Hi everyone, I have two web servers in my network, I needed to set up a proxy on my Mikrotik so that when I enter the address example.com into my browser, my router redirects it to 10.25.2.2 and when I enter example.org to 10.25.2.3, etc. .
I directed the given domain to the router’s IP address, where I set up WebProxy, WebProxy Access, NAT redirect and DNS.
After this setting, however, after entering the address, I will see an error - attachment “error.png”
So far, I’m testing it on the internal IP router, to which I also directed the domain, then of course I’ll change it to a public IP.
Router internal IP: 10.25.1.1
Web server IP address: 10.25.2.2
It is interesting that when I ping that domain into Tools → Ping it pings 10.25.1.1 but when I open New Terminal and ping that domain it corresponds to 10.25.2.2 …
Please don’t know where the mistake might be? Why does it show me an error and it won’t get to that web server?
I enclose screenshots from the settings of my Mikrotik in the attachment.
Thank you very much in advance for all the advice.
I sincerely advise you to let it go and not waste time.
It is completely useless, now 95% of the contents are in http**S** and the proxy is no longer usable.
What I have understand:
you want than if you write on browser http(s)://(www.)example.com internally is asked the server 10.25.2.2
and if you write on browser http(s)://(www.)example.org internally is asked the server 10.25.2.3
This can be doned only if the user do not use DoH or DoT, but you force on firewall NAT all DNS query to be redirected on routerboard,
and on routerboard you set static DNS entry for (^|www.)example.org$ and (^|www.)example.com$ (already RouterOS RegEx syntax)
Yes, I have 2 web servers on the network and there should be several websites running on each of them. I have guaranteed connectivity and I have 1 public IP address. I need several websites to run on that one IP address, I found out on the Internet that Proxy is used for this, but you say that it is no longer good to use it ....
Hosting companies have also not assigned their own public IP for each site / domain, but there are several sites running on one IP - I need to achieve this in my network.
You can open a port, but you can not manage DNS from outside request.
Listen to Sob’s advice.
You need a Reverse-Proxy, not a “web-proxy”…
You just redirect on NAT the 80 and 443 to reverse-proxy and when connection coming from outside, the reverse-proxy redirect to correct internal server the required web.
In summary:
clear static DNS,
delete useless NAT rule,
deactivate web-proxy,
install the reverse-proxy (for example Nginx) on another internal machine,
create a dst-nat rule that sends from the public IP as dst-address ports TCP 80,443 to action change dst-address to
Done.
(Apart from configuring Nginx well)
Then you need to find out why server doesn’t communicate with router. You can also use:
/system/telnet address=10.25.2.2 port=80
It can be either something on server (firewall not allowing connections from router’s address) or maybe you’re doing something unusual on router (for example some mangle rules for routing router’s traffic elsewhere).
