• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about article on how to publish multiple Web sites using a single IP address

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Discussion about article on how to publish multiple Web sites using a single IP address Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about article on how to publish multiple Web... - 22.Nov.2005 4:36:06 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the article on how to publish multiple Web sites using a single IP address at http://isaserver.org/tutorials/Publishing-Multiple-Non-SSL-Web-Sites-Single-IP-Address-using-ISA-Firewalls.html

Thanks!
Tom

< Message edited by tshinder -- 22.Nov.2005 4:40:35 PM >


_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: Discussion about article on how to publish multiple... - 28.Nov.2005 10:50:12 PM   
dshupe

 

Posts: 1
Joined: 28.Nov.2005
Status: offline
Tom,

Do you think this technique would work with Sharepoint?  The client I am working with has 7 Sharepoint root level sites that each have their own IP addresses.  Right now, they are just internal sites, but they want to deploy them to an extranet.  Do you know if it would be feasible to publish all of the Sharepoint sites using a single IP address?  Also, when do you anticipate the SSL version of this article to come out? 

Thanks,

Deb

(in reply to tshinder)
Post #: 2
RE: Discussion about article on how to publish multiple... - 29.Nov.2005 2:08:38 AM   
thewspot

 

Posts: 16
Joined: 19.Jul.2004
From: Australia
Status: offline
Step 4 of the publishing rule section specifies port 80, but would there be any reason why I wouldn't be able to use a different port? It will still be non-SSL web sites.

I'm planning to use a single external IP to reference different web sites hosted on the same internal IIS server, but each web site is running on a different port. Would there be any issues with doing it this way? i.e. the internal server will only have a single IP also, only the port numbers will be different.

Regards,
Scott.

(in reply to dshupe)
Post #: 3
RE: Discussion about article on how to publish multiple... - 2.Dec.2005 7:11:24 AM   
thewspot

 

Posts: 16
Joined: 19.Jul.2004
From: Australia
Status: offline
Just to answer my own question:

This article is brilliant. I now have 4 different web URLs all directong to different web sites on my internal IIS server.

The port trick is simple. I have all my sites running on the same server and use different ports for each site. After creating the rule, I just need to go into the properties for the rule and under the "Bridging" tab, just set the "redirect requests to HTTP port" to the required internal port on the IIS server.

This article came out at the perfect time for me. One week before I actually needed to do exactly the same thing.

I love my ISA server :)

(in reply to thewspot)
Post #: 4
RE: Discussion about article on how to publish multiple... - 7.Dec.2005 2:46:52 PM   
Ziad.Chafi

 

Posts: 1
Joined: 7.Dec.2005
Status: offline
I tried the exact steps listed in the tutorial, but it didn't work out, the client computer is successfully able to resolve the external IP address of the ISA server, but the ISA server is not redirecting the requests to the internal servers, note that the ISA server can access these sites locally, what happenes is that the web browser treates the ISA server as a web server and tries to access a locally hosted website, I installed IIS on the ISA server and tried to open www.msfirewall.org, I got the website hosted on the ISA server.

Please provide any comments on the subject, note that I am using ISA 2004 Enterprise edition with no service packs on a Windows 2003 platform.

Ziad Chafi

(in reply to tshinder)
Post #: 5
RE: Discussion about article on how to publish multiple... - 8.Dec.2005 5:11:13 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: dshupe

Tom,

Do you think this technique would work with Sharepoint?  The client I am working with has 7 Sharepoint root level sites that each have their own IP addresses.  Right now, they are just internal sites, but they want to deploy them to an extranet.  Do you know if it would be feasible to publish all of the Sharepoint sites using a single IP address?  Also, when do you anticipate the SSL version of this article to come out? 

Thanks,

Deb

Hi Deb,
In order to publish seven SSL sites, you would need to do one of two things:

1. Use a single IP address on the external interface of the ISA firewall, and then bind a wildcard certificate with the common/subject name something like *.domain.com  This means all site sites would need to be part of the same second-level domain and accessible to external clients using names such as sps1.domain.com, sps2.domain.com mysps.domain.com, yoursps.domain.com. The certificate would be bound to a single Web listener and then you would create seven Web Publishing rules to publish the sites.

2. A better alternative and more flexible one would be to bind at least seven IP addresses to the external interface of the ISA firewall and then create seven Web listeners, each one with a certificate with the common/subject name you want users to access the site by from external locations. In this case, you are not limited to using the same second-level domain for all the SPS sites.

I've got the SSL title on my list, but it might be some time until I get to it. However, you can use the principles discussed in any of my OWA publishing articles to get an idea of how things work, and our book has a lot of information on Web publishing scenarios, although none are SPS specific. I've published many an SPS site and it works quite nicely in most cases.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to dshupe)
Post #: 6
RE: Discussion about article on how to publish multiple... - 15.Dec.2005 1:48:43 PM   
rennera

 

Posts: 11
Joined: 15.Dec.2005
Status: offline
Tom,

I to am very interested in your article about publishing multiple SSL sites on one IP Address.  I currently publish multiple sites using SSL but it is not pretty.  As the domains are different: ie domain1.com and domain2.com.   Your wildcard cert solution just won't do.  One of the requirements that we have to meet is to make it seemless meaning that you don;t get the security warning...

I have accomplished this by using different ports ie 443 for domain1.com and 445 for domain2.com.  Then the listener listens on those ports with the specified certificate.  It works but is not pretty!!

