Skip to content

How to Configure Multiple Domains with a Single IP Address on TR7?

About

What is a Virtual Host Based vService?

On TR7 ASP, vServices are configured by listening to the defined IP addresses, and traffic manipulation and WAF services are configured based on the Host header information for requests coming to the relevant IP address. Features such as L7 DDOS, Compression, Caching, X-Forwarded-For, Logging, QoS, Timeouts, and Load Balancing Algorithms work collectively for different virtual hosts (virtual hosts) listening to the same IP address. However, for each virtual host, these features can be configured and executed through the interface without the need to write any domain-specific code.

To create Virtual Host-based vServices, a single REDIRECTOR vService is required (or two REDIRECTOR vServices if HTTP (80) requests are also to be handled). After that, separate vServices must be created for each virtual host, allowing for specific configurations for each host. Traffic will first go to the REDIRECTOR vServices, and based on the domain information, it will be forwarded to the relevant virtual host-based vService while preserving the Client IP information.

Interface > Step 1

Network Configuration

Step > 1.1

Creating Virtual Domains Route Table

"Network > Route Tables > Add Interface" to create a route table named VIRTUAL_DOMAINS.

LOGO

Step > 1.2

Creating V-ETH (Peer) Interface (DEFAULT)

"Network > Interfaces > Actions > Add Interface" to create a V-ETH (Peer) interface on the DEFAULT route table.

Warning

The added PEER_DEFAULT interface must be on the same Route Table as the VIP address added in Step 1.7.

LOGO

Step > 1.3

Creating V-ETH (Peer) Interface (VIRTUAL_DOMAINS)

Return to the interface addition screen and create another V-ETH (Peer) interface on the VIRTUAL_DOMAINS route table, connecting these peers to each other.

LOGO

Step > 1.4

Adding GW IP Address

Right-click on the PEER_DEFAULT interface and click the "Add IP" button. Enter the IP address 203.0.113.1 from the reserved IP block 203.0.113.0/24 for both master and slave TR7 ASP devices, then click "Add IP."

LOGO

LOGO

Step > 1.5

Adding VHOST VIP Address (Internal)

For the PEER_INTERNAL interface, enter the IP addresses 203.0.113.2, 203.0.113.3, and 203.0.113.4 for both master and slave TR7 devices, which will be used in the VHOST vServices. New IP addresses can be added from the 203.0.113.0/24 block when creating a new VHOST vService.

LOGO

LOGO

Step > 1.6

Adding GW

To add a gateway to the route table created in the first step, click on the PEER_INTERNAL interface and then click the "Add Route" button. To maintain the Client IP information, enter the default gateway as 203.0.113.1.

LOGO

LOGO

Step > 1.7

Adding VIP Address

Click on the MGMT interface and then click the "Add IP" button to define a local network IP address as VIP.

LOGO

LOGO

Interface > Step 2

VHOST vService Configuration

Step > 2.1

After these steps, the network configuration is complete, and vServices can be created with internal IP addresses. Each VHOST vService can have different configurations. For example, WAF can be activated for www.tr7.com, while it may not be activated for support.tr7.com and test.tr7.com.

LOGO

LOGO

LOGO

LOGO

Interface > Step 3

Backend Service Configuration

Step > 3.1

After creating vServices for each Virtual Host, follow the steps: "Traffic Manager > Backend Services > Add" to add the defined vServices for the Redirect vServices, specifying the 80 and 443 ports separately.

Warning

When adding Backend Services, ensure that the "SSL Service" button is not checked.

Warning

Also, the route table for the Backend Services must be the same as the one that includes the added VIP address (where the traffic will be forwarded).

Warning

In the Backend Service addition screen, select "Details > SNAT > Use Client IP." This ensures that the Client IP information is preserved.

LOGO

LOGO

LOGO

LOGO

Interface > Step 4

REDIRECT (HTTP 80) vService (HTTP) Configuration

Step > 4.1

After adding www.tr7.com, support.tr7.com, and test.tr7.com Backend services for both ports 80 and 443, configure the Redirect vServices that will handle incoming requests over HTTP (port 80). Based on the host header information, incoming requests are routed to the corresponding VHOST vServices on port 80 using Conditional Backend Services.

LOGO

Interface > Step 5

REDIRECT (HTTPS 443) vService (L7 TCP) Configuration

Step > 5.1

Similar steps are followed for the Redirect vServices that handles incoming requests over HTTPS (port 443). Select "L7 TCP" as the type. Requests are routed to the corresponding VHOST vServices on port 443 according to the SNI information.

LOGO

The overall view of vServices should be as follows.

LOGO

Interface > Adım 6

Control

Step > 6.1

Afterward, make requests to the domains www.tr7.com, support.tr7.com, and test.tr7.com via the browser and check the incoming traffic to the vServices.

LOGO

For log verification, check the logs for the www.tr7.com vService to ensure that the requests successfully reached the VHOST vServices from the Redirect vServices without losing the Client IP information.

LOGO

Was this page helpful?