PROBLEM:
If a virtualhost configured behind a load balancer originated http/https, requests using the proxy module in destination to the Internet IP of the virtual host, the route of the packet would then have to be:
Vhost ==ProxyModule==>> LoadBalancer ==>> Loop to itself ==>> Vhost
For technical reasons I needed to avoid this route. This route is often blocked by either the firewall or the load balancer itself or both.
The reason being that packets originating from behind the load balancer might be not be allowed to reverse traverse the load balancer, direction Internet, and then loop back exactly to itself. The load balancer is often seeing these packets as spoofing packets and discards them.
Example:
www.mysite.com: 101.60.35.32
Vhosts configured in web server with IP: 192.168.100.4
SOLUTION 1:
One of the best solution to this is to add a few entries in the /etc/hosts in each web server as follows, which makes the Apache proxy module send requests to its internal IP.
192.168.100.4 www.mysite.com www.mysite2.com ......
After restarting Apache, it will send all requests destinated to itself or another local vhost (sent via proxy) to the local configured IP instead of to Internet and back in. This will avoid the blockage from the Loadbalancer or Firewall.
But what about if the Load balancer does port NATting and your vhosts are configured to use for example the port 8080(http) and(8081)https. The above /etc/hosts trick would not work. Then use the SOLUTION 2.
SOLUTION 2:
Use iptables rules to do ‘port forwarding’ as follows:
STEPS:
apt-get install iptables-persistent
iptables -t nat -A OUTPUT -d 101.60.35.32/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.100.4:8080
iptables -t nat -A OUTPUT -d 101.60.35.32/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.100.4:8081
iptables-save > /etc/iptables/rules
The next time you reboot, the iptables rule will automatically be loaded.