Webserver behind a router – firewall – apache – linux

Webserver behind a router – firewall – apache – linux

Web Server Set Up – Dynamic or Static IP

Apache Web Server configuration for Redhat 7.3, 8.0 and 9.0 with Dynamic ip to router.

This section is designed to detail the steps you may need to go through to setup a server on an ISP that only gives out a dynamic IP address. You will need to edit network configuration on your server by set it to statically and taking the ip number you’ve been assigned by your router (eg) – (192.168.0.2), subnet mask 255.255.255.0 and gateway 192.168.0.1, and use your isp nameservers ip’s. The general approach is to use a dynamic ip address yet access your server via a domain name. This allows you and others to always reach your website from the outside even if the ip address changes regularly. Basically what needs to be done is to configure the apache configuration file httpd.conf for your dynamic IP.

You could access you site via your current ip address but since you have a dynamic ip, it may change every few days, weeks or months and you would have to tell everybody every time it changes. To avoid this mess, you can get your own domain name from a domain name registrar. Then sign up with a FREE dns service such as www.zoneedit.com and you can point your domain to your ip. That way if the ip changes, you can change it in a couple minutes and none of your users will have to change anything because they will be using your domain name. Now, when you type http://yourDomain.tld into a browser Zoneedit.com does the DNS lookup and redirects to your current cable/DSL IP address on your chosen non-80 http port.

  1. The hardware configuration – The following example is based upon the popular Linksys cable/DSL router.
    1. Using the Linksys web interface, go to Advanced | Forwarding | UPnP Forwarding
    2. In the "Application Name" column, make up a label/name (I chose: zoneeditDNS).
    3. In the Ext.Port column, enter your chosen non-80 http port (e.g.most choose port 8080).
    4. Verify that the TCP (not UDP) radio button is clicked.
    5. Enter 80 in the Int.Port column (i.e. Now that you’re inside your own firewall, you can redirect the port back to 80, on which your web server is probably listening).
    6. In the IP Address column, put the 192.168.0.2 number for your web server PC.
    7. Click enable … and you’re done!

    Now, when type http://yourDomain.tld into a browser Zoneedit.com does the DNS lookup and redirects to your current cable/DSL IP address on your chosen non-80 http port. Your Linksys router Forwards your chosen non-80 http port to your specified web server PC IP address, back on port 80, once inside the router firewall.  Your (e.g. Apache httpd) web server is listening on port 80 or 8080, as it normally expects to receive web request!

  2. IP addressing – The Linksys assumes a default of 192.168.0.1 for its LAN (internal) address keep it at that default. The WAN (external) address is, of course, assigned by your ISP.
    Assume that the server you want to make available sits at 192.168.0.2. Configure your machine to have a static address – it will always be 192.168.0.2. Remember, it’s the external name we’re really concerned about.(the current ip from your isp)
  3. The domain – I registered my domain through http://www.godaddy.com/. You can get it from anybody you want, but this is who I happened to use.
  4. DNS Hosting – The next step is to register your domain with an external dynamic DNS provider. I chose http://www.zoneedit.com/. Again, there are other providers for this service, but zoneedit.com doesn’t charge anything for what we’re trying to do here.
    Once you register your domain, zoneedit.com will give you 2 IP addresses for your authoritative nameservers. Write down these 2 addresses, go back to your domain name registrar, and update your dns/nameserver information. Once this propogates through the systems, you’ll be able to make all the DNS changes you need at zoneedit.com.(usually takes 24-48 hours)
  5. The dynamic updates – At zoneedit.com, you’ll find a tool called zoneclient. What zoneclient does is connect to the Linksys router and extract the current WAN address. With the WAN address, it then updates your entry at zoneedit.com if it has changed since the last time it was updated. You could run zoneclient every few minutes via cron job if you wanted. If the WAN address has not changed, it doesn’t do anything.
  6. Now it’s time to configure Apache to use virtual hosting. The key thing to remember here is that your server now has a static address, so you’ll use name-based virtual hosts. Here’s an example.
    REDHAT 8.0 and 9.0 httpd.conf

