[AOLSERVER] Virtual hosting

5 views
Skip to first unread message

Janine Sisk

unread,
Feb 6, 2009, 7:09:55 PM2/6/09
to AOLS...@listserv.aol.com
Hi all,

I'm considering moving from owning my own hardware to hosting
everything with Amazon. It has many advantages, but one huge drawback
- each virtual server can only have one external IP address.

I've never tried to use AOLserver's virtual hosting; at one time it
was said to be less than reliable, and I've never revisited it. We've
always had enough IP addresses that every site could have one of their
very own. But that's not going to be the case if I make this change;
virtual servers aren't cheap enough that I can set one up for every
site, they're still going to have to be roommates.

So my question - what is the latest in virtual hosting? Can I
actually run multiple sites off of one IP address these days? What
about SSL?

I'm still using version 4.0.10 - haven't had any need to upgrade. I
can upgrade if necessary to deal with this, though I'd rather not
introduce that variable at this particular point in time.

Thanks in advance,

janine

---
Janine Sisk
President/CEO of furfly, LLC
503-693-6407


--
AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to <list...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.

Jeff Rogers

unread,
Feb 6, 2009, 7:50:35 PM2/6/09
to AOLS...@listserv.aol.com
You can absolutely run multiple named vhosts off a single IP with no
problem. It works out of the box from I think the first release of 4.x.
I think the sample config shows all you need to know about vhosting but
if not I'd be happy to help come up with a better concise example. the
only caveat is that all the vhosts run as the same server meaning the
same user. (I had an idea a while back for how to support multi-user
virtual hosting via nsproxy, but it never went anywhere)

You can absolutely *not* run multiple SSL servers off one ip, and you
never will be able to with aolserver or anything else. This is because
the certificate is exchanged as part of the ssl handshake which happens
before the web server ever has a chance to see it and respond to any
Host: header.

Re: upgrading - awww, with 4.5.1 just freshly released, doesn't that
just make you *want* to upgrade? :)

-J

Janine Sisk wrote:
> Hi all,
>
> I'm considering moving from owning my own hardware to hosting everything
> with Amazon. It has many advantages, but one huge drawback - each
> virtual server can only have one external IP address.
>
> I've never tried to use AOLserver's virtual hosting; at one time it was
> said to be less than reliable, and I've never revisited it. We've
> always had enough IP addresses that every site could have one of their
> very own. But that's not going to be the case if I make this change;
> virtual servers aren't cheap enough that I can set one up for every
> site, they're still going to have to be roommates.
>
> So my question - what is the latest in virtual hosting? Can I actually
> run multiple sites off of one IP address these days? What about SSL?
>
> I'm still using version 4.0.10 - haven't had any need to upgrade. I can
> upgrade if necessary to deal with this, though I'd rather not introduce
> that variable at this particular point in time.
>
> Thanks in advance,

Bas Scheffers

unread,
Feb 6, 2009, 9:13:53 PM2/6/09
to AOLS...@listserv.aol.com
If you want to make them all run as individual processes, you can use
Apache as proxy to them.

And of course Jeff is right about SSL - one per IP only unless you
choose different ports. (which you don't want to as many corporate
firewall only allow 80 and 443 traffic)

Alex

unread,
Feb 6, 2009, 10:00:39 PM2/6/09
to AOLS...@listserv.aol.com
Apache for proxying????
nginx

Alexey Pechnikov

unread,
Feb 7, 2009, 4:52:10 AM2/7/09
to AOLS...@listserv.aol.com
Hello!

В сообщении от Saturday 07 February 2009 06:00:39 Alex написал(а):
> Apache for proxying????
> nginx

nginx for proxing?!!
pound

Best regards, Alexey.

Gustaf Neumann

unread,
Feb 7, 2009, 7:45:48 AM2/7/09
to AOLS...@listserv.aol.com
While it is true that for plain proxing, pound is simpler and easier to
configure,
nginx scales better (e.g. when you have e.g. 1000+ concurrent connecitions)
and offers a large scale of modules etc. We switched from pound to nginx
two years ago, and the decision was right for us. While for pound, every
connection is a separate thread, nginx uses asynchronous connecitions
(+ configurable multiple threads).

best regards
-gustaf neumann

Alexey Pechnikov schrieb:

Alexey Pechnikov

unread,
Feb 7, 2009, 9:43:30 AM2/7/09
to AOLS...@listserv.aol.com
Hello!

В сообщении от Saturday 07 February 2009 15:45:48 Gustaf Neumann написал(а):


> While it is true that for plain proxing, pound is simpler and easier to
> configure,
> nginx scales better (e.g. when you have e.g. 1000+ concurrent connecitions)
> and offers a large scale of modules etc. We switched from pound to nginx
> two years ago, and the decision was right for us. While for pound, every
> connection is a separate thread, nginx uses asynchronous connecitions
> (+ configurable multiple threads).

As I know nginx may expensive use hard drive and DDOS attack may to kill server. Pound is more
secure because does not access the hard-disk and does verify http/https requests.
But I didn't use pound with 1000+ concurrent connecitions.

Alex

unread,
Feb 7, 2009, 10:20:33 AM2/7/09
to AOLS...@listserv.aol.com
Alexey,

could you provide more details, and may be some links?
We are currently using nginx and I am quite interested, especially about DDOS.

Thanks,
~ Alex.


On Sat, Feb 7, 2009 at 9:43 AM, Alexey Pechnikov <pech...@mobigroup.ru> wrote:


As I know nginx may expensive use hard drive and DDOS attack may to kill server. Pound is more
secure because does not access the hard-disk and does verify http/https requests.
But I didn't use pound with 1000+ concurrent connecitions.


Best regards, Alexey.

--
Seamos realistas y hagamos lo imposible.
Будем реалистами и cделаем невозможное.
Let's be realists and do the impossible.
       ---- Che Guevara

Alexey Pechnikov

unread,
Feb 8, 2009, 7:03:51 AM2/8/09
to AOLS...@listserv.aol.com
Hello!

В сообщении от Saturday 07 February 2009 18:20:33 Alex написал(а):


> could you provide more details, and may be some links?
> We are currently using nginx and I am quite interested, especially about
> DDOS.

nginx write a lot of log messages for queries when back-end produce errors. And nginx does not
filter incorrect queries and send all queries to back-end servers. So back-end servers may be DDOS
attacked. Also nginx does write temp files before redirecting queries to backend without checking
queries.
But I don't know has ngix potential to check http/https requests or it's impossible.

pound on my servers drop incorrect requests by default configuration and backend AOL servers are
protected successfully. Since pound have no hard disk access, DDOS attacks can't swap-on server.
Also I'm using cookie-based cluster configuration with single entry-point:

Service
HeadDeny "X-SSL-.*"
HeadRequire "Host:.*hostname.*"
HeadRequire "Cookie: .*session=branch%3Dstable&unit%3D1"
BackEnd
TimeOut 300
Address serverA
Port 8001
End
End
Service
HeadDeny "X-SSL-.*"
HeadRequire "Host:.*hostname.*"
HeadRequire "Cookie: .*session=branch%3Dstable&unit%3D2"
BackEnd
TimeOut 300
Address serverB
Port 8001
End
End

All queries without recognized cookies will be dropped. First configuration section describe service
with parameters "branch=stable, unit=1" and second - "branch=stable, unit=2".


Best regards, Alexey.

Reply all
Reply to author
Forward
0 new messages