Re: Multiple web site redirection
Hi, craig:
On Wednesday 08 December 2010 21:03:59 Craig Reynolds wrote:
> Hi all,
>
> I apologise if this is not the right place to ask this;
>
> I have two web servers, both serving a multitude of different sites and
> domains, both HTTP and HTTPS. Lets call them 1.1.1.1 and 1.1.1.2.
>
> We're leaving the hosting provider where they live, and they being
> migrated to two identical servers at another, lets say 2.1.1.1 and 2.1.1.2.
>
> Each server has around 8 additional IPs where the SSL sites are bound.
>
> As we don't control the DNS for the majority of these, it seems unlikely
> that I can get dozens of clients to change TTL and A records at the same
> time. I don't want them both to be live in parallel, and I don't want
> to migrate site by site and take the next millennium to complete the
> migration.
[...]
> What are thoughts about the best way to accomplish this?
Just use Apache's reverse proxy for a while and let your customers know that
they'll need to change their DNS to the new address by [whatever date you
deem OK]. Don't delay this for too long: it will mean doubling your network
bandwith (since HTTP packets will travel from 1.1.1.1 to 1.1.1.2 and back)
and you'll increment latency proportionally to that.
Having a look at your logs will tell when all DNS are reconfigured and
propagated.
An example for a domain:
<VirtualHost 1.1.1.1:80>
ServerName www.example.com
ServerAlias example.com
ProxyRequests Off
ProxyPass / http://2.1.1.1/
ProxyPassReverse / http://2.1.1.1/
ProxyPreserveHost On
<Location />
Order Deny,Allow
Allow from all
Satisfy Any
</Location>
</VirtualHost>
The SSL sites throw no problem except if they are using client-side
certificates for validation. The "usual" case (no client certs) would go
more or less like this:
VirtualHost 1.1.1.1:443>
ServerName www.example.com
ServerAlias example.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/example.com_cert.pem
SSLCertificateKeyFile /etc/ssl/private/example.com_key.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ProxyRequests Off
ProxyPass / https://2.1.1.1/
ProxyPassReverse / https://2.1.1.1/
ProxyPreserveHost On
<Location />
Order Deny,Allow
Allow from all
Satisfy Any
</Location>
</VirtualHost>
Cheers.
Reply to: