Results 1 to 9 of 9
  1. #1
    Join Date
    Mar 2005
    Posts
    361

    Need help - lighttpd + apache + cpanel

    Hi guys,

    I´m trying to use lighttpd for serving static content only and apache to provide another content.

    1. I have lighttpd running at a secondary ip on port 8000.
    2. Apache is running at primary ip on port 80.
    3. I have cpanel running too.

    I could not bind lighttpd on secondary ip at port 80.

    What can i do to make apache/cpanel dont bind at port 80 on secondary ip?

    Thanks for help.

  2. #2
    Join Date
    Jul 2005
    Posts
    256
    Not sure if you can tell cPanel to bind to specific addresses, but there's a good workaround: you can redirect all traffic that comes to your secondary address to destination port 80 on destination port 8000. For iptables you'll need to add a rule in table nat in PREROUTING chain.

  3. #3
    Join Date
    Mar 2005
    Posts
    361
    Quote Originally Posted by PerfTuner
    Not sure if you can tell cPanel to bind to specific addresses, but there's a good workaround: you can redirect all traffic that comes to your secondary address to destination port 80 on destination port 8000. For iptables you'll need to add a rule in table nat in PREROUTING chain.
    Yes, but how exactly i do this? :/

    There is a chance that using iptables results in load problemas or performance?

  4. #4
    Join Date
    Mar 2005
    Posts
    361
    I try that:
    /sbin/iptables -t nat -A PREROUTING -s mySecondaryIP -p tcp --dport 80 -j REDIRECT --to-port 8000

    and then i did:

    root@srv01 [/home/]# /sbin/iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    But didnt work... any idea?

  5. #5
    Join Date
    Jul 2005
    Posts
    256
    iptables -t nat -A PREROUTING -i eth0 -d 123.45.67.89 -p tcp -m tcp --dport 80 -m state --state NEW -j REDIRECT --to-ports 8000

    Put your actual secondary IP in place of 123.45.67.89
    There is a chance that using iptables results in load problemas or performance?
    No, iptables is extremely fast.

  6. #6
    Join Date
    Jul 2005
    Posts
    256
    But didnt work... any idea?
    Almost right, butyou should match on destination IP (-d) instead of source (-s).
    Also, if you want to list rules for nat table, do iptables -t nat -L, it uses filter table by default.

  7. #7
    Join Date
    Mar 2005
    Posts
    361
    Quote Originally Posted by PerfTuner
    iptables -t nat -A PREROUTING -i eth0 -d 123.45.67.89 -p tcp -m tcp --dport 80 -m state --state NEW -j REDIRECT --to-ports 8000

    Put your actual secondary IP in place of 123.45.67.89

    No, iptables is extremely fast.
    Thanks, i try that... its showing at iptables -t nat -L:

    # /sbin/iptables -t nat -L
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    REDIRECT tcp -- anywhere myhostname tcp dpt:http state NEW redir ports 8000

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination



    But, when i try to access i got:

    DNS error or Server not found...

    any idea?

    i try too:

    telnet ip 80 and got "refused connection"

    Thanks again
    Last edited by sytker; 01-20-2006 at 10:08 PM.

  8. #8
    Join Date
    Jul 2005
    Posts
    256
    Check netstat -nlp to see if lighttpd is really listening on that IP on port 8000.

    Also, it's better to list rules with iptables -t nat -L --verbose, after you tried connecting, you'll see if it actually matched some packets.

  9. #9
    Join Date
    Feb 2002
    Posts
    2,120
    find httpd.conf

    go to section

    <IfDefine SSL>
    Listen 80
    Listen 443
    </IfDefine>

    comment it out to


    #<IfDefine SSL>
    #Listen 80
    #Listen 443
    #</IfDefine>

    then add

    Listen 123.123.123.123:80
    Listen 123.123.123.123:443

    123.123.123.123 your primary IP

    and restart apache. then check with netstat -nlp
    and see if it's alright...

    ps. make sure no accounts use your secondary IP

    Enjoy!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •