Re: Multiple web site redirection

To: debian-isp@lists.debian.org
Subject: Re: Multiple web site redirection
From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
Date: Wed, 8 Dec 2010 22:15:12 +0100
Message-id: <201012082215.12434.jesus.navarro@undominio.net>
In-reply-to: <4CFFE4AF.3010004@smartnet.net.nz>
References: <4CFFE4AF.3010004@smartnet.net.nz>

Hi, craig:

On Wednesday 08 December 2010 21:03:59 Craig Reynolds wrote:
> Hi all,
>
> I apologise if this is not the right place to ask this;
>
> I have two web servers, both serving a multitude of different sites and
> domains, both HTTP and HTTPS.  Lets call them 1.1.1.1 and 1.1.1.2.
>
> We're leaving the hosting provider where they live, and they being
> migrated to two identical servers at another, lets say 2.1.1.1 and 2.1.1.2.
>
> Each server has around 8 additional IPs where the SSL sites are bound.
>
> As we don't control the DNS for the majority of these, it seems unlikely
> that I can get dozens of clients to change TTL and A records at the same
> time.  I don't want them both to be live in parallel, and I don't want
> to migrate site by site and take the next millennium to complete the
> migration.
[...]
> What are thoughts about the best way to accomplish this?

Just use Apache's reverse proxy for a while and let your customers know that 
they'll need to change their DNS to the new address by [whatever date you 
deem OK].  Don't delay this for too long: it will mean doubling your network 
bandwith (since HTTP packets will travel from 1.1.1.1 to 1.1.1.2 and back) 
and you'll increment latency proportionally to that.

Having a look at your logs will tell when all DNS are reconfigured and 
propagated.

An example for a domain:

<VirtualHost 1.1.1.1:80>
        ServerName www.example.com
        ServerAlias example.com

        ProxyRequests Off
        ProxyPass / http://2.1.1.1/
        ProxyPassReverse / http://2.1.1.1/
        ProxyPreserveHost On

        <Location />
                Order Deny,Allow
                Allow from all
                Satisfy Any
        </Location>
</VirtualHost>

The SSL sites throw no problem except if they are using client-side 
certificates for validation.  The "usual" case (no client certs) would go 
more or less like this:

VirtualHost 1.1.1.1:443>
        ServerName www.example.com
        ServerAlias example.com

        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/ssl/certs/example.com_cert.pem
        SSLCertificateKeyFile /etc/ssl/private/example.com_key.pem
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

        ProxyRequests Off
        ProxyPass / https://2.1.1.1/
        ProxyPassReverse / https://2.1.1.1/
        ProxyPreserveHost On

         <Location />
                 Order Deny,Allow
                 Allow from all
                 Satisfy Any
         </Location>
</VirtualHost>

Cheers.

Reply to:

References:
- Multiple web site redirection
  - From: Craig Reynolds <craig.reynolds@smartnet.net.nz>

Prev by Date: Multiple web site redirection
Next by Date: Re: Multiple web site redirection
Previous by thread: Multiple web site redirection
Next by thread: Re: Multiple web site redirection
Index(es):
- Date
- Thread