Hello guys,
i would like to host two websites, both HTTPS from one IPFire. These two websites should have two external domain names which we can achieve with two different DynDNS names.
Question now is how to configure the firewall rules so that i can serve them both on the same port from external clients? Is it even possible, and when how?
The thing is that both websites should run on different machines in the DMZ, with different IP´s.
Since requests to these two websites will arrive on <your public IP>:443, you will need a reverse proxy to forward them to the proper machine on the DMZ according the their HTTP Host header.
I personally would use Caddy for that since it makes handling certificates super easy, but Nginx, Apache or HA Proxy will also work.
Caddy is not available in the debian repositories but installing it manually is easy, drop a binary somewhere, create a systemd unit and you are done.
I recommend it because the full configuration with certificate renewal would literally be: