Understanding port forward 80 and 443
-
A rather rudimentary question but I am getting myself confused. Hoping someone can help clear the fog !
My setup has a virtualized pfsense instance on a proxmox server. On the same promox server, I have a kubernetes cluster and a freepbx vm (outside the kubernetes cluster). On the pfsense sifde, I am using dns-over-tls with dns resolver.
To setup letsencrypt certs on the freepbx vm, I used their inbuilt tool. To make it work, I had to open port 80 on pfsense to allow validation.
Now, I am looking to setup letsencrypt on my kubernetes cluster. I am using traefik ingress controller with cert-manager package with http01 validation, which also requires opening of port 80. Here is where I get lost.
I know I can use the pfsense letsencrypt package with haproxy - lets assume I don't want to go that route for now.
my questions:
-
Is there any risk to opening 80 and point it to the freepbx server or kubernetes cluster ? I see some people doing this manually - open the port and close it down only when cert renewal is required - which is rather cumbersome.
-
can you have two port forward rules for port 80? one for the freebx server and one for the kubernetes cluster? Doesn't make sense to me but not sure how to think about this when both of them require port 80 to be open for lensencrypt validation?
Will appreciate some insight into this. Thx..
-
-
afaik not from the same source without the help of haproxy
only if you have 2 different public IP -
@vacquah said in Understanding port forward 80 and 443:
Is there any risk to opening 80 and point it to the freepbx server or kubernetes cluster ?
You are relying on the security of whatever is listening on port 80 on the freepbx and kubernetes cluster in that case.