First things first: I am new to Mikrotik and I have a mentor who is quite experienced on networking and Mikrotik
Still we got an issue which seems to be not easy for us to be solved.
Internet Access: stand alone Cable Modem
Hardware: RB4011iGS+5HacQ2HnD, rev. r2, 7.13beta2, factory firmware. 7.8 IP: 192.168.100.1
Synology NAS IP: 192.168.100.235, NGINX Reverse Proxy Server (running on an Intel NUC) IP: 192.168.100.238
For accessing services on the Synology NAS there are several entries made on the revprox like audio, video, photo, also a Nexcloud instance is on the network and has its entry on the NginXRevProx.
Portforwards on the RB4011 for 80 and 443 point to the NGINXRevProx and from external all works fine like:
https://disks.test.net is routed to 192.168.100.238:5001 (the Synology NAS). Also externally all other serivces like Nextcloud which points to a Proxmox container running Ubuntu and Nextcloud does work like well when accessing https://next.test.net
The issue: Internal access with FQDN
Hairpin NAT looks like:
#Hairpin-NAT - local to local
chain=srcnat action=masquerade src-address=192.168.10.0/24 dst-address=192.168.10.0/24
# ReverseProxy - https
chain=dstnat action=dst-nat to-addresses=192.168.10.238 to-ports=443 protocol=tcp dst-address-list=WanIP dst-port=443
What settings need to be made, so that internally (within the LAN) clients like tables and phones can access the NAS services (and others with domain *.test.net) using the FQDN like https://disks.test.net or https://photo.test.net. No all services are running on the Synology NAS but the reverse proxy has all necessary rules loaded incl. SSL certificates.
Btw, the previous setup was a Asus RT-AC68U as a router and the port forward of port 80 and 443 to the NGINX ProxyMgr was enough that acces internally and externally did work.
Please apologize my personal level of knowledge right at this stage, I started to learn but am just at the beginning.