>> I thought it would be convenient and simple to have a separate Raspberry
Pi server for each site that I am hosting...
No reason to really do that today, you can do this all with apache vhosts
today, with or without SSL. As I mentioned in my last email, with the
introduction of SAN fields in SSL certs, this is entirely unnecessary now.
Back at Godaddy early before SAN records, we would soak up ipv4 addresses
by the /17-19 CIDR blocks for SSL hosting, but ARIN and others figured out
quick with ipv4 exhaustion this was untenable, so they fixed SSL around
this. With SAN records, you can have multiple SSL domain names and urls
for vhosts to a single cert, so long as the SAN records match the requested
url within the cert. Plenty of docs out there to do this, and you can save
not needing to buy a /28 CIDR block from cox (and waste more ipv4 addresses
when we're all out).
If you really wanted to do more 1:1, you need a firewall that can do
complex enough NAT (network address translation) across multiple addresses
external to internal private addressing. This is quite simple to setup
assuming your firewall is capable ala pfsync or a more enterprise-y
firewall. Even buying a cheaper enterprise Fortigate firewall for 400/500
bucks is well capable, not to mention Ubiquiti, Adtran, or numerous other
cheaper enterprise-y class devices.
If you have 10 rpi's, you just create a 1:1 translation from your 10
external ip's to whatever internal ip's you have.
Example:
Cox 24.1.2.18:80 translates to Internal 10.1.2.10:80 for http
Cox 24.1.2.19:53 translates to Internal 10.1.2.11:53 for dns
Cox 24.1.2.20:* translates to Internal 10.1.2.100:* for all ports
... etc, repeat for each ip:ports needed.
This sort of thing is mostly what I do as a network and firewall dude, glad
to help via this list or more realtime chat, jump in the PLUG IRC.
-mb
On Thu, Nov 18, 2021 at 1:46 PM Joe Neglia via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
> I got a block of 16 static public IP's (I think it's called a CIMD /28 or
> some such lingo). The uppermost and lowest addresses in the block have a
> special purpose, but that leaves 14 usable static IP's. With the one that
> I am using, there are 13 remaining ones, seemingly going to waste.
>
> I thought it would be convenient and simple to have a separate Raspberry
> Pi server for each site that I am hosting, each with a different static
> public IP. But couldn't figure out how to do that. My online research led
> nowhere -- knowledge in this area appears to be scarce. Any advice would
> be greatly appreciated!
>
> (Incidentally I discovered that Apache has a feature called Virtual Hosts
> that let's you host multiple websites behind one static public IP. Works
> great, except that only ONE of the sites hosted that way can have SSL
> enabled, due to the way Virtual Hosts works. This is how I'm currently set
> up.)
>
> On Thu, Nov 18, 2021 at 1:15 PM Michael Butash via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> >> I am told I can rent more static IPs... I assume I will need some
>> hardware to be able to accommodate more than 1 IP unless I am port
>> forwarding to different boxes.
>>
>> Not really, just about any *nix-y system can accommodate that with NAT as
>> a firewall/router/gateway, whatever you want to call it, with one ip or
>> many. Even basic WRT-based systems ala netgear/linksys can tend to handle
>> this in theory with basic network iptables features. Probably best would
>> be something like pfsync, which there is plenty of cheap gateway hardware
>> out there that can run it, or any older (ie. cheap) enterprise firewalls.
>>
>> Old days the biggest reason for multiple ip's was SSL requiring 1:1 IP to
>> DNS binding, but this has gotten easier out of necessity with use of
>> Subject Alternative Names (SAN) as part of the certs. If you need the same
>> external port being forwarded to multiple internal ports/services is about
>> the only other reason for multiple ip's, but as long as you can define
>> separate ports for what is connecting to it, not so much.
>>
>> When you get to the point you want to do so, more than few of us have
>> probably done so to help you through it and understand the concepts once
>> you know what you need/want to do.
>>
>> >> Cox Business does not block any ports.
>>
>> The only residential ports they block really relevant these days is 80
>> for http (not 443/https, so why 80??), and smtp for email, but these days
>> there is little reason to run your own smtp server unless you're just doing
>> it to do it or honeypot spammers trying to hit you 24/7 for no good
>> reasons. I'd run sslvpn for remote access on https/443 just fine on res
>> service, I just need to make sure to type https://.
>>
>> >> I am satisfied with Cox Business
>>
>> CBS service is just pricey (compared to residential) to begin with,
>> unlimited bandwidth and unblocked ports or not imho, but otherwise about
>> the best/cheapest "business class" service/support you can get, if you can
>> get it in your hood.
>>
>> -mb
>>
>>
>> On Thu, Nov 18, 2021 at 12:04 PM Keith Smith via PLUG-discuss <
>> plug-discuss@lists.phxlinux.org> wrote:
>>
>>>
>>> I've had a Cox Business account for maybe 8 years. I've only had one
>>> outage, and it was short. My package is a home office type of plan. I
>>> am currently running a LAMP + BIND + Postfix + Dovecot on a laptop on my
>>> single static IP. I am told I can rent more static IPs... I assume I
>>> will need some hardware to be able to accommodate more than 1 IP unless
>>> I am port forwarding to different boxes.
>>> I configured this server on a laptop to see if I could do it. I am a
>>> PHP dev, with some light LAMP server experience. I still have a lot to
>>> learn.
>>>
>>> Cox Business does not block any ports.
>>>
>>> Cox tells me there will never be any overages because on my plan I
>>> purchase a set up and down which cannot be exceeded.
>>>
>>> I am satisfied with Cox Business
>>>
>>>
>>> On 2021-11-14 11:21, Joe Neglia via PLUG-discuss wrote:
>>> > Any recommendations for a reliable ISP?
>>> >
>>> > (Couldn't find any recent discussion in the PLUG archives, so am
>>> > asking here.)
>>> >
>>> > I currently have a business account (I'm running a small server on a
>>> > static public IP address for my business), but am having a *terrible*
>>> > time with my current ISP. Worked *great* for about a year, but have
>>> > been having daily outages for about a month now.
>>> >
>>> > Don't even want to say the name for fear of being sued for libel. They
>>> > were honest enough to admit it is an "internal issue", and have no ETA
>>> > on a fix. "[Their] technicians continue to work to resolve the
>>> > problem in [my] neighborhood. Currently, there is no estimated time
>>> > for when service will be restored."
>>> >
>>> > I get the feeling they don't have a grasp on the problem, as when I
>>> > call their status line they report an outage even when the system is
>>> > up. When my connection goes down, a modem reboot sometimes (but not
>>> > always) gets me connected again.
>>> >
>>> > Speed is not an issue. But reliability is! Any suggestions would be
>>> > greatly appreciated.
>>> > ---------------------------------------------------
>>> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> > To subscribe, unsubscribe, or to change your mail settings:
>>> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)