Help: Point subdomains to multiple services/hosts behind single public IP

  • I'm wanting to point specific subdomains to a paticular service on multiple internal hosts behind 1 public IP. For example... --> PUBLIC IP (the one and only public IP)** -->** INTERNAL HOST 1 --> PUBLIC IP (the one and only public IP) --> INTERNAL HOST 2

    I have A records pointing the and to the same public IP address.

    From there I've taken a stab in the dark an tried to use the DNS resolver to interpret the requests and resolve them to the internal hosts IP addresses as below.
    Screenshot from 2020-07-26 23-05-10.png

    No luck or perhaps this is the totally wrong approach?

    Also setup port forwards for each host. Each host is running web services on ports 80 and 443 however when accessing or, the browser gives me what host 1 is serving on both domains.

    I know the easiest way would be to run these services within a domain on web hosting panel but basically I need each service running on their own host machines (VM's).

    This is the 3rd attempt I've made at setting this up over the past 2 years so certainly banging my head against the wall. Would be super greatful if someone could point me in the righ direction! Thanks in advance.

  • LAYER 8 Global Moderator

    If you want say sub1 to go to and sub2 to got .101

    You would use a reverse proxy for that. The HAproxy package.

  • Cheers thanks for confirming this.

    I believe I've setup the front and backends correctly in the HAProxy package however, there are two factors which I believe might not be giving me the desired result.

    I have Cloudflare for DNS hosting which then point my A records for these subdomains to the same public IP address.
    Am I to disable SSL encryption with Cloudflare?

    Second thing is, is there some certificate setup required within pfSense in order for the front and backends to work as intended?

    I think I'm stuck and not sure what to do when it comes to secure connections.


  • LAYER 8 Global Moderator

    So the http traffic is working?

    Who host your dns has nothing to do with it somefqdn points to and otherfqdn also points to - matters not who resolves that on the public internet to

    Your using cloudflare as just dns, and not proxy?

    I have dns in cloudflare as well.. which is behind haproxy and works fine. Yes if you want ssl offloading to work, you would have to setup the cert on haproxy... If your just passing the traffic through then your end device would be doing the ssl, and yeah that would have to be setup correctly for it to work.

    Does the traffic get there or not? Just sniff or what error do you get when you try and go to https vs http?

  • Yeah so I've enabled DNS only on Cloudflares side of things.

    It seems I can't even hit the backends on port 80. I've got NGINX up on both backends.

    Here's what my HAProxy setup looks like. Obviously substituted some info fo provacy reasons.

    ![alt text](image url)Screenshot from 2020-07-29 12-34-42.png
    Screenshot from 2020-07-29 12-35-06.png
    Screenshot from 2020-07-29 12-33-28.png

    As for the firewall rule, I've just setup a pass on port 80 specifically for this HAProxy setup. I've also tried destination as "This firewall" with no luck.

    Screenshot from 2020-07-29 12-38-40.png

    This is doing my head in!

  • LAYER 8 Global Moderator

    Not sure what your trying to do there with your firewall rule? The dest would be your wan address to allow traffic to your wan IP, so the ha proxy can see the traffic and then send it to your backends.

  • Thanks for your help, it seems that there were two things holding me up (if anyone else is in the same boat).

    HTTP health checks were enabled and not configured so it seems pfSense was detecting my backends as offline therefore not pointing anything through. Second thing was my firewall rule for this was completely wrong and should be as @johnpoz has indicated.

    Now that I am able to point frontend to back for HTTP traffic, what is the ideal method for setting this up for multiple custom ports?
    The schenario would be as follows:> (ports 20, 30)> (ports 20, 31) *note this has a service running on port 31

    I setup some port alias's for each, however it seems that the HAProxy package won't acknowledge the input of alias's.
    My thinking in doing so was that in some cases, multiple hosts might have the same services running on the same ports, but different hosts.

    So then, I assume there would be some manual setup for each host, is that correct?

    If so, is it as simple as adding these additional ports to each backends?

    Thanks for your help @johnpoz much appeciated.

Log in to reply