Amazon EC2 IP and Ports configuration

[steve_adams]

I've installed Froxlor on an Ubuntu 12.04 EC2 instance at Amazon and I'm having difficulty maintaining connectivity to the domains AND the default froxlor login due to Amazon's Elastic IP and internal IP differences.

 

Effectively, apache's default site answers on <virtualhost *:80> and if you configure froxlor with the elastic (external) IP address, that IP gets injected into the domain virtualhosts like this: <virtualhost [elastic ip]:80>. Accessing the site domains like this delivers the user to the default Ubuntu home page in /var/www that says "It Works!"

 

If you bind froxlor to the internal 10.x.x.x IP address within Amazon's DMZ, the domain's get injected with virtualhost like this: <vitualhost 10.x.x.x:80> and the froxlor backend becomes unreachable at http:[elastic ip]/froxlor and at http://virtualhost.dom/froxlor. Furthermore, it appears that the NAT or the DNS connection from the outside to the inside causes the site to load slowly and unresponsively.

 

What's the correct way to circumvent this?
a) bind the froxlor IP and Port to the external IP and the sites to the internal IP? What would the options in "Ips and ports" look like for this configuration?
alias the domain/froxlor to /var/www/froxlor in the domain configuration somewhere? How would this be accomplished?
c) bind froxlor to a separate port? or another elastic IP?

other suggestions?

 

[d00p]

what is an "elastic" ip? It's either static or dynamic. If it is a dynamic IP, you won't be able to use froxlor correctly as it requires the server to have a static external IP address.

[steve_adams]

Thank you, jogr!

[steve_adams]

Amazon has a very strict DMZ system in which an "elastic ip" is tied to an internal NAT on a private address. The elastic IP is effectively a 'leased' static public address. http://aws.amazon.com/articles/1346

 

So, back to the resolution for my problem-- If I bind the static IP to the Froxlor administration site, it is also injected into the domain virtual hosts configuration. Doing so with the default apache site enabled breaks the DMZ navigation to the internal domains.

 

If I bind tow addresses in the IP and Ports area, one public and one private, I can get to the domains but not the forxlor administration interface since the server directs all NATed addresses to the internal IPs...so that http://domain.dom/froxlor is not present in the virtually hosted web root.

 

Certainly there must be some acceptable IPs and Ports configuration that would support both the NAT and the public IP address so that the domains as well as the Froxlor admin interface may be reached?

 

How can I provide more information?

[d00p]

I don't think that these Amazon what-ever-server-that-should-be things are meant to be used as webhosting-servers. Sorry, Froxlor does not support that kind of setup

[steve_adams]

Amazon EC2 is perhaps the first and foremost cloud hosting solution intended for webhosting. I don't know what world you're living in where you would never have heard of them...but you should perhaps set out of the dark ages and maybe read a slashdot article or two

[d00p]

Well i'm living in a world where people are nice to each other smartass. Good luck getting help now.

[leomissao]

Some people are poorly educated natively.

Do not live in community.

 

d00p am grateful for the excellent work you have done for the benefit of the community using Froxlor.

 

Thank you.

[steve_adams]

D00p,

   Were I intentionally a smart ass, I would correct the grammar and punctuation in your comments. I've used Froxlor since it's beginnings as SysCP, and--perhaps unfortunately for me-- live in a world overpopulated with jerks and cPanel users with little or no accountability. My apologies if I came off as insolent. I took your reply to be uninformed and dissmissive. Surely, someone else is running Froxlor on EC2 and can provide help?

 

I'm happy to provide a sounding board for the sarcastic among us. And, I have the fondest hopes of finding a solution or continuing to post my results in the frame of mind that should I come up with a solution for Froxlor on EC2 it will only further the user base as VMS systems like EC2 continue to proliforate.

[d00p]

My apologies if I came off as insolent.

