Multiple servers behind one public IP [duplicate]
This is a canonical question about hostname-awareness and proxying.
I know that some protocols are hostname-aware; that is, when I connect to the HTTP server at www.example.com
it knows I want www.example.com
's HTTP service, not www.example.net
's, even though they are on the same IP address. How can I do this for protocol foo?
(Temporary note: this question appears pursuant to this meta discussion.)
Solution 1:
To understand what's going on, you need to know a little about DNS.
When a client wants to connect to a service on a given host, it looks up the hostname through its local DNS infrastructure, and receives an IP address in response. It then connects to that IP address, and requests the service in the manner prescribed by the procotol it's built to implement.
In some cases, part of that procotol involves a second sending of the hostname originally looked
up, which in this case is sent to the server rather than the DNS infrastructure.
In the case of HTTP, this was added as part of HTTP/1.1, in RFC
2616; in the case of HTTPS, this was implemented as Server Name
Indication (SNI) in RFC
4366; and in the case of FTP, this was added by the HOST
command, in RFC 7151 (but see later caveat). If such a second sending does not occur, the server has no way to know what hostname the client fed to its local DNS in order to get the server's IP address.
Note that in all cases a change to the protocol was required to do this second sending, and thus make the client-server interaction hostname-aware. After the protocol was changed, server code had to be updated to implement it. And finally, clients had to be updated to talk the new protocol to the servers. That last step can be particularly slow; in the case of SNI, Internet Explorer on Windows XP never implemented it, so the protocol could not be relied on while there was still any significant number of IE-on-XP users around, and it's taken about ten years for enough of them to die off and/or get upgrades that SNI is reliably deployable.
So that's what it takes to make a non-hostname-aware protocol hostname-aware. It is not a simple
flag setting or configuration change. We have some protocol-specific answers that deal with the
state of affairs, and possible mitigation measures, for that protocol in particular: for
SSH (and thus also SFTP) and
for
FTP (which points out that HOST
support for FTP is currently in the patchy-support phase, and so cannot yet be relied on).
The short answer is that if your protocol does not currently implement hostname-awareness, with good support amongst both clients and servers, forget it: it's not something you can do.