James wrote:
So the best I can do is forward all traffic( 80, 443, etc) for the
group of websites to a proxy behind the firewall, then use software
such as what kashani suggested (proxypass, Squid, ngnix,
lighttpd, or Varnish) and parse the traffic with some form of
vhosts implementation on a single server (nated IP)?
That's not quite correct.
Let's assume you don't install anything on the firewall. Instead you'll
forward port 80 to a single server internally on port 4080 which you've
set Squid, Varnish, Ngnix, or Lighttpd to listen on.
internet -> firewall:80 -> server1:4080
Your proxy accepts the connection and then looks at its config or in
most case the proxy is smart enough to use DNS to go to the server it
needs. Using DNS might be an issue in your case since the IPs will
resolve to the single public IP.
site1 -> server1:80
site2 -> server2:80
site3 -> server3:3128
site4 -> server1:80
site5 -> server123.dreamhost.com:80
site6 -> localhost:80
site6/newapp -> server7:80
site6/newapp1 -> server8:80
and so on. You can really do just about anything here.
All connections are going to come through your proxy, but the serving of
the pages will be done by the web servers. I would not worry about the
number of connections to your proxy, all the proxy solutions list above
about are capable of handling a few thousand connections.
Here's the link to the Apache proxy module. It should give you some
ideas on what you can do. I recommend using some other proxy software
than Apache just to simplify the setup and make it easier to hold the
system in your head. Also prefork Apache is the slowest and uses the
most resources of your options which is another reason to use a seperate
proxy.
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
kashani