DNS and Web redirects

Due to how certificates work, the powerschool servers must reside in the remc1.net domain. We use a redirect on webservices.remc1.net to move users into the correct place. The reason we do this instead of just using a CNAME to point from ps.SCHOOLDOMAIN.org to psschool.remc1.net is that the CNAME keeps the ps.SCHOOLDOMAIN.org URL (alias style) so the *.remc1.net cert will not work since the URL is SCHOOLDOMAIN.net. The redirect below changes the URL in the end user's browser; when they type in ps.SCHOOLDOMAIN.org, it will actually change the URL to psschool.remc1.net. 

The PS redirect file is located on web6,  /etc/apache2/sites-enabled/010-powerschoolRedirects.conf


I will use the CCISD as an example. On the CCISD website there is a link to PowerSchool which points to http://powerschool.copperisd.org. This is a CNAME to webservices.remc1.net.  Inside webservices there is a virtual host that does a redirect to pscopperisd.remc1.net. pscopperisd will differ from the inside and the outside.   On the inside DNS this is CNAMEed to the current PowerSchool server (at time of writing that is ps2copperisd.remc1.net). On the outside that is an A record to the one public IP that is held by the PowerSchool server for the CopperISD. I have also inserted CNAMES for all the ps1, ps2, etc. on the outside to point towards it's A record.

OutsideInsideVirtual Host config

pscopperisd.remc1.net. IN A

ps1copperisd.remc1.net. IN CNAME pscopperisd.remc1.net.

ps2copperisd.remc1.net. IN CNAME pscopperisd.remc1.net.

pscopperisd     IN      CNAME   ps2copperisd

ps2copperisd     IN      A

ps1copperisd.remc1.net. IN      A

<VirtualHost powerschool.copperisd.org>
Redirect /public https://pscopperisd.remc1.net/public
Redirect /teachers https://pscopperisd.remc1.net/teachers
Redirect /subs https://pscopperisd.remc1.net/subs
Redirect /admin https://pscopperisd.remc1.net/admin
Redirect /bulletin http://pscopperisd.remc1.net/bulletin
Redirect / https://pscopperisd.remc1.net/public

As you can see, the way the virtual host is setup will cause the same name to be resolved on the outside as well as the inside. On the outside the VIP will never change, so that's the A record. Where as on the inside the host may so that's the CNAME. You will need to reload apache on the web server in order for the new virtual host config to take hold. 

So, in short, the 2 things you need to change to drop a new PowerSchool server in will be:

  • The inside IP for the virtual IP on the fortigate
  • Add a new DNS record for the new server
  • The inside DNS CNAME 

Configs for example purposes:


psadams.remc1.net. IN A

ps1adams.remc1.net. IN CNAME psadams.remc1.net.
ps2adams.remc1.net. IN CNAME psadams.remc1.net.
ps3adams.remc1.net. IN CNAME psadams.remc1.net.

psbaraga.remc1.net. IN A
ps1baraga.remc1.net. IN CNAME psbaraga.remc1.net.
ps2baraga.remc1.net. IN CNAME psbaraga.remc1.net.

psbessemer.remc1.net. IN A
ps1bessemer.remc1.net. IN CNAME psbessemer.remc1.net.
ps2bessemer.remc1.net. IN CNAME psbessemer.remc1.net.

pscopperisd.remc1.net. IN A
ps1copperisd.remc1.net. IN CNAME pscopperisd.remc1.net.
ps2copperisd.remc1.net. IN CNAME pscopperisd.remc1.net.

pscts.remc1.net. IN A
ps1cts.remc1.net. IN CNAME pscts.remc1.net.
ps2cts.remc1.net. IN CNAME pscts.remc1.net.

psdollarbay.remc1.net. IN A
ps1dollarbay.remc1.net. IN CNAME psdollarbay.remc1.net.
ps2dollarbay.remc1.net. IN CNAME psdollarbay.remc1.net.

psetc.remc1.net. IN A
ps1etc.remc1.net. IN CNAME psetc.remc1.net.
ps2etc.remc1.net. IN CNAME psetc.remc1.net.

