Here is the environment:
Web server: web.firma.de at 192.168.1.12 with an A record pointing to web.firma.de
Mail server: mail.firma.de at 10.2.2.99 (orange) with an A record pointing to sogo.firma.de
at the moment we do this with firewall rules
port 7443 from red >> 192,168.1.12:443
port 443 from red >> 10.2.2.99 (sogo)
But in future there will be 2 new web frontends and the users of firma.de are unhappy with long link adresses … and IP numbers . It’s a source of many mistakes and trouble ! Is there another way to make a “track switch” ? HAProxy and new A records ?
if I got your requirement correctly, you are dealing with HTTP(S) traffic.
In this case, HAProxy should fit the bill - it is available as an add-on in IPFire -, but I think it might be a bit of an overkill. Any modern web server capable of TLS SNI, virtual sites and proxying requests to a backend server should suffice.
IPFire already comes with Apache for its web interface. In theory, you could manually extend its configuration to reflect the situation described, but at the moment, I am not sure whether using a dedicated add-on would be a better idea in terms of security.
It is not very practicable to use many port forward rules like from red port 7443 > green 192.168.1.2 port 443
I tought it is possible with HAProxy. But documentations is more then old testament and examples are not very good to understand …
Or is there another way to solve this ??
The goal is to achieve 3 web servers behind the firewall. There is one static public IP for all 3 servers.
Generally speaking, you need to set up a server block for each subdomain. Each “server” then proxies the request to the respective backend server.
IPFire only forwards port 80 and 443 to the SSL proxy, there is no direct access to the backend servers from the outside world.
Finally I used include files to add common configuration directives (i.e. SSL, security headers, HTTPS redirect) to all the server blocks.