biz through to the internal machine at 192.168.93.9.

[janet]

daniel

When I try to access https://server.charton-mgmt.biz/server-manager
I get
Bad Gateway
The proxy server received an invalid response from an upstream server.

I also get a certificate warning and I see your certificate is for
blackbox.charton-mgmt.com

Something is not right with your configuration.
Is the upstream server configured to accept that domain and does it have a web server running ?

https://charton-mgmt.biz
gives server cannot be found

I think your configuration is not correct.
Remove the proxy pass setting, remove the domain name for that domain and try again

[daniel]

Mary,

I only have the server up when I'm testing and developing, this is not a server that stays up.  Thats why you were unable to get to it.  I won't have it up till sometime later today when I go back to linux testing again.

[CharlieBrady]

When doing
#db domains show server.charton-mgmt.biz 
I get the following:

server.charton-mgmt.biz=domain
Nameservers=internet
ProxyPassTarget=http://192.168.93.9/
TemplatePath=ProxyPassVirtualHosts

Try:

ProxyPassTarget=http://server.charton-mgmt.biz/

and add '192.168.93.9 server.charton-mgmt.biz' to /etc/hosts on your gateway machine via a custom template.

[daniel]

Thanks for the suggestion, I tried setting ProxyPassTarget to http://server.charton-mgmt.biz and the hosts file,  and from outside I still get the cookies problem when going to https://server.charton-mgmt.biz/server-manager.