MikroTik

I have a block of IP addresses that my data center provides to me. I am currently using one of them as the WAN IP on my Mikrotik router. I need to use the others on a single web server, as Apache requires that you use a separate external IP address for each SSL certificate. I want to keep the server behind my Mikrotik firewall, but I need to somehow map the external IP addresses to the internal server.

I understand that I can use this tutorial to route the external IPs to internal IPs, but I need Apache to use the external IPs rather than internal ones at the server level.

What is the best way to give my web server external IP addresses while remaining behind my Mikrotik firewall?

How are these IPs provided to you? e.g. Does the ISP expect the IPs all to be available on your WAN interface or is the ISP routing a block of public IPs via an independent link network (using a different IP range).

How are these IPs provided to you? e.g. Does the ISP expect the IPs all to be available on your WAN interface or is the ISP routing a block of public IPs via an independent link network (using a different IP range).

It's a small /30 block routed via my primary WAN IP.

If it is /30, then it is just a point-to-point connection, one is your ISP and one is your WAN IP.
Or do you have more IP blocks?

It seems you must use the ip assigned to your wan.
You can NAT ports of this IP to you private server ip.

It's a small /30 block routed via my primary WAN IP.

If you use the link network WAN IP as your RouterBoard's WAN IP then that will free up the /30. You could then assign the /30 to an internal interface which would allow you to use 2 of the addresses on servers. Alternatively you could use private IPs internally but assign each of the 4 public IPs to a server as a /32 allocation. You would then have to have the RouterBoard route to each of the /32 public IPs via a private IP but you could then use all 4 of the /30 addresses on different networks with the slight downside that you are routing public IPs via private IPs.