Install Config Wiki

All about installing, configuring and troubleshooting

User Tools

Site Tools

Trace: configure_apache_virtual_host_ubuntu_server_act_proxy_origin_iis_same_local_network
configure_apache_virtual_host_ubuntu_server_act_proxy_origin_iis_same_local_network

Configure Apache virtual host on Ubuntu Server 22.04 to act as a proxy/gateway for a separate origin Windows IIS Server within the same local network

Let's say you have two servers within a local area network, each of which is behind (on the “backend” or LAN-side) of the same network router that has only one public static IP address configured on the WAN side (frontend) of that router. Furthermore, let's say the operating system on one of those servers is Ubuntu Server 22.04 LTS running Apache2 webserver and hosting various websites and apps, and that the operating system on the other server is Microsoft Windows Server 2012 or 2019 running IIS 10 web server installed, and hosting various websites. Both web servers are listening on TCP ports 80 and 443; however, the network router can only be configured to port forward TCP ports 80 and 443 to one server on the LAN. Each of these two servers is obviously bind to separate local network IP addresses (not routable on the internet), and the local network is, for our example, configured for 192.168.1.0/24.

Our Goal? We want to be able to host and publicly serve websites from each of the two webservers from the single static public IP address configured on the WAN side of the router.

The problem is that the router can only port forward the standard Web TCP ports 80 (http) and 443 (https) to a single local IP address that is bind to one of the two webservers on the backend.

One Answer: Port forward TCP 80 and 443 to the Ubuntu/Apache webserver on, let's say, IP address 192.168.1.106. Configure Virtual Hosts on (and served from) the Apache webserver that will Proxy the IIS websites out through ports 80 and/or 443 through the router. The Router is configured to port forward all WAN side requests to port 80 and port 443 over to the Local IP address of the Ubunty/Apache Server, such as 192.168.1.106. Let's say the Windows IIS webserver is bind to local IP address 192.168.1.64. Then, one or more of the Apache Virtual Host Files (on IP 192.168.1.106) will be configured to Proxy websites from Windows IIS server (on 192.168.2.64).

First, on the Windows IIS server, you will need to edit the bindings of the website to be proxied through the Apache server and out through the router to the internet. Open a remote desktop connection to (or log into) the Windows Server, and then access the IIS Administrative snap-in. Use your mouse to select the particular website for which we want to be proxied (through apache), and click on the “Bindings” link in the menu at the right side of the IIS interface. On the bindings property page you should see one or more existing host entries for your IIS-hosted website (which are probably already bind to TCP port *.80 on all local LAN IP addresses designated as “ALL-UNASSIGNED” meaning all local lan IP addresses on the windows server, including the localhost at 127.0.0.1 and the server's local IP 192.168.1.64 in this example). 

yourhostname.yourdomain.com   IP: all-unassigned   port 80

In addition to any existing .com .net or .org internet facing top level domain records in the IIS Server, click 'ADD' to insert a new binding for the local network IIS bindings having “.lan” or “.local” extension, such as the second entry shown below: 

yourhostname.yourdomain.com   IP: all-unassigned   port 80

yourhostname.yourdomain.lan   IP: all-unassigned   port 80

Save the changes.

Here is an example of a configuration of the Apache Virtual Host File on the Ubuntu Server that contains the proxy entries. On Ubuntu terminal, change directory to /etc/apache2/sites-available/. 

cd /etc/apache2/sites-available

Copy the default virtual host file, such as “000.default.conf” to a new virtual host file that is named, for example, “yourhost-yourdomain.conf” and then use vim or nano to edit and save the file with the following configurations. Note, for the new *.conf filename and inside the virtual host file, change yourhost and yourdomain to those of your own. Note that you will need a separate apache2 virtual host configuration file for each additional yourhost.yourdomain.lan website binding that you will proxy from IIS through Apache. 

sudo cp 000-default.conf yourhost-yourdomain.conf

or

sudo cp 000-ddfault.conf web1-yourdomain1.conf

Use vim or nano to edit the new virtual host file to include the following: 

<VirtualHost *:80>

        ServerName yourhostname.yourdomain.com
        # REM-OUT ServerAlias yourhostname.yourdomain.lan

