I’m trying to get the following done:
- A HTTP request comes into an address subdomain.domain.com to a public ip on a machine running a proxy (maybe apache? Anything better?)
- Based on the subdomain, I’d like the request to be redirected to an internal machine on a private ip, and specific port. The response for that request will come from that internal machine.
What are my options? Any general guidelines out there for achieving this? Whats a good proxy implementation choice? Will also need to dynamically add subdomains over time, which redirect to specific internal ips/ports.
How do ssl certificates work in a setup with subdomains? Is a separate certificate required for every subdomain?
The setup isn’t too hard. You just make a virtual host for each subdomain and configure the vhosts as proxies. The approach is the same regardless of which proxy software you choose. I recommend you to use Nginx as an reverse proxy since the configuration is easier and the performance is much better than Apache. If you still want to use Apache, make sure you do not run PHP on the proxy machine and use mpm_worker instead of mpm_prefork.
You can make a script which adds new subdomains to the configuration file. It shouldn’t be too hard since they will look almost the same, except for the path to the SSL certificate and the IP of the backbone server.
For SSL you can use a wildcard certificate which will cover the entire domain, including subdomains. This is not supported on all platforms, but the support have grown in the last years so it should be pretty safe.
Otherwise, without a wildcard certificate, you will need a certificate and a separate IP address per subdomain (since the SSL connection is set up before the domain name is known, you will need to differentiate different certificates by different IPs).