12 Jun 2013
Muliple IPs on an Ubuntu EC2 VPC? Yes, please!
Subtitled: Configuring a second ethernet adapter on an Ubuntu EC2 VPC instance
If you're wanting to have multiple valid SSL certificates for many domains (say, for Drupal a multisite running on Aegir) on a single EC2 instance you'll, of course, need multiple IP addresses. While Amazon's VPC offerings seem like an easy win there are a few twists to get the server to respond to that second internal IP.
Here are my notes, hopefully they'll be of some use to you. You might not need to do all of these, but I've found things to work better this way. These steps were used on Ubuntu 12.04 in June 2012 — things can change.
Get set up:
- Have one unique internal IP address (10.0.0.70, 10.0.0.80, etc) per network adapter
- Map the Elastic IP addresses to your internal IP
- I'm running Aegir and needed to map the Apache server not to the public IP used for the domain name, but the private internal IP address
Once you've done the the above, you'll likely find the server working fine on the first IP address but not responding on the second.
Here's what to do next:
- In the Amazon VPC Route Table console ensure you have a route entry for 0.0.0.0/0 using your IGW (this will look like igw-xxxxxx)
- SSH into your server
- If not root:
sudo su - root
- Initialize your secondary ethernet interface (don't do this for
ifconfig eth1 10.0.0.YOURIPHERE netmask 255.255.255.0
- Set up your interfaces
- For each adapter add (changing "1" for your adapter)
iface eth1 inet dhcp
- Start each adapter
- We should be able to
ifconfigand see the ethernet adapters up
- SSH into your server, become root
- For each ethernet adapter follow this pattern:
ip route add default via 10.0.0.1 dev eth0 tab 1
ip route add default via 10.0.0.1 dev eth1 tab 2
ip rule add from 10.0.0.170/32 tab 1 priority 500
ip rule add from 10.0.0.190/32 tab 2 priority 600
Good news is it works at this point, bad news is the ip routes and rules won't survive a reboot.
Let's make changes survive a reboot:
- Return to
vi /etc/network/interfaces; our file should look like:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet dhcp
- We modify the above, adding in the ip route and ip rule commands from before, but prefixing them with "post-up", like so:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp post-up ip route add default via 10.0.0.1 dev eth0 tab 1 post-up ip rule add from 10.0.0.170/32 tab 1 priority 500 auto eth1 iface eth1 inet dhcp post-up ip route add default via 10.0.0.1 dev eth1 tab 2 post-up ip rule add from 10.0.0.190/32 tab 2 priority 600
Related reading and things that helped me:
- AWS Forums: Unable to connect to EC2 instance in VPC
- Getting ip rules and routes to work on reboot: Ubuntu Linux Add Static Route
- Video on EC2 VPC multiple IP basics: How to add extra IP addresses on one EC2 Instance
Image credit: Flickr user "Andreas Beer"