Hello guys,
i would like to host two websites, both HTTPS from one IPFire. These two websites should have two external domain names which we can achieve with two different DynDNS names.
Question now is how to configure the firewall rules so that i can serve them both on the same port from external clients? Is it even possible, and when how?
The thing is that both websites should run on different machines in the DMZ, with different IP´s.
Greetings
Since requests to these two websites will arrive on <your public IP>:443, you will need a reverse proxy to forward them to the proper machine on the DMZ according the their HTTP Host header.
I personally would use Caddy for that since it makes handling certificates super easy, but Nginx, Apache or HA Proxy will also work.
Thanks for your answer!
Do you have a Howto which you can recommend?
Caddy does not seem to be included in Debian, i tried i myself with NGINX but i couldn´t make it working.
Caddy is not available in the debian repositories but installing it manually is easy, drop a binary somewhere, create a systemd unit and you are done.
I recommend it because the full configuration with certificate renewal would literally be:
https://your-first-website.com:443 {
tls your-email@domain.com
proxy / {
upstream 10.10.0.2:80
}
}
https://your-second-website.com:443 {
tls your-email@domain.com
proxy / {
upstream 10.10.0.3:80
}
}
Now with nginx the concept is similar: define two vhosts and in each one just add:
location / {
proxy_pass http://10.10.0.2:80;
}