Al Sparks
2008-Jan-26 20:00 UTC
[CentOS] Two Instances of Apache; Primary IP / Secondary IP
Tried the apache group, and no response. Thought I'd try here. I have set up a development environment so that it mimics a production environment. The production environment has a proxy server (apache 2.x) that sends requests onto another back-end apache server, and of course the proxy server serves up pages sent by the back-end. All that works fine. However, in my development environment, I thought that I'd set up a separate instance of apache on the same server, and add a secondary IP address on the same interface. The proxy apache instance listens on the secondary IP, and the back-end instance listens on the primary IP. When I send a client request to the proxy, I get a blank page. When I check the logs, the back-end shows requests coming from the primary IP, and not the secondary IP. My conclusion is that the proxy is sending its outbound traffic on the primary IP address, not the secondary IP address it's listening on. That in turn means that back-end is sending its pages back on the primary IP instead of the secondary, and that means the proxy instance isn't receiving answers to its request. I know that BIND can be configured to send requests on secondary IP addresses. Can Apache? Is there something I can do with routing tables that can help? === Al
Al Sparks wrote:> Tried the apache group, and no response. Thought I'd try here. > > I have set up a development environment so that it mimics a production > environment. > > The production environment has a proxy server (apache 2.x) that sends > requests onto another back-end apache server, and of course the proxy > server serves up pages sent by the back-end. > > All that works fine. > > However, in my development environment, I thought that I'd set up a > separate instance of apache on the same server, and add a secondary IP > address on the same interface. > > The proxy apache instance listens on the secondary IP, and the > back-end instance listens on the primary IP. > > When I send a client request to the proxy, I get a blank page. When I > check the logs, the back-end shows requests coming from the primary > IP, and not the secondary IP. > > My conclusion is that the proxy is sending its outbound traffic on the > primary IP address, not the secondary IP address it's listening on. > That in turn means that back-end is sending its pages back on the > primary IP instead of the secondary, and that means the proxy instance > isn't receiving answers to its request. > > I know that BIND can be configured to send requests on secondary IP > addresses. Can Apache? >do you mean making apache use a specific IP when it proxies the request? (you really lost me, so I may be misunderstanding). why do need that at all? whatever IP is used should not matter since the backend will reply over the socket that was opened by the proxy (be it a production proxy or the test proxy). otherwise, the IP is selected by the kernel depending on the destination. so if you use something like ProxyPass / http://10.1.2.3:8080/ in one proxy and ProxyPass / http://10.4.5.6:8080/ each will use the "selected" IP.> Is there something I can do with routing tables that can help? >That would require "advanced" routing. standard routing is based on destination and the source IP is selected by the kernel after the route has been computed (this allows setting the right IP should you have multiple network interfaces...). but you should not need this.
Al Sparks
2008-Jan-29 00:38 UTC
[CentOS] Two Instances of Apache; Primary IP / Secondary IP
> do you mean making apache use a specific IP when it proxies the request? > (you really lost me, so I may be misunderstanding). why do need that at > all? whatever IP is used should not matter since the backend will reply > over the socket that was opened by the proxy (be it a production proxy > or the test proxy). >Both IP addresses are actually assigned to the same physical interface (eth1 and eth1:1). The proxy instance is accepting connections from clients using the eth1:1 secondary interface, but the same PHYSICAL interface as eth1. When it turns around and connects to the back-end service, it seems to be using eth1 even though it's listening on eth1:1. Since it's not listening to eth1, the packets are going to the bit-bucket. At least that's my theory.> otherwise, the IP is selected by the kernel depending on the > destination. so if you use something like > ProxyPass / http://10.1.2.3:8080/ > in one proxy and > ProxyPass / http://10.4.5.6:8080/ > > each will use the "selected" IP. > >> Is there something I can do with routing tables that can help? >> > That would require "advanced" routing. standard routing is based on > destination and the source IP is selected by the kernel after the route > has been computed (this allows setting the right IP should you have > multiple network interfaces...). > > but you should not need this.In the end, I may just have to either use a separate server or a second physical interface, probably in another VLAN, to make this work. And my idea seemed like such a good one. === Al