MikroTik

Hi everyone,

I have two Virtual Machine inside the computer A.



I would like the outside people be able to reach one hosted website on the VM1

Is there any possibility inside the RouterOS to redirect the traffic according the URL ?

I'm using a Dynamic DNS (VM1.DDNS.com for exemple)

If not possible or too heavy for my router (RB750Gr3) did you know another alternative ? (even if I have to put a machine between the Hex & PC A)

Thank you

Gr3 is OK for this! First we need to know is if ISP Router is in bridge mode or in router mode!

Thank you @ingdaka for the moment the isp router is in router mode (but I'll change this in a near futur and only my Gr3 will "route")

I've discover an interesting solution , by the DNS record of the DDNS service (that not resources consuming)

I believe that if you have multiple websites behind a router, access to each website would require different ports through the router, one for each address. I think you'd have to set up your dynamic DNS provider to point your website names like this:

VM1.DDNS.com -> your.dyn.ip.address:8080
VM2.DDNS.com -> your.dyn.ip.address:8081

is this possible ?

No, you can not use your DNS provider to redirect to different port. When you do an DNS request, you only get an IP address of the server to reach.

There ware two (may be more) solution for this.

If both your Webserver are on the same server, both Windows and Linux can have multiple server that it redirects to based on DNS name.
If you have multiple servers Windows/Linux, and even different port 80, 8001 etc, I do suggest you look at an reverse proxy.

I do use HaProxy (free, fast) for multiple servers/cameras etc on my inside network. HaProxy can rederect/load balance use HTTPS +++
For example config, just ask, and I will give you a minimum config.

There is a thing called DNS SRV record where a port is a part of the reply, but the question is whether your DDNS provider supports SRV records. Worse than that, browsers didn't when I've checked last time some years ago.

Web browsers and SRV records are caught in chicken & egg problem. Nobody will add SRV record for their http(s) server, because no browser would be able to use it. And browsers won't add support, because it would require sending additional DNS query for every single hostname. Even worse, they would have to wait for response (positive or negative), to know if they should ask for A/AAAA records for this or some other hostname (specified in SRV record if there would be some). So it would mean increased latency for all and 50% increase of DNS queries. And for nothing, because currently nobody has any SRV records for http(s). And even in future, it's unlikely that it would become very popular. The problem it solves is lack of addresses, but that applies only to IPv4, which in theory should be already on the way out.

So until IPv6 takes over, the solution is (as was already mentioned) reverse proxy. There are even different ones to choose from.

..I do use HaProxy (free, fast) for multiple servers/cameras etc on my inside network. HaProxy can rederect/load balance use HTTPS +++
For example config, just ask, and I will give you a minimum config.

finally I have the time to take care of this.. I tried with my DDNS providers (dynu.com)
But I didn't succeed (I think they don't support https)

So i'll give a try with a reverse proxy. I would like to set this in a smallest lightweight possible VM.
I suck big time in Linux, So I don't know which distribution take (I took mint) and I don't know between HAproxy and NGINX which one to choose either :/
any advice ?

HAproxy is a (full blown) proxy while nginx is a HTTP server that can proxy. And, BTW, there's apache which is similar to nginx (and no, nginx is not that much better than apache, most of time performance is similar between the two).

Which to choose? If you forsee running a http(s) server for a domain or two, then go with one of http servers and it'll do both. If you only need proxy service, go with HAproxy, it's a bit lighter and supports different protocols, not only http.

Thank you @mkx !

no, on this machine I run just only a reverse Proxy, Si i guess I will go for HAproxy.
Can we "easily" reverseproxy website who are running on HTTPS ? (wordpress for exemple)

hello there.
how can i redirect a certain server ip to a url (xxxxxxx.com)

Can we "easily" reverseproxy website who are running on HTTPS ? (wordpress for exemple)

Most of HAproxy installations I've seen terminate SSL connections on HAproxy itself. This way certificate management is much easier because all certificate management is done centrally ... of course this only works if SSL is only used to encrypt communication and the authentication part of SSL (using personal certificates) is not used.

You can, however, configure HAproxy as transparent proxy for TCP connections and in this case HAproxy doesn't look into protocol properties ... meaning that HAproxy doesn't even know it's about https and hence doesn't use SNI. In this case it can't determine which named server is supposed to reply to connection request. If you want to pass SSL transparently to internal server and you want to use several https servers internally (serving different domains), then you have to use separate WAN TCP ports (which is IMHO disgusting) ... or go to solution #1 of terminating SSL by HAproxy and forward requests "inland" using plain http.

I didn't try it myself yet, but Nginx should be able to work with SNI hostname:

https://nginx.org/en/docs/stream/ngx_st ... odule.html

And HAproxy should support it too (third example):

https://www.haproxy.com/documentation/h ... ss-through

And HAproxy should support it too (third example):

https://www.haproxy.com/documentation/h ... ss-through

Nice catch, thanks for correcting me ... time for me to go back and redo some config ...