How to build "track switch" for many of Web-Frontends?

Here is the environment:
FQDN: firma.de
ipfire/green: 192.168.1.1
Web server: web.firma.de at 192.168.1.12 with an A record pointing to web.firma.de
Mail server: mail.firma.de  at 10.2.2.99 (orange) with an A record pointing to sogo.firma.de

at the moment we do this with firewall rules :slight_smile:
port 7443 from red >> 192,168.1.12:443
port 443 from red >> 10.2.2.99 (sogo)

But in future there will be 2 new web frontends and the users of firma.de are unhappy with long link adresses … and IP numbers .
It’s a source of many mistakes and trouble !
Is there another way to make a “track switch” ? HAProxy and new A records ?

Hi,

if I got your requirement correctly, you are dealing with HTTP(S) traffic.

In this case, HAProxy should fit the bill - it is available as an add-on in IPFire -, but I think it might be a bit of an overkill. Any modern web server capable of TLS SNI, virtual sites and proxying requests to a backend server should suffice.

IPFire already comes with Apache for its web interface. In theory, you could manually extend its configuration to reflect the situation described, but at the moment, I am not sure whether using a dedicated add-on would be a better idea in terms of security.

Thanks, and best regards,
Peter Müller

Hello,again,
sorry, but we have already the same problem … but now there is one web server more listening on port 443 + 80

I tried to solve with HAProxy, but I’m too old for that …

… … … … … … … … … … … … … … / orange> email.firma.de:443 ( +80 Let’sEncrypt )
… … … … … … … … … … … … … …/
internet 111,222,333,444 —> red > iPFire - green> | ---- >web2.firma.de:443
… … … … … … … … … … … … …|… … … … …| ------> web3.firma.de: 443,80
… … … … … … … … … … … … … |
… … … … … … … … … … … … … |.blue (WLAN)

It is not very practicable to use many port forward rules like from red port 7443 > green 192.168.1.2 port 443
I tought it is possible with HAProxy. But documentations is more then old testament and examples are not very good to understand …
Or is there another way to solve this ??
The goal is to achieve 3 web servers behind the firewall. There is one static public IP for all 3 servers.

Browser input >> ipfire >> destination
https://a.firma.de >>>>>>> 192.168.1.100
https://b.firma.de >>>>>>> 192.168,1,101
https://c.firma.de >>>>>>> 192.168.1.102:80

Is there any idea ?

Not an expert. Would try Reverse proxy.
With Nginx. lots of documentation on the web.