        ServerAdmin hostmaster@yourdomain.com
        # REM-OUT DocumentRoot /var/www/html
        # REM-COMMENT insert the next 10 lines for the proxy/gateway configuration and rewrites:
        ProxyPreserveHost On
        ProxyPass "/" "http://yourhostname.yourdomain.lan/"
        ProxyPassReverse "/" "http://yourhostname.yourdomain.lan/"

        <IfModule mod_headers.c>
        RewriteEngine On
        SetEnvIf Host "^(.*)$" THE_HOST=$1
        RequestHeader set X-Forwarded-Proto "https"
        ProxyAddHeaders Off
        </IfModule>


        #REM Modify the name of the error and access log to make specific
        ErrorLog ${APACHE_LOG_DIR}/yourhostname-domain-error.log
        CustomLog ${APACHE_LOG_DIR}/yourhostname-domain-access.log combined


</VirtualHost>

Save the virtual host file, and then enable it by creating a symlink from the /sites-available/ directory to the /sites-enabled/ directory. And, then reload the apache2 web service. 

sudo a2ensite yourhost-yourdomain.conf

sudo servicectl reload apache2

Now, we must add DNS-type address records so that the Ubuntu / Apache web server can locate the local network IP address of the Windows IIS server that you specified as “yourhostname.yourdomain.lan” in the Ubuntu / Apache virtual host file. In other words, in order for the apache proxy to locate the IIS-hosted website “yourhostname.yourdomain.lan” within the local network, entries must be made to the Ubuntu 'hosts' file and/or the locally accessible DNS service on the Ubuntu or Windows servers. It is recommended here to merely place the LAN address records in the Ubuntu “hosts” file that will resolve the Local Network IP location of the Windows IIS-hosted origin website(s).

The Ubuntu server's 'hosts' file is located in the /etc/ directory. SSH into the Ubuntu server and navigate to the /etc/ directory where you can edit the 'hosts' file using vim or nano (or your favorite text editor) and then insert one or more address entries (“A” records) that point to the local area network IP address of the IIS webserver (in our example, that is IP 192.168.1.64) where the origin website(s) is/are hosted, as follows: 

cd /etc/

sudo vim hosts

127.0.0.1   localhost
127.0.1.1   yourserver1

192.168.1.64 yourhostname.yourdomain.lan
192.168.1.64 yourhostname2.yourdomain.lan

After these changes are made to the 'hosts' file, when the Apache webserver virtual host file is looking for the address where yourhostname.yourdomain.lan is located, the 'hosts' file entries will resolve the local address location of the IIS server and its respective configured website(s) at IP address 192.168.1.64. Note that these IP Version 4 LAN IP address blocks, like 192.168.xxx.xxx, are not routable on the public internet. They are reserved for use on local area intranets.

Here are some crude (imperfect) DNS zones and DNS records that you may add to your DNS service. I MUST TELL YOU THAT the entries to the 'hosts' file records worked for me, but the DNS LAN zone and LAN address records ALONE DID NOT WORK FOR ME. Apache Virtual Host could not resolve and proxy the IIS website even though I entered LAN zones and address records in the Windows DNS service and I configured the “net plan” configuration for Ubuntu to set its static LAN IP and added the Windows DNS server as one of the Ubuntu Servers' DNS resolvers.

You may also create forward lan and reverse lan DNS zones in, for example, the Windows server's DNS service, or in the DNS BIND service that can install on the Ubuntu server, provided that the location of these DNS (nameservers) are also configured in the NetPlan local static IP address of the Ubuntu server. One or more DNS “A” record address entries in our new 'domain.lan' forward zone might, for example, be as follows: 

hostname.domain.lan.    1  IN   A   192.168.1.64 
hostname2.domain.lan.   1  IN   A   192.168.1.64

And remember to add a corresponding pointer (PTR) record in the reverse zone, for reverse lookup: 

64.1.168.192.in-addr.arpa   hostname.domain.lan

Please go figure out the proper format or wording of each such zone and address record.

configure_apache_virtual_host_ubuntu_server_act_proxy_origin_iis_same_local_network.txt · Last modified: 2023/07/17 05:05 by wikiadmin