Jump to content

Directing Traffic Based on Target Hostname

Gerowen
By Gerowen
in Networking
 Share
Posted

So let's imagine I have two servers on the same network with a single incoming internet connection.  I want to run both servers on the same port, let's say 443, so that I don't have to append :someport to the address for the other one.  Now let's also say that I have two domain names, both of which resolve to this same public IP address.  Is it then possible create a port forwarding rule for my router (OpenWRT) to inspect incoming connections, and direct them to the appropriate server based on what domain name they used/resolved to get there?  So that even though they're on the same network and sharing the same single internet connection, the servers can host services on the same external port and trust that users will be auto directed to the correct server based on their intended target.  Can the router even see that information if a packets are encrypted via TLS/HTTPS, or is that part of the data encrypted as well?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

This is possible. The easiest solution would be to have a web server (Apache, nginx) running on the router, with two virtual hosts, which then forward the traffic to internal servers. The domain part of HTTP is not encrypted.

 

E.g. for nginx you'd simply add more than one "server" block in the configuration. Each server block "listens" to its domain name. The "location" is used to forward incoming traffic to the internal server (i.e. nginx acts as a reverse-proxy + SSL terminator). 

server {
    listen 0.0.0.0:80;
    listen [::]:80;
    server_name first-domain.com;

    # Redirect to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 0.0.0.0:443 ssl;
    listen [::]:443 ssl;
    server_name first-domain.com;

    // SSL configuration

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        // Internal IP of server 1
        proxy_pass http://192.168.1.1:80;
    }
}

server {
    listen 0.0.0.0:80;
    listen [::]:80;
    server_name second-domain.com;

    # Redirect to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 0.0.0.0:443 ssl;
    listen [::]:443 ssl;
    server_name second-domain.com;

    // SSL configuration

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        // Internal IP of server 2
        proxy_pass http://192.168.1.2:80;
    }
}

 

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×