Hello all. I've had my hAP ac for a few weeks. I was able to get it online and basic configuration done without issue. Tried a VPN server and that sort of worked, to get a break from that I switched over to port forwarding to get my webserver back online.
For some background.
I'm using ddclient to update my domains name server with my external IP. I have confirmed that is working by turning on webfig in IP / Services then loading my domain.com address. RouterOS login pulls up.
I have tested my virtual hosts on the webserver. I can independently pull up both virtual hosts. I have also used online port checkers that confirm ports are open. Anyway I'm positive something is wrong with my config. I'm enjoying mikrotik, but little things like basic port fowarding seem more difficult than necessary. Below is my full config. If anyone can tell me what might be wrong in my config
# apr/07/2021 17:59:14 by RouterOS 6.48.1
# software id = W8WH-68AP
#
# model = RB962UiGS-5HacT2HnT
# serial number = CC500DFB167A
/interface bridge
add admin-mac=08:55:31:BA:9D:AC auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=WPA supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=GuestWIFI supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge security-profile=WPA ssid=Sputnik wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge security-profile=WPA ssid=Sputnik-5G wireless-protocol=802.11 wps-mode=disabled
add disabled=no mac-address=0A:55:31:BA:9D:B2 master-interface=wlan1 name=wlan4 security-profile=GuestWIFI ssid="Make WiFi Great Again" wps-mode=disabled
/ip pool
add name=dhcp ranges=10.10.0.130-10.10.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge filter
# no interface
add action=drop chain=forward in-interface=*A
# no interface
add action=drop chain=forward out-interface=*A
add action=drop chain=forward in-interface=wlan4
add action=drop chain=forward out-interface=wlan4
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=*A
add bridge=bridge interface=wlan4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=10.10.0.1/24 comment=defconf interface=bridge network=10.10.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=10.10.0.0/24 comment=defconf gateway=10.10.0.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.0.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="Raspberry Pi Webserver 443" dst-address=10.10.0.41 dst-port=443 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="Raspberry Pi Webserver 80" connection-type="" dst-address=10.10.0.41 dst-port=80 in-interface=ether1 protocol=tcp
add action=accept chain=forward dst-address=10.10.0.144 dst-port=22 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=dst-nat chain=dstnat comment="Raspberry Pi Web Server 80" dst-port=80 in-interface=ether1 protocol=tcp to-addresses=10.10.0.41 to-ports=80
add action=dst-nat chain=dstnat comment="Raspberry Pi Webserver 443" dst-port=443 in-interface=ether1 protocol=tcp to-addresses=10.10.0.41 to-ports=443
add action=dst-nat chain=dstnat dst-port=22 in-interface=ether1 protocol=tcp to-addresses=10.10.0.144 to-ports=22
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=*****
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=America/Chicago
/system identity
set name="MikroTik Router"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[enos80@MikroTik Router] >