1748143 Members
3663 Online
108758 Solutions
New Discussion юеВ

Re: named + https

 
Piotr Kirklewski
Super Advisor

named + https

Hi there
I recently decided to separate my web-server from Zimbra.
Zimbra is installed @ 10.10.0.2 and responds only on port 443. https://mydomain.com.
WWW is now on 10.10.0.9 and responds only on port 80. The problem now is that the zone points www to 10.10.0.9 so ping mydomain.com internally responds with 10.10.0.9.
This creates an inconvenient situation as I can't do https://mydomain.com internally because the DNS points to 10.10.0.9 which responds only to requests on port 80.
Can I make DNS be aware of different ports or protocols ?

mail A 10.10.0.2
www A 10.10.0.9
mydomain.com A 10.10.0.9
www.mydomain.com A 10.10.0.9


Jesus is the King
6 REPLIES 6
Steven Schweda
Honored Contributor

Re: named + https

> Can I make DNS be aware of different ports
> or protocols ?

I don't see how it could. It's the Domain
Name Service, not the Domain Name and/or Port
Number Service.

This sort of thing is normally (best) handled
by an IP router using NAT. (With addresses
like 10.10.0.x, I'd conclude that you have a
router already. Why not use it?)

Alternatively, you might be able to rig a
proxy server on 10.10.0.9 which would forward
requests on port 443 to the other server at
10.10.0.2. Not so efficient as letting the
router do the work, though.
Ivan Ferreira
Honored Contributor

Re: named + https

A reverse proxy could help you in this situation.

http://www.askapache.com/htaccess/reverse-proxy-apache.html
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Ivan Ferreira
Honored Contributor

Re: named + https

I think that you could even try setting this on the www.mydomain.com host:

RedirectMatch permanent /(.*) https://mail.mydomain.com/
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Ivan Ferreira
Honored Contributor

Re: named + https

Sorry, last rule does not apply, it should be a rewrite rule checking SSL status or the web server never will answer non SSL page requests.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Piotr Kirklewski
Super Advisor

Re: named + https

" I'd conclude that you have a
router already. Why not use it?"

The router does the job perfectly well while I connect from outside of the network.
The 443 is nated to 10.10.0.2 and 80 to 10.10.0.9.

But I'm trying to connect from inside and the router is not in the path.

Proxy or rewrite sounds all right to me.

Thanks
Jesus is the King
Steven Schweda
Honored Contributor

Re: named + https

> But I'm trying to connect from inside and
> the router is not in the path.

It is if you talk to the router. It isn't if
you don't talk to the router. _I_ didn't
configure your name resolution this way.
Around here, "mydomain.com" always returns
the address of my router. If I want to talk
directly to a local system, then I don't use
that outside-world name.

> Proxy or rewrite sounds all right to me.

If you insist on avoiding the router, then
I'd probably agree.