https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774690#M44119 Hi there<BR />I recently decided to separate my web-server from Zimbra.<BR />Zimbra is installed @ 10.10.0.2 and responds only on port 443. <A href="https://mydomain.com." target="_blank">https://mydomain.com.</A><BR />WWW is now on 10.10.0.9 and responds only on port 80. The problem now is that the zone points www to 10.10.0.9 so ping mydomain.com internally responds with 10.10.0.9. <BR />This creates an inconvenient situation as I can't do <A href="https://mydomain.com" target="_blank">https://mydomain.com</A> internally because the DNS points to 10.10.0.9 which responds only to requests on port 80. <BR />Can I make DNS be aware of different ports or protocols ?<BR /><BR />mail A 10.10.0.2<BR />www A 10.10.0.9<BR />mydomain.com A 10.10.0.9<BR /><A href="http://www.mydomain.com" target="_blank">www.mydomain.com</A> A 10.10.0.9<BR /><BR /><BR /> Thu, 07 Apr 2011 02:05:19 GMT Piotr Kirklewski 2011-04-07T02:05:19Z https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774690#M44119 Hi there<BR />I recently decided to separate my web-server from Zimbra.<BR />Zimbra is installed @ 10.10.0.2 and responds only on port 443. <A href="https://mydomain.com." target="_blank">https://mydomain.com.</A><BR />WWW is now on 10.10.0.9 and responds only on port 80. The problem now is that the zone points www to 10.10.0.9 so ping mydomain.com internally responds with 10.10.0.9. <BR />This creates an inconvenient situation as I can't do <A href="https://mydomain.com" target="_blank">https://mydomain.com</A> internally because the DNS points to 10.10.0.9 which responds only to requests on port 80. <BR />Can I make DNS be aware of different ports or protocols ?<BR /><BR />mail A 10.10.0.2<BR />www A 10.10.0.9<BR />mydomain.com A 10.10.0.9<BR /><A href="http://www.mydomain.com" target="_blank">www.mydomain.com</A> A 10.10.0.9<BR /><BR /><BR /> Thu, 07 Apr 2011 02:05:19 GMT https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774690#M44119 Piotr Kirklewski 2011-04-07T02:05:19Z https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774691#M44120 <!--!*#-->&gt; Can I make DNS be aware of different ports<BR />&gt; or protocols ?<BR /><BR />I don't see how it could. It's the Domain<BR />Name Service, not the Domain Name and/or Port<BR />Number Service.<BR /><BR />This sort of thing is normally (best) handled<BR />by an IP router using NAT. (With addresses<BR />like 10.10.0.x, I'd conclude that you have a<BR />router already. Why not use it?)<BR /><BR />Alternatively, you might be able to rig a<BR />proxy server on 10.10.0.9 which would forward<BR />requests on port 443 to the other server at<BR />10.10.0.2. Not so efficient as letting the<BR />router do the work, though. Thu, 07 Apr 2011 02:48:03 GMT https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774691#M44120 Steven Schweda 2011-04-07T02:48:03Z https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774692#M44121 A reverse proxy could help you in this situation.<BR /><BR /><A href="http://www.askapache.com/htaccess/reverse-proxy-apache.html" target="_blank">http://www.askapache.com/htaccess/reverse-proxy-apache.html</A> Thu, 07 Apr 2011 12:06:41 GMT https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774692#M44121 Ivan Ferreira 2011-04-07T12:06:41Z https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774693#M44122 I think that you could even try setting this on the <A href="http://www.mydomain.com" target="_blank">www.mydomain.com</A> host:<BR /><BR />RedirectMatch permanent /(.*) <A href="https://mail.mydomain.com/" target="_blank">https://mail.mydomain.com/</A><BR /> Thu, 07 Apr 2011 12:20:52 GMT https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774693#M44122 Ivan Ferreira 2011-04-07T12:20:52Z https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774694#M44123 Sorry, last rule does not apply, it should be a rewrite rule checking SSL status or the web server never will answer non SSL page requests. Thu, 07 Apr 2011 12:22:02 GMT https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774694#M44123 Ivan Ferreira 2011-04-07T12:22:02Z https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774695#M44124 " I'd conclude that you have a<BR />router already. Why not use it?"<BR /><BR />The router does the job perfectly well while I connect from outside of the network. <BR />The 443 is nated to 10.10.0.2 and 80 to 10.10.0.9. <BR /><BR />But I'm trying to connect from inside and the router is not in the path.<BR /><BR />Proxy or rewrite sounds all right to me.<BR /><BR />Thanks Thu, 07 Apr 2011 14:39:32 GMT https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774695#M44124 Piotr Kirklewski 2011-04-07T14:39:32Z https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774696#M44125 <!--!*#-->&gt; But I'm trying to connect from inside and<BR />&gt; the router is not in the path.<BR /><BR />It is if you talk to the router. It isn't if<BR />you don't talk to the router. _I_ didn't<BR />configure your name resolution this way.<BR />Around here, "mydomain.com" always returns<BR />the address of my router. If I want to talk<BR />directly to a local system, then I don't use<BR />that outside-world name.<BR /><BR />&gt; Proxy or rewrite sounds all right to me.<BR /><BR />If you insist on avoiding the router, then<BR />I'd probably agree. Thu, 07 Apr 2011 17:36:45 GMT https://community.hpe.com/t5/operating-system-linux/named-https/m-p/4774696#M44125 Steven Schweda 2011-04-07T17:36:45Z