psfp.remc1.net. IN A
ps1fp.remc1.net. IN CNAME psfp.remc1.net.
ps2fp.remc1.net. IN CNAME psfp.remc1.net.

psgoisd.remc1.net. IN A
ps1goisd.remc1.net. IN CNAME psgoisd.remc1.net.
ps2goisd.remc1.net. IN CNAME psgoisd.remc1.net.

pshan.remc1.net. IN A
ps1han.remc1.net. IN CNAME pshan.remc1.net.
ps2han.remc1.net. IN CNAME pshan.remc1.net.

pshoughton.remc1.net. IN A
ps1houghton.remc1.net. IN CNAME pshoughton.remc1.net.
ps2houghton.remc1.net. IN CNAME pshoughton.remc1.net.

psironwood.remc1.net. IN A
ps1ironwood.remc1.net. IN CNAME psironwood.remc1.net.
ps2ironwood.remc1.net. IN CNAME psironwood.remc1.net.

psll.remc1.net. IN A
ps1ll.remc1.net. IN CNAME psll.remc1.net.
ps2ll.remc1.net. IN CNAME psll.remc1.net.

psoasd.remc1.net. IN A
ps1oasd.remc1.net. IN CNAME psoasd.remc1.net.
ps2oasd.remc1.net. IN CNAME psoasd.remc1.net.

psremc1.remc1.net. IN A
powerschool.remc1.net. IN CNAME psremc1.remc1.net.
ps1remc1.remc1.net. IN CNAME psremc1.remc1.net.
ps2remc1.remc1.net. IN CNAME psremc1.remc1.net.

pswakefield.remc1.net. IN A
ps1wakefield.remc1.net. IN CNAME pswakefield.remc1.net.
ps2wakefield.remc1.net. IN CNAME pswakefield.remc1.net.

pswatersmeet.remc1.net. IN A
ps1watersmeet.remc1.net. IN CNAME pswatersmeet.remc1.net.
ps2watersmeet.remc1.net. IN CNAME pswatersmeet.remc1.net.

;PowerSchool DNS CNAME
psadams IN CNAME ps3adams
psbaraga IN CNAME ps2baraga
psbessemer IN CNAME ps2bessemer
pscopperisd IN CNAME ps2copperisd
pscts IN CNAME ps2cts
psdollarbay IN CNAME ps2dollarbay
psetc IN CNAME ps2etc
psfp IN CNAME ps2fp
psgoisd IN CNAME ps2goisd
pshan IN CNAME ps2han
pshoughton IN CNAME ps2houghton
psironwood IN CNAME ps2ironwood
psll IN CNAME ps2ll
psoasd IN CNAME ps2oasd
psremc1 IN CNAME ps2remc1
pswakefield IN CNAME ps2wakefield
pswatersmeet IN CNAME ps3watersmeet
psstanton IN CNAME ps2stanton

;New Powerschool servers
ps3adams IN A
ps2baraga IN A
ps2bessemer IN A
ps2copperisd IN A
ps2cts IN A
ps2dollarbay IN A
ps2etc IN A
ps2fp IN A
ps2goisd IN A
ps2han IN A
ps2houghton IN A
ps2ironwood IN A
ps2ll IN A
ps2oasd IN A
ps2remc1 IN A
ps2wakefield IN A
ps3watersmeet IN A
ps2stanton IN A

;old powerschool servers
ps1adams.remc1.net. IN CNAME ps2adams.remc1.net.
ps2adams.remc1.net. IN A
ps1baraga.remc1.net. IN A
ps1bessemer.remc1.net. IN A
ps1copperisd.remc1.net. IN A
ps1cts.remc1.net. IN A
ps1dollarbay.remc1.net. IN A
ps1etc.remc1.net. IN A
ps1fp.remc1.net. IN A
ps1goisd.remc1.net. IN A
ps1han.remc1.net. IN A
ps1houghton.remc1.net. IN A
ps1ironwood.remc1.net. IN A
ps1ll.remc1.net. IN A
ps1oasd.remc1.net. IN A
ps1remc1.remc1.net. IN A
ps1wakefield.remc1.net. IN A
ps1watersmeet.remc1.net. IN A
ps1stanton.remc1.net. IN A