Multiple windows webservers on green (1 red)

Hi, probably a stupid question

but i have multiple green webservers, and i want to route them with a subdomain… → green network .10 → green network .20

i made an A dns record for * to the RED adapter

i tried the DNS forwarding… and im kinda stuck with the firewall rules and the DNS part…
because both are port 80 off course (later ill use https)

Any suggestions are welcome

This cannot be done by a DNS.

You need a reverse proxy (RP) to get the incoming traffic and redistribute it to the right server according to the domain name.

You can run the RP inside your green network, then you need to setup a port forward on the firewall to deliver the traffic from IPFire to the RP machine and from there according to the rules of the RP, to the final destination. Or, you install directly on IPFire a RP but then you need to allow access to the firewall from the red interface.

On IPFire, you can use either nginx or HAProxy as RPs.

In synthesis, traffic arrives from the WAN to IPFire based on the DNS entry, IPFire either does a DNAT (at the router layer) and forwards the packets to a green zone RP server, which then routes to its final destination, or directly forwards to the final destination at the application layer using a RP configured for this task (nginx or HAProxy).

At least, this is how I understand the issue. I have yet to setup a project to experiment the steps involved. This is my low resolution map of the tasks involved at this point in time.

EDIT, I am still thinking which solution would be best. On one end RP on IPFire means no port forward and only one hop to the destination, which is a simpler system. On the other end, I am terrified to allow access to the firewall from the red interface, therefore I think I will try to have a DNAT to an internal RP server.



I dont wont to spin up extra hardware to provide RP, so installing it on the IPFire is an option for me…
I DO think that firewall rules should be implemented with great care, so this is something to take in mind.

Im not a linux guy, so this is something i need to outsource.
Im just hoping that there is a ‘clickable’ interface to configure the HAProxy :slight_smile:

I installed haproxy using the Pakfire UI, but unfortunately there is no visible UI to configure it…

That is correct. As per the ipfire haproxy wiki page link in post 2 you have to edit the config file yourself.

As always, the developers would be more than happy if anyone out there wanted to submit a patch for a wui page for the haproxy.

Details for how to submit patches are in the wiki under the development menu section.

Details for how a menu page could be created can be found by looking at the code for something like the wio or samba addons.