 

Accepted. And grammar and punctation - well I'm not a native english speaker

[Sephiroth]

D00p,

   Were I intentionally a smart ass, I would correct the grammar and punctuation in your comments. I've used Froxlor since it's beginnings as SysCP, and--perhaps unfortunately for me-- live in a world overpopulated with jerks and cPanel users with little or no accountability. My apologies if I came off as insolent. I took your reply to be uninformed and dissmissive. Surely, someone else is running Froxlor on EC2 and can provide help?

 

I'm happy to provide a sounding board for the sarcastic among us. And, I have the fondest hopes of finding a solution or continuing to post my results in the frame of mind that should I come up with a solution for Froxlor on EC2 it will only further the user base as VMS systems like EC2 continue to proliforate.

 

Please describe how the elastic ip is routed to your server in detail (networking) and then we can help you - but you just could try the two or three different possibilities out for yourself in a few minutes..

[steve_adams]

Amazon keeps their networking information close to their chest in order to maintain security. I'll do some research, but I'm not so sure it'll be fruitious. As to the choices...I presently have both the internal and external IPs configured in Froxlor for a total of 32 possibilities if you only consider the listen, NameVirtualHost, Vhost-container, and ServerName settings. This is further comlicated by the presence of a default apache configuration in addition to the vhost configs for A2ensite based on the vitual hosts added to Froxlor's control.

 

This i know...Amazon's preferred vhost configuration really likes the wildcard *:80> injected into the vhosts and Froxlor doesn't like or provide for this capability. It really wants the public (external) IP. Doing so negates the ability to get to the /var/www/Froxlor control panel because it delivers every request for the public IP to the Vhost by domain.

 

Capiche?

[jogr]

I've installed Froxlor on an Ubuntu 12.04 EC2 instance at Amazon and I'm having difficulty maintaining connectivity to the domains AND the default froxlor login due to Amazon's Elastic IP and internal IP differences.

 

Effectively, apache's default site answers on <virtualhost *:80> and if you configure froxlor with the elastic (external) IP address, that IP gets injected into the domain virtualhosts like this: <virtualhost [elastic ip]:80>. Accessing the site domains like this delivers the user to the default Ubuntu home page in /var/www that says "It Works!"

Which means that you are able to connect to your webserver as normal and you will able to get its default page, fine

 

If you bind froxlor to the internal 10.x.x.x IP address within Amazon's DMZ, the domain's get injected with virtualhost like this: <vitualhost 10.x.x.x:80> and the froxlor backend becomes unreachable at http:[elastic ip]/froxlor and at http://virtualhost.dom/froxlor. Furthermore, it appears that the NAT or the DNS connection from the outside to the inside causes the site to load slowly and unresponsively.

Which is normal. You are trying to connect to a private network from the internet. This wouldn't work by design see http://en.wikipedia.org/wiki/Private_ip_address

 

What's the correct way to circumvent this?

a) bind the froxlor IP and Port to the external IP and the sites to the internal IP? What would the options in "Ips and ports" look like for this configuration?

alias the domain/froxlor to /var/www/froxlor in the domain configuration somewhere? How would this be accomplished?

c) bind froxlor to a separate port? or another elastic IP?

other suggestions?

If you have more than one external IP address from amazon you can try the following:

• Use one IP / domain for froxlor with own vhost setting and take care that it read by apache before reading the froxlor-made vhosts. I've realised this by having all vhosts in one subdirectory and include this subdir with

  Include /etc/apache2/vhosts.d/*.conf

  in httpd.conf . Inside this subdir I've the froxlor-maindomain-vhost like

  10_froxlor_main_domain.conf

  and all froxlor generated vhosts for my customers are in

  99_froxlor-vhosts.conf

• Add all IP's you need to Server -> IP's and Ports
• To make sure, that my main froxlor IP isn't included in

  99_froxlor-vhosts.conf

  I've not made the checkmark for "Create vHost-Container" for my main froxlor IP