Determine which server in VM environment to forward request to based on host header(s) on one network adapter

Question

As the question title states: I'm trying to figure out how to discern which web server to pass network traffic to based on the host header of said request. I'm working with one network adapter on the host server, to which all of my guest OS's share. This setup is both out of necessity (limited hardware available to me) and my desire to learn the technology so that I can leverage my components as much as possible.

Is anyone aware of how I would accomplish this within the same ESXi environment?

This doesn't have anything to do with virtualization. You would pass/forward the request to the web server that hosts the relevant site. — joeqwerty, Apr 20 '16 at 02:10
@joeqwerty I respectfully disagree. It's all about virtualization, actually. The ESXi server (host) is the first line of defense when intercepting network traffic that is then passed on to the guest OS's. — Erutan409, Apr 20 '16 at 02:15
Umm... no it isn't. ESXi is not a firewall or a router. The physical NIC on the ESXi host is merely a conduit for traffic on the physical network to reach the virtual machines and vice versa. The ESXi host performs no routing, firewalling or NAT for the virtual machines. Traffic destined for a website running on a web server running in one of your virtual machines behaves the same as it would for a physical web server. — joeqwerty, Apr 20 '16 at 02:21
Please either re-read my question or use this as clarity: I'm going to host multiple public-facing websites from this standalone ESXi (host) server with 4+ guest OS's on it and ONE NIC. Not all of the public-facing websites are going to be hosted on the same guest OS. Therefore, I'm looking for a solution that will digest the host headers for the requests of any of the aforementioned websites/URLs and forward/pass those requests to the appropriate guest OS. The router this server is behind, will forward all port 80 traffic to this ESXi server. Is that more clear, now? — Erutan409, Apr 20 '16 at 02:24
I've read your question and your assumptions/presumptions are incorrect. It doesn't matter how many NIC's you have or don't have in the ESXi host. I could host an infinite number of servers and websites on an ESXi host with only a single host NIC. — joeqwerty, Apr 20 '16 at 02:26
nginx, haproxy, varnish... try them all and see what you like. — Michael Hampton, Apr 20 '16 at 02:31

Aaron Mason · Accepted Answer · 2018-03-05T03:51:35.380

3

Create a new VM within your ESXi environment that runs nginx and use the proxy module to direct your traffic:

server {
    listen       80;
    server_name  hostname1 hostname2 hostname3 ... hostnameN;
    if ($http_host = hostname1) {
        proxy_pass http://192.168.0.1;
    }
    if ($http_host = hostname2) {
        proxy_pass http://192.168.0.2;
    }
    if ($http_host = hostname3) {
        proxy_pass http://192.168.0.3;
    }
    #...
    if ($http_host = hostnameN) {
        proxy_pass http://192.168.0.N;
    }
}

Sauce: Module ngx_http_proxy_module

edited Mar 05 '18 at 03:51

answered Apr 20 '16 at 02:11

Aaron Mason

703
6
19

Is this solution lightweight enough that the server response times are still reasonable? – Erutan409 Apr 20 '16 at 02:19
You're still going to need something to forward your external :80 to your VMs internal :80. – 84104 Apr 20 '16 at 02:36

score 0 · Answer 2 · answered Apr 20 '16 at 02:43

0

The request for the website gets resolved to an IP address.

The traffic is then routed to your network.

Your firewall/router translates the public IP address to a private IP address (based on your ip address translation configuration).

Your firewall/router then performs an ARP for the MAC address of the IP address in question.

The relevant virtual machine answers the ARP request.

Your firewall/router sends the traffic to the MAC address.

Your switch forwards the traffic to the appropriate switch port (based on it's MAC address table).

The traffic traverses the ESXi host pNIC (unadulterated).

The relevant virtual machine consumes the traffic and directs it to the appropriate website (in the case where you're hosting multiple websites on a single web server using host headers or the Linux equivalent) or to the appropriate web server (in the case where you're using a proxy server and multiple web servers).

answered Apr 20 '16 at 02:43

joeqwerty

108,377
6
80
171

I think I know where the disconnect is, now: "Your firewall/router translates the public IP address to a private IP address (based on your ip address translation configuration)." Yes, my router is forwarding all port 80 traffic to a specific IP on my LAN. Other steps make sense. "Your firewall/router then performs an ARP for the MAC address of the IP address in question." There is no firewall in place nor is my router capable of discerning where to send traffic to that degree. Hence, my initial question. – Erutan409 Apr 20 '16 at 02:48
Yes, only a single public IP is available for all web traffic. I think Aaron Mason is on the right track with what I was looking for. – Erutan409 Apr 20 '16 at 02:53
Oops. I deleted that comment. Is this single public IP address assigned to the ESXi host NIC? – joeqwerty Apr 20 '16 at 02:54
ISP/Public IP -> Router:80 -> Forward to node on network (ESXi host) -> 1+ guest OS's that can satisfy web requests – Erutan409 Apr 20 '16 at 02:55
Also, please note that this setup isn't for business critical applications. This is for my personal websites and to learn the VMWare technology. Otherwise, the environment would look very different. – Erutan409 Apr 20 '16 at 02:58

Determine which server in VM environment to forward request to based on host header(s) on one network adapter

2 Answers2