How I Redirect Web Traffic to a Server on a Dynamic IP Address

[I believe this document is finished, if you notice something missing, or if you have any problems, then contact me.]

This document will assume you understand the basics of DNS, the Apache web server, SSH and Unix. SSH is not required, but it is suggested. I will not attempt to teach you any of these. Also, this comes with the standard no-warranty, claim. If you blow-up your computer from following, these directions, I cannot be responsible, in any way, shape, or form.

Requirements

• A DNS server
• An Apache web server
• A static IP address for the above servers
• A domain name, it does not matter what "level".
• A web server on a dynamic IP address

How My Way© Compares to "Dynamic" DNS

• Dynamic DNS would make the name joe.blow.com "point" to 123.123.123.123.
• Dynamic DNS works with every service, like FTP. My way© only works with web browsers.
• Not all DNS servers honor the "Time To Live" (TTL), "refresh", and "expire" values, which makes some systems are slow to respond to change in a DNS address.
• My way© is less "intrusive" to the system. A dynamic DNS server, would have to be setup some custom, way or at the least a very clever way, to be less intrusive than I've been.
• My way© takes effect as soon as the .htaccess file is created or deleted, no delay.
• Once the apache server is configured to use the .htaccess file, and most probably are already configured this way, you don't have to touch the apache configuration files again.

Some Notes Before We Get Started

• For these examples I'll be using joe.blow.com as the name to redirect to your dynamic server.
• The dynamic IP addresses I'll be using in this docunment are 123.123.123.*
• The static IP address I'll use for this document is 1.2.3.4
• I use SSH to execute commands on the server, if you don't want to use SSH, then you're on your own.
• It shouldn't be too hard to make a web/http based interface, with passwords and such.
• Even though I only explain how to do this for linux/unix, it should be possible to do from windows, thats where a web based interface would come in handy.
• If I were to make a http interface, I'd use PHP, and a database, but I won't cover that now, maybe in the future.
• I'll assume you're using ppp to connect to the internet, if not, you'll have to adapt.

Configuring the Static Server

• Make sure the name you want to use for the dynamic server is in DNS, and "pointing" to the static server. (in these examples joe.blow.com points to 1.2.3.4)
• Make sure .htaccess works, if you don't know what that is, then RTFM (Apache).
• Here is an entry in the apache configuration that works for me

  <VirtualHost joe.blow.com>
  DocumentRoot /home/users/joe/www
  ServerAdmin webadmin@blow.com
  ServerName joe.blow.com
  ServerAlias *.joe.blow.com
  ErrorDocument 404 /
  <Directory /home/joe/www>
  AllowOverride All
  </Directory>
  </VirtualHost>
  

• You may not need to make any changes to your apache configuration, the most important line can be added to the .htaccess file.
• The "AllowOverride All" line allows the .htaccess file to work.
• The "ErrorDocument 404 /" can be put in the .htaccess file, I suggest you put it in the server config.
• We need a small "helper script" on the static server. We could probably get away without this script, but it helps make things clearer.
• Here is what my shell script looks like, I called it "redirect", call your script whatever you want.

  echo -e "Redirect / http://$1/">/home/joe/www/.htaccess
  

• After you make your "helper script" don't forget to "chmod +xxx redirect", so that it can be executed.
• Make sure the ssh public key (~/.ssh/indenity.pub) for the root account on the dynamic server is in the ~/.ssh/authorized_hosts on the static server, if a key does not exist generate one with "ssh-keygen" (on the dynamic server).
• Create a web page at /home/joe/www/index.html saying you're not online right now. Instruct visitor to use the refresh button on their browser to see if you're online.

