Hacker News new | past | comments | ask | show | jobs | submit login
HowTo: Vista: Use NETSH to Run IIS7 & Apache on port 80
9 points by jdavid on May 16, 2009 | hide | past | web | favorite | 3 comments
Vista: Use NETSH to Run IIS7 & Apache

Setting up IIS7 & Apache to use virtual hosting on port 80

Introduction

Like many of you I was skeptical about Vista for a number of reasons, it had a cloudy feature set, rumors of palladium code, and well, people told me it was slow. And don’t forget that since it requires new drivers, most of the drivers are just coming out of beta and were quite buggy for some time.

However, I am here to tell you that there are some really KICK ASS features in Vista that you have never heard about, and the new NETSH or Network Shell command line tool is one of them. Linux users have had tools like the new NETSH for a while now, but now Windows has it two.

To make use of this little trick we are going to use NETSH HTTP (Network Shell) an upgraded command line utility that comes only with newer versions of Windows like Windows Server 2008 and Windows Vista. This particular command allows you to manage what ports you listen to for HTTP traffic.

By default most webservers listen to your computer’s loopback address 127.0.0.1 (http://en.wikipedia.org/wiki/Loopback) or LOCALHOST for traffic. The problem is that they also bind to port 80 on LOCALHOST, which blocks other applications or services on your computer from binding to that same port, which is exactly what we are trying to get around. Some default settings for server apps like apache and iis7 bind to all network interfaces (IP addresses) on port 80 making it worse. To get around this I use a little known fact of network architecture, which is that the loopback address of 127.0.0.1is not the only loopback address that is reserved for your computer. In fact the entire 127.x.x.x address space is reserved just for your internal machine.

I have to admit that I was inspired by this article on the web to overload the network interface with two IP addresses, but where they use the 192.x.x.x IP address space reserved for local internal networks (10.x.x.x is also reserved for the same purpose), so I decided to use the network reserved for your computer’s internal loopback, which results in fewer network effects on your local network where other computers in your office might need to communicate with you. So in my setup, you will have one external IP to send requests to, and multiple web servers responding to them.

The second part of this hack, requires you to use HTTP 1.1 protocols or virtual hosting. (http://en.wikipedia.org/wiki/HTTP#HTTP_1.1_Upgrade_header) HTTP added a very widely used but forgotten feature that specifies the HOST’s domain name in the http request. Many servers like IIS and Apache then use the domain name to determine which site to server. This allowed one machine to host many sites, and subdomains of a network. So in our network we want http://apache.foo.com and http://iis7.foo.com to host from the same server, so not only can we branch via a single server now, but we can branch between multiple servers by overloading the loopback.

{internet} => {ext IP 192.0.0.x} => {loopback 127.0.0.1} => {127.0.0.2:80 = apache, 127.0.0.3:80 => iis7}

Walkthrough (Vista)

Using NETSH HTTP to listen to 127.0.0.2 & 127.0.0.3

For additional reference on NETSH HTTP http://technet.microsoft.com/en-us/library/cc725882(WS.10).aspx

1. Open a command prompt

2. Type: netsh {enter}

3. Type: http {enter}

4. Check existing listeners

type: show iplisten {enter}

a. It should be blank

5. Add new listener to 127.0.0.2

type: add iplisten ipaddress=127.0.0.2

a. You should get ipaddress successfully added

6. Check existing listeners

type: show iplisten {enter}

a. It should show 127.0.0.2 in the list

7. Add new listener to 127.0.0.3

type: add iplisten ipaddress=127.0.0.3

a. You should get ipaddress successfully added

8. Type: exit

9. Type: netstat –an

a. Check for 127.0.0.2:80 & 127.0.0.3:80 in the list, this will show your bindings

b. If you see 0.0.0.0:80 you might need to reset iis with iisreset, and or configure iis to bind to a specific interface.

Configure hosts (file)

1. Navigate to “C:\WINDOWS\system32\drivers\etc”

2. Open “hosts” in your favorite text editor

a. (mine is jEdit, yours might be notepad.exe, or textpad.exe)

3. Add these two lines to the list

a. 127.0.0.3 iis7.foo.com

b. 127.0.0.2 apache.foo.com

4. Add any other DNS mappings

5. Save the file

6. Open a command line

7. Type: ipconfig /flushdns

8. Type: ping iis7.foo.com

a. Should show 127.0.0.3

b. may fail to ping if your server is not started or configured

9. Type: ping apache.foo.com

a. Should show 127.0.0.2

b. may fail to ping if your server is not started or configured

Stop IIS7

1. You will need to stop iis7 before starting apache because of some pre-startup checks.

Configure IIS7

1. Select your site

2. On the right hand side click the link “edit bindings”

3. In the dialog, where you see IP Address, and * (all interfaces), you will need to change that to 127.0.0.3

4. Make sure you have no bindings for iis7 set to * (all interfaces), and port 80.

5. Turn IIS7 on and see if it hits your site.

6. Turn IIS7 off and leave it off, so we can configure apache.

Configure Apache Listeners

1. Open httpd.conf in your favorite text editor

a. (mine is jEdit, yours might be notepad.exe, or textpad.exe)

2. Search for any Listen statements in the file.

a. You might see Listen *:80, or Listen 127.0.0.1:80

b. Change this to read Listen 127.0.0.2:80

c. Comment out any other Listen statements with a #

3. Save the file

4. Start Apache

a. I use wamp, so this is easy

5. Open a command line

6. Ping apache.foo.com

a. Should work now

7. Open a web browser and browse apache.foo.com

a. Should work now

Configure Dynamic Virtual Hosting Directories in Apache

(will add later, not necessary for now)

Start IIS7 up

1. Start IIS7 up.

2. Test iis7.foo.com

a. Ping iis7.foo.com

b. Open browser to iis7.foo.com

c. Both should work.




I don't use Windows, so I'm confused about what is listening on 192.x.x.x:80 and 127.0.0.1:80. If there is some kind of layer 7 reverse proxy (in IIS, apache, or some other software) listening on the public addresses, why does it matter which port, or even which localhost 127/8 address, is being listened on by the backend servers? Just have IIS listen on 8080 and apache on 8081, and then

   {internet} => {ext IP 192.0.0.x = reverse proxy} =>
        {127.0.0.1:8081 = apache, 127.0.0.1:8080 => iis7}
If you really want to browse those locally, from the server, using the names iis7.foo.com and apache.foo.com, then I can see using addresses in 127/8 and adding the entries to the HOSTS file, but this doesn't seem to be that valuable of a feature.


the problem arose in that i had to use port 80, and that the host file would not let you redirect a hostname to a hostaddress:port


There's a kernel mode HTTP listener in Windows, which has its own cache and logging .. IIS (more specifically w3wp.exe worker processes) get requests and respond through named pipes.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: