More than 1 webserver behind DD-WRT

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Oct 27, 2010 20:12    Post subject: Reply with quote
wificom wrote:
Having some kind of a Loadbalancer inbuild in ddwrt would be awesome !

http://www.howtoforge.com/high_availability_loadbalanced_apache_cluster

If you need performance you can run pound on a full linux system.....
fseka wrote:
And what is the recommended procedure for upgrading the optware installation?

redownload prep_optware and run it....

Code:
wget -O /tmp/prep_optware http://wd.mirmana.com/prep_optware
sh /tmp/prep_optware

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
Sponsor
fseka
DD-WRT User


Joined: 02 Dec 2009
Posts: 75

PostPosted: Thu Nov 11, 2010 14:57    Post subject: Reply with quote
Hi,

recently I've upgraded to the linksys e3000 with 2.6 kernel. As pound was missing, I've installed optware.

I've modified S80pound written by JP van Melis to disconnect the startup file (S80pound) from the config file writer (write_pound_cfg in my case).

If someone is interested, I can publish those two files here.

regards,
--
fSeka

_________________
E3000 running DD-WRT v24-sp2(Build 14929) mega
Netgear R7000 running DD-WRT v3.0-r27858)
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Sun Dec 12, 2010 12:17    Post subject: Reply with quote
Today I did some modification on /opt/etc/init.d/S80pound.
It will now take care of the firewall so you don't need to make any portforwards in the webif.

It also allows you to run pound on the LAN ip.
In that case it will also create the appropriate PREROUTING rules in the 'nat table'.

In /opt/etc/pound/pound.tail you can add additional entries to handle for instance HTTPS.

I am using it to handle my Zarafa-server and by using this trick I am able to run more than 1 https server on 1 IP without TLS. This is quite unique.

Code:
ListenHTTPS
        Address 192.168.10.1
        Port    443
        Cert       "/opt/etc/ssl.crt"
        CAList     "/opt/etc/ca.pem"
        VerifyList "/opt/etc/sub.class1.server.ca.pem"
        xHTTP 3
        Service "AutoDiscover"
          URL "/Autodiscover.*"
          BackEnd
            Address 192.168.10.100
            Port 80
          End
        End
        Service "zarafa"
          URL "/(zarafa-webaccess|Microsoft-Server-ActiveSync|webmail).*"
          BackEnd
            Address 192.168.10.125
            Port 80
          End
        End
        Service "Worldclient"
          BackEnd
            Address 192.168.10.25
            Port 80
          End
        End
End

ListenHTTPS
        Address 192.168.10.1
        Port    446
        Cert       "/opt/etc/ssl.crt"
        CAList     "/opt/etc/ca.pem"
        VerifyList "/opt/etc/sub.class1.server.ca.pem"
        Service "Webadmin"
          BackEnd
            Address 192.168.10.25
            Port 1000
          End
        End
End


root@WAN:~# netstat -lnp | grep pound
Code:
tcp        0      0 192.168.10.1:8080       0.0.0.0:*               LISTEN      26950/pound
tcp        0      0 192.168.10.1:443        0.0.0.0:*               LISTEN      26950/pound
tcp        0      0 192.168.10.1:446        0.0.0.0:*               LISTEN      26950/pound
unix  2      [ ACC ]     STREAM     LISTENING     1412921 26950/pound         /var/run/pound.ctl


These will be written to the NAT-table
Code:
-A PREROUTING -d 80.101.0.130 -p tcp -m tcp --dport 446 -j DNAT --to-destination 192.168.10.1:446
-A PREROUTING -d 80.101.0.130 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.10.1:443
-A PREROUTING -d 80.101.0.130 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.1:8080

And these to the INPUT chain
Code:
-A INPUT -d 192.168.10.1 -i vlan2 -p tcp -m tcp --dport 446 -j ACCEPT
-A INPUT -d 192.168.10.1 -i vlan2 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -d 192.168.10.1 -i vlan2 -p tcp -m tcp --dport 8080 -j ACCEPT


All this is done by S80pound

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
craftyguy
DD-WRT Novice


Joined: 27 Jul 2006
Posts: 29

PostPosted: Wed Dec 29, 2010 17:12    Post subject: Reply with quote
I cannot get this to work for the life of me.