    Listen 80

    NameVirtualHost *

    NameVirtualHost 192.168.0.2:*
    <VirtualHost 192.168.0.2:*>
    DocumentRoot /home/yourname/www
    ServerName www.bogus25.com
    ServerAlias bogus25.com
    </VirtualHost>
    <VirtualHost 192.168.0.2:*>
    DocumentRoot /home/yourotherdomain/www
    ServerName www.yourotherdomain.com
    ServerAlias yourotherdomain.com
    </VirtualHost>

    REDHAT 7.3 httpd.conf

    BindAddress *

    Listen *:80

    Port 80
    NameVirtualHost *

    NameVirtualHost 192.168.0.2:*
    <VirtualHost 192.168.0.2:*>
    DocumentRoot /home/yourname/www
    ServerName www.bogus25.com
    ServerAlias bogus25.com
    </VirtualHost>
    <VirtualHost 192.168.0.2:*>
    DocumentRoot /home/yourotherdomain/www
    ServerName www.yourotherdomain.com
    ServerAlias yourotherdomain.com
    </VirtualHost>

 

Note: Creating virtual host configurations on your Apache server does not automatically cause DNS entries to be created for those host names. You must have a domain name and you must have the names in DNS, resolving to your IP address, or nobody else will be able to see your web site. This is where a dns service like zoneedit.com or another provider is required.

Apache Web Server configuration for Redhat 7.3, 8.0 and 9.0 with Static ip to router.

If you are behind a firewall/router, and you are the administrator on a machine behind the firewall as well,  then you may find problems when trying to access www.mysite1.com of www.mysite2.com. This is that due to NAT (Network Address translation), firewalls frequently won’t allow access from their protected network to IP addresses that they masquerade on the outside.

For example, in this case, your test web server ns1.bogus25.com has an internal IP address of 192.168.1.100, but the firewall/router presents it to the world with an external IP address of 72.54.96.127 via NAT/masquerading. If you are on the inside, 192.168.1.0 network, you may find it impossible to hit URLs that resolve in DNS to 97.158.253.26.

The solution to this can also be solved with virtual hosting. You can configure Apache to serve the correct content when accessing www.mysite.com or www.my-other-site.com from the outside, and also when accessing the specific IP address 192.168.1.100 from the inside.

  1. You will then set up you network configuration on your server using a static ip addresses on the LAN side. Just take the ip number you’ve been assigned by your router (eg) – (192.168.0.2), subnet mask 255.255.255.0 and gateway 192.168.0.1, edit network configuration on your server and set it to statically set ip address and fill in the blanks.

    REDHAT 8.0 and 9.0 httpd.conf

    Listen 80

    ServerName ns1.bogus25.com:80

    NameVirtualHost 192.168.0.2

    # Virtual host bogus25.com
    <VirtualHost 192.168.0.2>
    DocumentRoot /home/bogus25/www/
    ServerAdmin support@bogus25.com
    ServerName bogus25.com
    ServerAlias www.bogus25.com
    </VirtualHost>

    REDHAT 7.3 httpd.conf

    ServerAdmin support@bogus25.com

    Listen *:80

    Port 80

    ServerName ns1.bogus25.com
    NameVirtualHost 192.168.0.2

    # Virtual host bogus25.com
    <VirtualHost 192.168.0.2>
    DocumentRoot /home/bogus25/www/
    ServerAdmin support@bogus25.com
    ServerName bogus25.com
    ServerAlias www.bogus25.com
    </VirtualHost>

Note: Creating virtual host configurations on your Apache server does not automatically cause DNS entries to be created for those host names. You must have a domain name and you must have the names in DNS, resolving to your IP address, or nobody else will be able to see your web site. This is where a dns service like zoneedit.com or another provider is required.

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen − 12 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.