I would love to hear your suggestions for this situation.  I am hoping there is some sort of host header/listener config that I am simply missing... so if domain1.com comes in on 443 use this cert and if domain2.com comes in on 443 use the other cert...

Thanks for all the great articles... it makes it a lot easier for those of us that wear many different hats in the organizations we reside!!

(in reply to tshinder)
Post #: 7
RE: Discussion about article on how to publish multiple... - 17.Dec.2005 5:48:04 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Rennara,

Thanks!

I've got a new series planned for 2006 which I'm calling the "ISA Firewall Quick Tip Series" that will be docs that are between 500-1500 words, in contrast to the other articles on this site which are typically 2500+ words. The Quick Tip docs won't go into the same deep detail as the other docs, but will provide useful information for people who already have a good understanding of the ISA firewall and networking, and just need a quick leg up. I've got one planned for the single IP address/SSL scenario which will be out soon.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rennera)
Post #: 8
RE: Discussion about article on how to publish multiple... - 19.Dec.2005 7:01:48 AM   
Michael@Heffcomm.net

 

Posts: 2
Joined: 19.Dec.2005
Status: offline
Thomas....I found your article of great value....but did not understand why you did what you did. I run 4 web servers. Web0 just handles FTP published sites. Web1 handles just static type FrontPage web sites. Web2 hosts dynamic web sites with asp and SQL requirments (a more robust machine). Last but not least is Web3 which is used for Sharepoint (Team) Services. What I did was the same as what you started with. I created a listener for each of my web servers (using 4 IP addresses) But when I created the publishing rule, I only have one per web server.

In the process you discribe in your article, you are really not publishing a web server, but rather a single web site. If you are hosting 100 or more domains/web sites, your method would require 100 publishing rules, one for each web site/domain. I suspect that this would slow things down a bit. Each time the ISA server would have to go out and get the Intranet IP address for the domain from the Internal DNS server. This step is unnecessary!

If you simply put in the internal IP address of the web server in your publishing rule, all requests that match the public names in the listener will be routed to the proper web server and the IIS web server, using host header differentiation will respond with which web site matches the requested (forwarded from ISA) header.

My way would be faster to respond and allows you to publish unlimited domains on a single IP address from a Single Web Server hosting many web sites/domains. If I am missing something, please let me know where my thought process has gone astray!

Regards



_____________________________

Michael@Heffcomm.net

(in reply to tshinder)
Post #: 9
RE: Discussion about article on how to publish multiple... - 19.Dec.2005 2:02:36 PM   
rennera

 

Posts: 11
Joined: 15.Dec.2005
Status: offline
Tom,

Thanks for the reply!!

I can hardly wait for the new articles!!

Thanks again!!

(in reply to tshinder)
Post #: 10
RE: Discussion about article on how to publish multiple... - 21.Dec.2005 2:18:56 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: Michael@Heffcomm.net

Thomas....I found your article of great value....but did not understand why you did what you did. I run 4 web servers. Web0 just handles FTP published sites. Web1 handles just static type FrontPage web sites. Web2 hosts dynamic web sites with asp and SQL requirments (a more robust machine). Last but not least is Web3 which is used for Sharepoint (Team) Services. What I did was the same as what you started with. I created a listener for each of my web servers (using 4 IP addresses) But when I created the publishing rule, I only have one per web server.

In the process you discribe in your article, you are really not publishing a web server, but rather a single web site. If you are hosting 100 or more domains/web sites, your method would require 100 publishing rules, one for each web site/domain. I suspect that this would slow things down a bit. Each time the ISA server would have to go out and get the Intranet IP address for the domain from the Internal DNS server. This step is unnecessary!

If you simply put in the internal IP address of the web server in your publishing rule, all requests that match the public names in the listener will be routed to the proper web server and the IIS web server, using host header differentiation will respond with which web site matches the requested (forwarded from ISA) header.

My way would be faster to respond and allows you to publish unlimited domains on a single IP address from a Single Web Server hosting many web sites/domains. If I am missing something, please let me know where my thought process has gone astray!

Regards




Hi Michael,

I have no problem with your approach, I just avoid using Host Headers on the Web server and use different IP addresses for each site. Also, for the internal names, you can use a HOSTS file for each FQDN, so no DNS lookups are required.

However, that said, your methods would work nicely for the scenario you point out, where there are hundreds of sites. Just gave me an idea for another article :)

BTW -- in the past, using Host Headers to differentiate each site on the server didn't work with SSL. Is this still a problem?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Michael@Heffcomm.net)
Post #: 11
RE: Discussion about article on how to publish multiple... - 21.Dec.2005 2:19:33 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: rennera

Tom,

Thanks for the reply!!

I can hardly wait for the new articles!!

Thanks again!!


You bet!
Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rennera)
Post #: 12
RE: Discussion about article on how to publish multiple... - 21.Dec.2005 3:58:58 AM   
Michael@Heffcomm.net

 

Posts: 2
Joined: 19.Dec.2005
Status: offline
Yes Tom....SSL still has the same restrictions as SSL does not use host header differentiation. It still uses IP only and requires a different IP address for each Port 443 web site. So I am looking forward to your wisdom on publishing SSL web sites, especially from a hosting environment. I am sure there some things I may have overlooked!

_____________________________

Michael@Heffcomm.net

(in reply to tshinder)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Discussion about article on how to publish multiple Web sites using a single IP address Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts