: Multiple Web servers on a single IP A few other questions on here cover how to do this on a single server but I'm having trouble figuring out how to build this with multiple Web servers
A few other questions on here cover how to do this on a single server but I'm having trouble figuring out how to build this with multiple Web servers behind a single external IP.
I have a simple network of:
{Interwebs} <--> PfSense (router/firewall) <--> multiple Web servers on the same LAN
I have a single external IP address on the PfSense box and a single domain I own, example.com. I can create DNS A records for app1.example.com, app2.example.com and so on that point to that one IP. In the internal network I have several Web apps all running on their own server.
What would I need to do to have external clients able to reach each of those internal Web servers over a unique subdomain? A "reverse proxy" or something else? What Linux-compatible software is commonly used for this?
All of the Web apps would be available only via HTTPS (HTTP would be available but always redirect to HTTPS) and each Web app would have its own SSL certificate. I can likely ignore/not support older clients (such as those that don't support SNI) if it helps.
More posts by @Heady270
1 Comments
Sorted by latest first Latest Oldest Best
off topic but you can use nginx as a reverse proxy. Create your domain.conf in /etc/nginx/conf.d/
Below pulled from working config nginx version: nginx/1.9.15, you can repeat stanzas for each app but i would break them up into app.domain.conf, app1.domain.conf, etc
server {
listen 80;
server_name *.domain.com; #redirect http to https
return 301 $host$request_uri; }
server {
listen 443 ssl http2; #use http2 if you install from nginx.org repo
app1.domain.com server_name app1.domain.com;
ssl on;
ssl_certificate ssl/app.domain.crt; #to your cert
ssl_certificate_key ssl/app.domain.key; #to your key
ssl_stapling_verify on;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header x-xss-protection "1; mode=block" always;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
location / {
proxy_pass interal_ip_to_app1:8080/; }
}
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.