All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
reverse proxy ipv4 to ipv6 containers
Hi guys and girls,
I've got a quick question. I've been googeling for over an hour, but i cannot seem to find a simple how-to. If somebody could point me in the right direction, i would be very gratefull.
My problem: I've leased a low-end dedicated server. It comes with 1 ipV4 and loads of ipV6 addresses. I want to install openVZ on this box and create 4 VPS containers, each with his own ipV6 address. These VPS's will each run a LAMP-stack with 5-10 websites. I want to keep them seperated because they each belong to a different business, and i want them to run isolated from eachother.
On the main server (the server with the ipV4-adress), i want to install a proxy. The A-records for all domains will point to the ipV4 of the main server. This server has to listen to port 80 and, depending on the package it receives, decide with ipV6 should serve the request.
I'm well aware that i'll have to maintain the configuration on the main server, and that i'll have to add a line for each domain, subdomain and port used. I can live with that, since we're only talking about 40 domains, no subdomains, and only ports 80 and 443.
I'll add AAAA-records to the zonefile with the ipV6-addres pointing directly to the VPS, so ipv6-surfers will reach my servers without the proxy.
I've found articles saying that HAproxy, squid and cloudflare would suit my needs, but i haven't found any "easy" tutorial on how to do this...
PS: i know this problem would also be "fixable" with NAT (and the setup of this fix would be a lot easyer and well-documented all around the web), but this method would require my surfers to surf to a non-standard port on the NAT-server instead of port 80. That's why i'd rather not use this approach
Comments
I do this with Docker (isolation) and nginx as reverse proxy. Expose the ports you need via Docker, map then to the nginx config for each site -> done.
Socat is your best friend
The main idea with a reverse proxy like nginx (suggested), haproxy and other is to check the HTTP header sent from the client, read the requested domain, ask the data to the correct "backend" IP which you will configure in it's configuration and return the content to the client.
With cloudflare you don't have to run the reverse proxy as cloudflare will take care of it and it will also manage your DNS. If you enable cloudflare (the cloud icon in the dns manager) on a AAAA (IPv6) record, cloudflare will proxy the content to IPv4 only clients too.
Thanks for the feedback guys. I'm going to try these methods out tomorrow.
As @MuZo ahas mentioned its probably quickest solutions to simple signed up for the domains with cloudflare and put in your initial container IPv6 address. However, if you still want to do your initial plan, its very doable and will work.
I would suggest nginx installed on the server with simple virtual hosts for each domain. each virtual host will have its own upstream_backend address (the container IPv6 address or the NAT'd address for the VZ container) in theory there should absolutely no issues here with that set up.
With nginx and proxy_pass on an IPv6 address do note you have to set the address as variable first like so:
While with IPv4 NAT'd you can just do:
Good luck
@Zappie Nice address you used there
Only the best