S
S
S10LI2020-02-12 10:58:54
Domain Name System
S10LI, 2020-02-12 10:58:54

How to use multiple domains for multiple servers on the same IP?

Given:

Domains:

site1.com
site2.com

External IP (for example): 11.22.33.44
Router: Mikrotik.

Local network (for example): 10.0.0.0/24

Server 1. Used for 1C web hosting (Apache web server)
IP (for example): 10.0.0.1
Listens to port 80, will listen to 443

Server 2. HTTP is spinning on it File Server
IP (for example): 10.0.0.2
Listening on port 80, will listen on 443

Server 3. For future task
IP (for example): 10.0.0.3
Will listen on 80, 443

All servers on OS Windows.

How implemented now:

Web-proxy on port 8080 is enabled on the router Allowing
rules for
site1.com
site2.com
and denying all other requests are configured

A NAT rule is configured that redirects requests from port 80 to the internal web-proxy (8080)

Static DNS records are created for servers:

site1. com -> 10.0.0.1
site2.com -> 10.0.0.2

Accordingly, when someone accesses from the Internet using the site1.com domain, they get to Server1 and via the site2.com domain, they get to Server2.

Why does the current implementation option not suit me?

1) Mikrotik allows you to redirect only http traffic, but I want to secure the connection using the https protocol (accordingly, obtain / generate certificates) through, for example, stunnel
2) Using the built-in web proxy creates an additional load on the network device

Task:

Configure Server 3 to listen on ports 80 and 443 and, depending on the domain, connect to the local server (some traffic proxying)

server1.site.com -> 10.0.0.1
server2.site .com -> 10.0.0.2

Question:

How to implement it? It is desirable with examples of settings.

Thank you!

Answer the question

In order to leave comments, you need to log in

3 answer(s)
S
S10LI, 2020-02-13
@S10LI

A short manual on how I set everything up
Downloaded fresh Nginx
Unpacked along the path C:\nginx
Created two cmd files inside the nginx
start.cmd folder

@echo off
start /D%cd% nginx.exe

stop.cmd
@echo off
start /D%cd% nginx.exe -s quit

And edited the file C:\nginx\conf\nginx.conf
worker_processes 1;
    events {
    worker_connections 1024;
}
http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    #Server 1
    server {
        listen 80;
        server_name server1.site.com;
        #Redirect to HTTPS
        location / {
            proxy_pass http://10.0.0.1:80;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root html;
        }
    }
    #Server 2
    server {
        listen 80;
        server_name server2.site.com;
        #Redirect to HTTPS
        location / {
            proxy_pass http://10.0.0.2:80;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root html;
        }
    }
}

Next, I launched Nginx using start.cmd and it all worked!

H
hint000, 2020-02-12
@hint000

nginx reverse proxy.

A
Andrew, 2020-02-12
@deepblack

Look here
Sample configs (reverse proxy)

server {
  server_name server1.site.com;
  root /var/www/server1.site.com/public;

  # reverse proxy
  location / {
    proxy_pass http://10.0.0.1:80;
  }
}

/etc/nginx/sites-available/server1.site.com.conf

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name server1.site.com;
  root /var/www/server1.site.com/public;

  # SSL
  ssl_certificate /etc/letsencrypt/live/server1.site.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/server1.site.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/server1.site.com/chain.pem;

  # security
  include nginxconfig.io/security.conf;

  # reverse proxy
  location / {
    proxy_pass http://10.0.0.1:80;
    include nginxconfig.io/proxy.conf;
  }

  # additional config
  include nginxconfig.io/general.conf;
}

# subdomains redirect
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name *.server1.site.com;

  # SSL
  ssl_certificate /etc/letsencrypt/live/server1.site.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/server1.site.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/server1.site.com/chain.pem;

  return 301 https://server1.site.com$request_uri;
}

# HTTP redirect
server {
  listen 80;
  listen [::]:80;

  server_name .server1.site.com;

  include nginxconfig.io/letsencrypt.conf;

  location / {
    return 301 https://server1.site.com$request_uri;
  }
}


/etc/nginx/sites-available/server2.site.com.conf

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name server2.site.com;
  root /var/www/server2.site.com/public;

  # SSL
  ssl_certificate /etc/letsencrypt/live/server2.site.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/server2.site.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/server2.site.com/chain.pem;

  # security
  include nginxconfig.io/security.conf;

  # reverse proxy
  location / {
    proxy_pass http://10.0.0.2:80;
    include nginxconfig.io/proxy.conf;
  }

  # additional config
  include nginxconfig.io/general.conf;
}

# subdomains redirect
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name *.server2.site.com;

  # SSL
  ssl_certificate /etc/letsencrypt/live/server2.site.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/server2.site.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/server2.site.com/chain.pem;

  return 301 https://server2.site.com$request_uri;
}

# HTTP redirect
server {
  listen 80;
  listen [::]:80;

  server_name .server2.site.com;

  include nginxconfig.io/letsencrypt.conf;

  location / {
    return 301 https://server2.site.com$request_uri;
  }
}

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question