Configuring the Dynamic Server

• You could do all of this section by hand, but I'll show you how to never touch it again.
• There is a line in the /etc/ppp/ip-up file that starts /etc/ppp/ip-up.local, some versions don't pass all the arguments. I know RedHat 6.2 does this properly, but not 5.x.
• Look in the "/etc/ppp/ip-up" file for "/etc/ppp/ip-up.local, you'll see it twice. The first one, is a test to make sure the files exists, the second one runs the file. You should see "/etc/ppp/ip-up.local $*" for the second one, if you don't see "$*", you'll have to add it. (you should see "$*" after the second occurance of "/etc/ppp/ppp-up.local", do not add it to the first occurance). This just makes sure that the ip-up.local is started with the proper arguments.
• add the following line to /etc/ppp/ip-up.local file.

  /full/path/on/dynamic/server/to/ssh -l root 1.2.3.4 /full/path/on/static/server/to/redirect $4
  

• Add the following line at the beginning of the /etc/ppp/ppp-off file

  /full/path/on/dynamic/server/to/ssh -l root 1.2.3.4 rm /home/joe/www/.htaccess
  

• If you're using the .htaccess file for anything else (like the ErrorDocument directive), you'll have to use something different than the above line.
• I suggest you put "redirect" in /home/joe/bin/
• if you want the full path to ssh (or or any command in $PATH), type "which ssh"
• You can't use the up-down.local, because it is not run untill after the the ppp connection is dropped, and we want to tell the static server, that we're offline, that is why we add that line to ppp-off.
• Make sure your apache configuration has the "ServerName" directive set to "joe.blow.com"

How Everything Works

1. The dynamic server is connected to the internet with the /etc/ppp/ppp-on script
2. After the ppp connection is established, the /etc/ppp/ip-up.local script is run
3. The ip-up.local script connects to the static server with ssh, and runs "redirect" (on the static server) with our dynamic IP address as its argument.
4. On the static server, the "redirect" script creates the .htaccess file in the proper directory, which looks something like:

   Redirect / http://123.123.123.123/

1. The .htaccess file has the magic Redirect directive, that generates a code 302, which is a redirect, to your dynamic IP address. The index.html is ignored, because of the Redirect directive. Everything is redirected to your dynamic server, so "http://joe.blow.com/somepage.html" is redirected to "http://123.123.123.123/somepage.html".
2. When the web browser get the code 302, it redirects to your dynamic web server. The code 302 is embedded with your dynamic IP address

1. The script /etc/ppp/ppp-off is executed on the dynamic server, starting the disconnection procedure.
2. Before you're disconnected, ppp-off uses ssh to delete the /home/joe/www/.htaccess file on the static server.

1. if some one tries to connect to "http://joe.blow.com/" you'll get the default page on the static server, saying you're not online.
2. if someone tries to connect to "http://joe.blow.com/somepage.html" they'll get the code (error) 404 document, which is the index.html page on the static server saying you're not online.

TroubleShooting Help and Some Tips

Well, I've tried to be helpful, and give some extra tips and explinations, so here are some trouble shooting tips that may help.
• If you don't have "netcat" installed, do that right away, it truly is "the swiss army knife of TCP/IP utilities"
• If you're working with virtual hosts that don't have a DNS entry, then it is really tough to test things with a web browser, but with echo and netcat you can generate your own headers. Try the following: echo -e "GET /somepage.html HTTP/1.0\nHost: joe.blow.com\n"|nc 1.2.3.4 80
• to see exactly what headers your web browser is sending to the web server, try the following nc -l -p 8080, then connect your browser to http://name.or.ip.of.server:8080/. You should see what your web browser is sending to the web server.
• Using netcat with echo is incredibly flexible, and bypasses all the goofy browser behavior, like caching pages, even though you've hit "refresh", and allows you to see the real header returned by your static server, showing any redirect.
• If you're working with DNS and don't know about "dig", then you don't know what you're missing. type dig a joe.blow.com, you'll never use "nslookup" again.
• Don't forget to look at your error logs if stuff don't work properly.
• Use the IP addresses when connecting to the static server with SSH, so that it won't delay the ppp-on/ppp-off scripts more than necessary.
• If you want to bookmark a page, edit your saved bookmark to replace the IP address with the name of the server (joe.blow.com).