Hi i’am new in mikrotik router, how to configure if i only have one Public IP, but user can access different/multiple domain from internet, with condition i have multiple webserver behind router, as shown below. Thanks for this help.
It is not problem of Mikrotik configuration.
You should configure virtual hosts on your WWW server to manage different domains.
In Mikrotik device you should pass all HTTP trafic to this server.
We can not see your photo. Edit your post and use Attachments in the bottom of the post to upload it to the forum.
If all web server are on the same Windows server, you can deal with it on the Windows server.
But if you have multiple web server on multiple boxes, or even efferent ports, you can use HAProxy on a linux server.
Its free and not to difficult to set up.
Here all server will answer on one IP on port 80, wit different DNS name
Example haproxy.cfg
www.home.com #Primary web server 192.168.1.30:80
cam.home.com #Surveillance camera 192.168.1.50:8080
ups.home.com #Your UPS 192.168.1.20:80
webmin.home.com #Admin of linux server 192.168.1.15:10000
Then you set all DNS records to point to your public IP
Install HAProxy on server 192.168.1.35
Make a NAT forward on port 80 to your HAProxy server
Then on HAProxy setup pointer for your web server some like this:
global
log /dev/log local0
log /dev/log local1 notice
# log 127.0.0.1 local0
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
option httpclose
option forwardfor
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
# input redirect
frontend http-in
bind *:80
# Define a rule to use based on domain name
acl is_www hdr_end(host) -i www.home.com
acl is_cam hdr_end(host) -i cam.home.com
acl is_ups hdr_end(host) -i ups.home.com
acl is_webmin hdr_end(host) -i webmin.home.com
# Redirect to correct server based on rule to use
use_backend srv_www if is_www
use_backend srv_cam if is_cam
use_backend srv_ups if is_ups
use_backend srv_webmin if is_webmin
default_backend default
# List of servers to use based on redirect
backend srv_web
server Local 192.168.1.30:80
backend srv_cam
server Local 192.168.1.50:8080
backend srv_ups
server Local 192.168.1.20:80
backend srv_ups
server Local 192.168.1.15:10000
backend default
server Local 192.168.1.30:80
This should be a working config.
PS I would not recommend webmin open to internet
You could also add basic authentication (username/password) to server that does not support it.
It also does load balancing +++++++
Hi,
You just need to write Destination-nat for those servers with different port number and specify the DNS records in your ip/dns/static for those two servers then you can open it from outside with one public ip address. (You just need to know about destination nat and PAT-port address translation concept)
Best regards,
How will RouterOS differentiate between domains in order to know where to forward the packets?
We are talking only port 80/443 incoming. Listening to other ports is not a solution IMO.
As already stated, this cannot be done in RouterOS alone. Some type of reverse proxy (ie HAproxy) is needed, that can talk HTTP to be able to read the Host header of each request and route it to the correct backend web server.
jatnikonnm depending on how much traffic you expect you could even use a Raspberry Pi (or something equivalent with better CPU) to run HAproxy, thus keeping your power consumption and physical space requirements low.