I want to use a linux reverse proxy (CentOS) to serve multiple OWA sites, for multiple Exchange servers, on different domains, so I can use only one public IP address. Can I do it with apache? Or should I use Squid?
Thanks!
Cheers,
Helder
Asked
Active
Viewed 1,293 times
0
-
this should make connecting to those OWA sites interesting – Jim B May 18 '10 at 21:24
2 Answers
1
You could use mod_proxy or SQUID easily. Really, options are endless. I use SQUID for this purpose but that's because it fits better within my current infrastructure.
Warner
- 23,440
- 2
- 57
- 69
-
Thanks! :) I'll give SQUID a try :) I've never used it before, but I've been reading a bit, and I have a testing environment, so hopefully it should be ok :) I presume you are "proxying" https, so you should have the certificates on the SQUID machine, right? – Helder May 18 '10 at 16:35
-
Correct. I typically prefer the communication internally to be encrypted as well, so I use https on the backend also. – Warner May 18 '10 at 19:05
-
Ok, after some struggle, and due to a "consensual" decision, we will use Apache for this :) I was able to configure it to reverse http (80) to a couple of different physical webservers, and now I feel confident to move on to SSL. Now, I plan to use a configuration similar to yours: https from the several Exchange boxes to the reverse proxy, and from there, obvious, to the outside. My first question is this: do I need to "reissue" any of the certificates (because of the server names)? – Helder May 20 '10 at 15:09
-
CN mismatch is an area of potential issue. Check out: http://serverfault.com/questions/126072/ssl-certificate-selection-based-on-host-header-is-it-possible/126075#126075 – Warner May 20 '10 at 15:37
-
thanks, I'll look into it :) Another issue, will I be able to reverse-proxy multiple virtual hosts with SSL, using only one IP address? I've read somewhere that I might need dedicated IPs for this :S Thanks again for your help :) – Helder May 20 '10 at 15:51
-
In SQUID, I dedicate IPs due to the type of certificates I have. I suspect it's technically possible to use a single IP depending on the type of certificate but that's something that will require additional research. A lot of this technology is still relatively new in regards to the different certificate types. – Warner May 20 '10 at 16:00
0
Mod_proxy absolutely works...Most of the proxy tags can be easily nested inside a VirtualHost directive, which makes it very easy to separate out your different domains.
If you've got a bunch of them though, I'd definitely recommend using Squid. Mod_proxy is nice, but its a proxy service bolted onto a webserver, and, as such, not as capable as a dedicated proxy like Squid.
Satanicpuppy
- 5,917
- 1
- 16
- 18