PortForwarding with 1&1

Continuing from what we learned with LoadBalancing: https://timgarrity.me/load-balancing-with-11/

Previously, we went over the power of using 1&1’s provided Load Balancer to spread the incoming load among servers. One of the design concepts of the LoadBalancer itself is to take an incoming port and map it to a local port, relative of our servers. In a sense, this is port-forwarding, and with few sacrifices, we can leverage this ability to host multiple kinds of servers on a single VM and translate them to port 80.

Scenario

I have 1 server which runs my company’s front-end website with Apache on port 80. Our main product is a webapp built off of NodeJS which runs on port 3000. We currently want as vanilla of a server install as possible so we’ve chosen 1&1’s CloudServer with the WordPress “Application” image, which is CentOS7 + Apache on a Minimal server (no plesk). We only own 1 domain http://www.domain.tld, but our webapp will be hosted on a subdomain app.domain.tld.

Problem:

We do NOT want to use app.domain.tld:3000, nor do we want to do any configuration coding of httpd.conf or htaccess, or installing more than what we need.

Solution:

1Loadbalancer, Firewall Policy with p3000 open, and an A record set for the app subdomain.

The loadbalancer, in it’s simplest form, takes an incoming port and translates it into a local port relative to the servers clustered in the config. On top of that, rather than paying 5$ for a new IP, one is generated for the loadbalancer automatically for free. All that we have to do is create a LoadBalancer, Incoming Port 80; Local Port 3000, and assign our 1 server to it. Then assign an A record to the app.domain.tld subdomain and your in business.

Caveats/Notes:

Loadbalancers can’t allow ICMPs, so no pinging.

LoadBalancers don’t seem to limited to the 15Max Rule of Firewalls. In a sense, I could open all the ports on my server’s IP, then only use the LoadBalancer IPs for front facing DNS. (Untested) Perhaps, setting the firewall of the server to only accept from the LoadBalancers’ IPs would circumvent the limitations at a loss of Ping.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.