I modified /opt/etc/init.d/S80pound and removed the command to write_config, created a custom /opt/etc/pound/pound.cfg:

Code:
User            "pound"
Group           "nobody"
TimeOut         120
Alive           30
Control         "/var/run/pound.ctl"

LogLevel                2
ListenHTTP
        Address 0.0.0.0
        xHTTP 3

        Port 8080

        Service "bt_server"
                HeadRequire "^Host:[\t ].*bt\.DOMAIN\.com*"
                Backend
                        Address 192.168.1.14
                        Port 8080
                end
        end


I set up a port forward from 80 to 192.168.1.1:8080 (IP of dd-wrt router)

Pound is running (ps shows instances), when I visit bt.DOMAIN.com (using my domain of course), it times out. There is a server listening at 192.168.1.14:8080, I can successfully see it locally and externally if I forward 8080.

What am I doing wrong? Thanks!

EDIT:
It seems to be almost-working. I am able to access the webserver by typing bt.DOMAIN.com:8080, but having to specify port 8080 every time is definitely not desired
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Dec 29, 2010 18:31    Post subject: Reply with quote
The startup-script is also responsible for writing rules with iptables.
Which script did you use as base?
The latest script should work out of the box....

It will check the config which port is used, but if you hacked that script it is unable to find the config, so it will leave the netfilter alone...

Put this in your rc_firewall

Code:
wan_ip=`nvram get wan_ipaddr`
lan_ip=`nvram get lan_ipaddr`
wanf=`get_wanface`
iptables -t nat -I PREROUTING -d $wan_ip -p tcp -m tcp --dport 80 -j DNAT --to-destination $lan_ip:8080
iptables -I INPUT 4 -d $lan_ip -i $wanf -p tcp -m tcp --dport 8080 -j ACCEPT


Don't you want to go to port 80 on your backend?
Here it's 8080
Code:
Backend
  Address 192.168.1.14
  Port 8080
end

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
craftyguy
DD-WRT Novice


Joined: 27 Jul 2006
Posts: 29

PostPosted: Thu Dec 30, 2010 4:56    Post subject: Reply with quote
Thanks for the suggestions! I got it to work by rebooting the router.

Now I'm off to tackle the 'multiple HTTPS' part Smile
mirak63
DD-WRT Novice


Joined: 14 Sep 2007
Posts: 16

PostPosted: Wed Feb 02, 2011 10:32    Post subject: Reply with quote
can't this feature be enabled in some firmware ? Surprised
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Feb 02, 2011 12:42    Post subject: Reply with quote
Don't you have OTRW?
If not, why?

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
mirak63
DD-WRT Novice


Joined: 14 Sep 2007
Posts: 16

PostPosted: Wed Feb 02, 2011 13:14    Post subject: Reply with quote
because as any user I want something that work out the box I guess
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Feb 02, 2011 13:38    Post subject: Reply with quote
mirak63 wrote:
because as any user I want something that work out the box I guess
Well, it doesn't. With the co-operation of Brainslayer he could have had the first box in the world that could do this, but he was apparently not interested....

It was my idea in the first place to run this on a SoHo router.

The easiest way for you is to install OTRW. It only need USB-storage with ext3 filesystem and a simple command to install it.

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
mirak63
DD-WRT Novice


Joined: 14 Sep 2007
Posts: 16

PostPosted: Wed Feb 02, 2011 14:00    Post subject: Reply with quote
I don't have usb storage.
that's certainly why I don't know OTRW
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Feb 02, 2011 15:14    Post subject: Reply with quote
It always amazes me why people insist to keep their old hardware when they can just go to a store and buy something that will last them another 4 years with the possibilities they need.

It can't be that hard to sell your current model to a friend and maybe even let him fully finance your new model because you helped him out and installed the thing.

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
mirak63
DD-WRT Novice


Joined: 14 Sep 2007
Posts: 16

PostPosted: Wed Feb 02, 2011 15:26    Post subject: Reply with quote
nice advice but if I sell my routers they will not have lasted me 4 years
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Feb 02, 2011 20:34    Post subject: Reply with quote
mirak63 wrote:
nice advice but if I sell my routers they will not have lasted me 4 years
6 years ago I bought an Asus WL500G DeLuxe which a friend of mine now has. It has USB storage.
_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
Andy120
DD-WRT Novice


Joined: 27 Nov 2007
Posts: 10

PostPosted: Thu Feb 10, 2011 11:59    Post subject: Question on pound and port 80 to 80 Reply with quote
Hi.
I think this question is directed to Frater, but anyone who knows may come up with an answer as well:

I want to run pound with listening external port 80 to internal ports 80 as well so i don't need to change every internal web to port 8080 (for example).

I have tried by changing to default listening address to port 80, but then the pound service fail to start, reporting that port 80 is already in use. By dd-wrt administrative panel, I guess.

So, is what I want possible to do?
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 6 of 8
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum