Friday, June 8, 2012

Apache and IIS side by side (both listening to port 80) on windows2003

What are some good ways to do this? Is it even possible to do cleanly?

Ideally I'd like to use packet headers to decide which server should handle requests. However, if there is an easier/better way let me know.

Source: Tips4all


  1. It's impossible for both servers to listen on the same port at the same IP address: since a single socket can only be opened by a single process, only the first server configured for a certain IP/port combination will successfully bind, and the second one will fail.

    You will thus need a workaround to achieve what you want. Easiest is probably to run Apache on your primary IP/port combination, and have it route requests for IIS (which should be configured for a different IP and/or port) to it using mod_rewrite.

    Keep in mind that the alternative IP and port IIS runs on should be reachable to the clients connecting to your server: if you only have a single IP address available, you should take care to pick an IIS port that isn't generally blocked by firewalls (8080 might be a good option, or 443, even though you're running regular HTTP and not SSL)

    P.S. Also, please note that you do need to modify the IIS default configuration using httpcfg before it will allow other servers to run on port 80 on any IP address on the same server: see Micky McQuade's answer for the procedure to do that...

  2. I found the following link which suggested to have two separate IP addresses so that both could listen on port 80:

    There was a caveat that you had to make a change in IIS because of socket pooling. Here are the instructions based on the link above:

    Extract the httpcfg.exe utility from the support tools area on the Win2003 CD.
    stop all IIS services: net stop http /y
    have IIS listen only on the IP address I'd designated for IIS: httpcfg set iplisten -i
    make sure: httpcfg query iplisten (the ip's listed are the only ip addresses that IIS will be listening on and no other)
    restart IIS Services: net start w3svc
    start Apache service

  3. For people with only one IP address and multiple sites on one server, you can configure IIS to listen on a port other than 80, e.g 8080 by setting the TCP port in the properties of each of its sites (including the default one).

    In Apache, enable mod_proxy and mod_proxy_http, then add a catch-all VirtualHost (after all others) so that requests Apache isn't explicitly handling get "forwarded" on to IIS.

    <VirtualHost *:80>
    ServerAlias *
    ProxyPreserveHost On
    ProxyPass /

    Now you can have Apache serve some sites and IIS serve others, with no visible difference to the user.

  4. Either two different IP addresses (like recommended) or one web server is reverse-proxying the other (which is listening on a port <>80).

    For instance: Apache listens on port 80, IIS on port 8080. Every http request goes to Apache first (of course). You can then decide to forward every request to a particular (named virtual) domain or every request that contains a particular directory (e.g. to the IIS.

    Advantage of this concept is that you have only one server listening to the public instead of two, you are more flexible as with two distinct servers.

    Drawbacks: some webapps are crappily designed and a real pain in the ass to integrate into a reverse-proxy infrastructure. A working IIS webapp is dependent on a working Apache, so we have some inter-dependencies.

  5. You need at least mod_proxy and mod_proxy_http which both are part of the distribution (yet not everytime built automatically). Then you can look here:

    Simplest config in a virtualhost context is:

    ProxyPass /winapp

    ProxyPassReverse /winapp

    (Depending on your webapp, the actual config might become more sophisticated. )
    That transparently redirects every request on the path winapp/ to the windows server and transfers the resulting output back to the client.

    Attention: Take care of the links in the delivered pages: they aren't rewritten, so you can save yourself lotsa hassle if you generally use relative links in your app, like

    <a href=../pics/mypic.jpg">

    instead of the usual integration nightmare of every link being absolute:

    <a href="http://myinternalhostname/somedir/crappydesign.jpg">


    For rewriting links in pages there's mod_proxy_html (not to confuse with mod_proxy_http!) but that's another story and a cruel one as well.

  6. You will need to use different IP addresses. The server, whether Apache or IIS, grabs the traffic based on the IP and Port, which ever they are bound to listen to. Once it starts listening, then it uses the headers, such as the server name to filter and determine what site is being accessed. You can't do it will simply changing the server name in the request