FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian ISP

 
 
LinkBack Thread Tools
 
Old 12-08-2010, 07:03 PM
Craig Reynolds
 
Default Multiple web site redirection

Hi all,

I apologise if this is not the right place to ask this;

I have two web servers, both serving a multitude of different sites and
domains, both HTTP and HTTPS. Lets call them 1.1.1.1 and 1.1.1.2.


We're leaving the hosting provider where they live, and they being
migrated to two identical servers at another, lets say 2.1.1.1 and 2.1.1.2.


Each server has around 8 additional IPs where the SSL sites are bound.

As we don't control the DNS for the majority of these, it seems unlikely
that I can get dozens of clients to change TTL and A records at the same
time. I don't want them both to be live in parallel, and I don't want
to migrate site by site and take the next millennium to complete the
migration.


I've considered using squid or apache to proxy the requests from the old
host to the new, but I haven't managed to make this work. All the
examples seem to assume that everything is HTTP and its a local accelerator.


I am currently thinking about iptables and NAT to accomplish the same
thing, just simply redirecting the IPs to the new range.


What are thoughts about the best way to accomplish this?

Thanks in advance,

Craig Reynolds


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CFFE4AF.3010004@smartnet.net.nz">http://lists.debian.org/4CFFE4AF.3010004@smartnet.net.nz
 
Old 12-08-2010, 08:15 PM
"Jesús M. Navarro"
 
Default Multiple web site redirection

Hi, craig:

On Wednesday 08 December 2010 21:03:59 Craig Reynolds wrote:
> Hi all,
>
> I apologise if this is not the right place to ask this;
>
> I have two web servers, both serving a multitude of different sites and
> domains, both HTTP and HTTPS. Lets call them 1.1.1.1 and 1.1.1.2.
>
> We're leaving the hosting provider where they live, and they being
> migrated to two identical servers at another, lets say 2.1.1.1 and 2.1.1.2.
>
> Each server has around 8 additional IPs where the SSL sites are bound.
>
> As we don't control the DNS for the majority of these, it seems unlikely
> that I can get dozens of clients to change TTL and A records at the same
> time. I don't want them both to be live in parallel, and I don't want
> to migrate site by site and take the next millennium to complete the
> migration.
[...]
> What are thoughts about the best way to accomplish this?

Just use Apache's reverse proxy for a while and let your customers know that
they'll need to change their DNS to the new address by [whatever date you
deem OK]. Don't delay this for too long: it will mean doubling your network
bandwith (since HTTP packets will travel from 1.1.1.1 to 1.1.1.2 and back)
and you'll increment latency proportionally to that.

Having a look at your logs will tell when all DNS are reconfigured and
propagated.

An example for a domain:

<VirtualHost 1.1.1.1:80>
ServerName www.example.com
ServerAlias example.com

ProxyRequests Off
ProxyPass / http://2.1.1.1/
ProxyPassReverse / http://2.1.1.1/
ProxyPreserveHost On

<Location />
Order Deny,Allow
Allow from all
Satisfy Any
</Location>
</VirtualHost>

The SSL sites throw no problem except if they are using client-side
certificates for validation. The "usual" case (no client certs) would go
more or less like this:

VirtualHost 1.1.1.1:443>
ServerName www.example.com
ServerAlias example.com

SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/ssl/certs/example.com_cert.pem
SSLCertificateKeyFile /etc/ssl/private/example.com_key.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

ProxyRequests Off
ProxyPass / https://2.1.1.1/
ProxyPassReverse / https://2.1.1.1/
ProxyPreserveHost On

<Location />
Order Deny,Allow
Allow from all
Satisfy Any
</Location>
</VirtualHost>

Cheers.


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 201012082215.12434.jesus.navarro@undominio.net">ht tp://lists.debian.org/201012082215.12434.jesus.navarro@undominio.net
 
Old 12-09-2010, 10:15 AM
Adam McGreggor
 
Default Multiple web site redirection

On Thu, Dec 09, 2010 at 09:03:59AM +1300, Craig Reynolds wrote:
> I have two web servers, both serving a multitude of different sites and
> domains, both HTTP and HTTPS. Lets call them 1.1.1.1 and 1.1.1.2.
>
> We're leaving the hosting provider where they live, and they being
> migrated to two identical servers at another, lets say 2.1.1.1 and
> 2.1.1.2.
>
> As we don't control the DNS for the majority of these, it seems unlikely
> that I can get dozens of clients to change TTL and A records at the same
> time.

> What are thoughts about the best way to accomplish this?

Give the customers a customized mail telling them what they'll need to
change, and a deadline, if they don't make it, that's their problem.

Keeping things updated, in parallel, could be tricky, depending on
what they're doing/how they use things.

As previously suggested, you could proxy (in your httpd) from $OLD to
$NEW, maybe using something like migrated.client.hostingco.tld as
their new hostname, until they've sorted things out).

It might be useful to create a spreadsheet or similar for sites
migrated, and when there's been something done, so you can send
reminders, maybe when there are 15days, ten days, five days, two days,
and a "you're holding us up now", and finally a "you're disconnected
now" mails (assuming ~45days to handle change-over, but giving
customers 30days). You could also look at your network traffic graphs.

Renumbering will almost certainly require the co-operation of
customers, so get them involved, give them deadlines, and if they
don't do stuff, that's their problem. When their sites/email/whatever
ceases to work, I'm sure they'll fix stuff/come complaining.

--
"The only way for a reporter to look at a politician is down."
-- Mencken


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20101209111521.GN8672@hendricks.amyl.org.uk">http://lists.debian.org/20101209111521.GN8672@hendricks.amyl.org.uk
 

Thread Tools




All times are GMT. The time now is 05:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org