I’ve seen talk of there being various methods of forwarding http/https traffic to a portal page. I’d like to implement something on my network that would forward web traffic to my own website.
What are some of the options to handle this? And in your experience, which works best? Some that I’ve heard of are:
dns server that redirects all requests to a single ip
I saw mention that you could use a special gateway (i.e, anyone using 10.0.0.2 would get forwarded), though I don’t know how to implement this or if its even viable
built in hot spot (I don’t expect that this will work in my scenario since the page is my own webserver)
Hotspot is more if you want a “splash screen” when users connect to a network, but I’m not sure that’s the need here. While hotspot does redirect HTTP, it’s not a generic mechanism. But hotspot is something different & specific to, well, Wi-Fi.
If you want to receive HTTP request on a Mikrotik, and then send them somewhere else…
One option is, as @anav points out, you can do port forwarding in firewall is one way. If you want to send all web traffic received to another web server, this works. But /ip/firewall/… methods do not look at the HTTP headers, so it’s all traffic. And it one-to-one.
Another option be using a /container that does the http/s “forwarding”, if you have an ARM64/X86 RouterOS. This let you look at host, headers, path, etc to do any redirection. And often these containers will do SSL certs automatically (which is really handy). There are many containers to do this, for example NGNIX, caddyserver and traefik proxy. I use traefik on a few RB1100 to deal with ACME and proxying CORS to REST, but it’s pretty flexible to do any forwarding. I should do a better write-up, but I wrote up how to use traefik with /container here: http://forum.mikrotik.com/t/container-traefik-on-rb5009/165849/1
As usual, many way to do this, but often the specific problem leads to which one is right. There is no generic answer here.
I actually want ALL http(s) traffic going to this one page, but only in certain circumstances. I plan to use Kea as my DHCP server, and any client that I want directed to the site will be handled differently. I was pondering using a specific gateway for those clients – so perhaps a firewall rule on the 'tik that uses that gateway as a ‘trigger’ to know who should be forwarded… can mikrotik do this based on the client’s gateway? Any tips on what the rule looks like?
If really simple like you have one web server, you can use dst-nat rule to redirect Mikrotik’s port 80 and 443 to your web server. Any DNS point the Mikrotik. Now in the case, that web server likely need SSL certs etc. setup. SSL is one area where stuff like traefik and caddyserver come in handy, since they deal create an SSL connection.
It really if you need something to redirect port 80/443, based on URL paths, where you need Traefik, NGNIX, etc – all those be overkill if it’s one public IP going to one web server that’s on the LAN or otherwise connected the Mikrotik. i.e. the Mikrotik only see ports like 80 or 443, not the URL of HTTP inside the traffic. Proxy servers can look inside HTTP, since they accept the request, then proxy the call to the real server, based on HTTP-specific rules.