NAT Reflecition or new Port Forward (or haproxy?)
-
Hi,
after searching hours on a solution, testing and logging I decided to ask here (for a hint):The server (docker): providing some web services - same IP/host - on different ports:
80, 443, 8080, 4443,..I port forwarded from the reverse proxy to firewall > NAT to the server:
- 2.3.4.5 * [source] > WAN adress 8080 [Dest.] > 10.0.0.10 8080 [NAT]
- 2.3.4.5 * [source] > WAN adress 443 [Dest.] > 10.0.0.10 443 [NAT]
- ...
Reverse proxy, to simply have multiple dns (one.example.com & two.example.com) to my single IP [WAN]
nginx - one.example.conf:map $http_upgrade $connection_upgrade { default upgrade; '' close; } map $http_x_forwarded_proto $thescheme { default $scheme; https https; } server { listen 80; server_name one.example.com; return 301 https://$host$request_uri; } # SSL configuration server { listen 443 ssl; server_name bitwarden.panner.app; set $upstream [WAN]:8080; location / { proxy_pass http://$upstream; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header X-Forwarded-Proto $thescheme; } }
I split DNS those, to use them on my LAN.
- one.example.com > 10.0.0.10
- two.example.com > 10.0.0.10
Tested via dig/nslookup on my machines: they resolve as expected.
Except the 443/80 webservices, I cannot reach those websites from LAN (external fine!). Thats obvious... I thought ...
Split-dns knows nothing about the 8080 & 4443 ports, I decided to try NAT reflection.So tried both NAT reflection options.
External dns is working over the reverse proxy, as the internal IP adresses with the port (10.0.0.10:8080)
But I could not reach the services (8080,4443,..) via the DNS adresses in LAN.Hope someone can give me a hint where to look at, or what I need to accomplish an ez to use dns (pref. without moving those services to multiple VMs).