so i access server 2 web app using port 800 ..? if other sever cannot using custom port for their web application by default must be use 80,443 port how about that any solution for that or only solution to have another public ip..?The only way is to get users to come in on different ports........ and then port translate in dst-nat rule....... LIKE ANY OTHER ROUTER I have ever used.
So you can have.
dyndnsname:80
dyndnsname:443
----------------------------
dyndnsname 800
dyndnsname: 4433
------------------------------
dyndnsname:8000
dyndnsname:44333
add chain=dstnat action=dst-nat dst-port=80 in-interface=WAN1 protocol=tcp to=addresses=Server1-IP
add chain=dstnat action=dst-nat dst-port=443 in-interface=WAN1 protocol=tcp to=addresses=Server1-IP
add chain=dstnat action=dst-nat dst-port=800 in-interface=WAN1 protocol=tcp to=addresses=Server2-IP to-ports=80
add chain=dstnat action=dst-nat dst-port=4433 in-interface=WAN1 protocol=tcp to=addresses=Server2-IP to-ports=443
add chain=dstnat action=dst-nat dst-port=8000 in-interface=WAN1 protocol=tcp to=addresses=Server3-IP to-ports=80
add chain=dstnat action=dst-nat dst-port=44333 in-interface=WAN1 protocol=tcp to=addresses=Server3-IP to-ports=443
hi mkx btw thanks let me check threadVery similar discussion was going in this thread.
noted with thanks mkx yes its difficult if some server cannot using custom port, so we have multiple public ip for it can work properly. because some our server not running for web server only some using appliance server this server using default port for httpNAT usually works with layer 4 information (and layers below it), which means it can distinguish connections according to IP addresses (both src and dst), protocols (TCP, UDP, ICMP, ...) and port numbers (for protocols that support them, e.g. TCP and UDP) or smilar (ICMP codes). Some protocols offer SNI (service name indicator) which is L7 feature and NAT servers usually don't / can't work with those.
In general there are 3 possible ways of running multiple servers behind a firewall:
- using multiple WAN IP addresses. DST-NAT then forwards connections to backend servers depending on originally used dst-address. dst-port number is possible extra property but not necessary in this case
- using single WAN IP address but using different dst-port numbers. DST-NAT then forwards connections to backend server depending on originally used dst-port numbers (the solution described by @anav above).
This solution is very feasible for services that don't use well known port numbers (e.g. gaming servers, VPN servers, obfuscated SSH servers, etc.) but doesn't play well for services where users expect to use standard ports (e.g. HTTPS or SMTP).- using single WAN IP address and single port number. In this case a reverse proxy is needed (solution described by me). DST-NAT then forwards all connections to single backend server which has to deal with connections.
This solution is feasible for services that use SNI or similar which makes RP aware of service that client wants to use. With decent RP frontend it also makes possible to use several backend servers serving same content, they are used in a high-availability / load sharing way. This solution is not feasible if services, hidden behind RP, don't use SNI or similar, making RP impossible to distinct between connections requiring different backend servers. This solution also requires installation of another service (RP itself) which may or may not be feasible for particular use.
So it's obvious that running several servers behind single WAN IP address is not exactly trivial thing. It is very much doable but in certain cases routers / NAT servers can't do it and one has to implement some additional service(s).
I use Nginx Proxy Manager for that.from what i read this thread viewtopic.php?t=187966
its impossible to use one port to multiple server dst-nat mikrotik maybe quick solution is use another public ip for that.
thanks all for support
nginx proxy manager its free...? hence, i install nginxproxymanager in our local network then do loadbalancer their can you explain detail please appreciated.I use Nginx Proxy Manager for that.from what i read this thread viewtopic.php?t=187966
its impossible to use one port to multiple server dst-nat mikrotik maybe quick solution is use another public ip for that.
thanks all for support
https://www.youtube.com/watch?v=P3imFC7GSr0
Plenty of similar videos about this topic on youtube anyway.
It is not a trivial task to set it up and make everything work properly, but it is not rocket science either.
i see thanks btwThat's (quite) a bit outside the scope of this Mikrotik forum.
This should help you deploy it.
https://nginxproxymanager.com/guide/
On Mikrotik, then you only need to DNAT TCP/443 towards this NPM-host and that's it. The rest of the config is done on NMP.
Yes, it is free. Nginx PM can do loadbalance as well, but it is not what we are talking about here. First of all, have you seen the video I linked above already?nginx proxy manager its free...? hence, i install nginxproxymanager in our local network then do loadbalancer their can you explain detail please appreciated.
I use Nginx Proxy Manager for that.
https://www.youtube.com/watch?v=P3imFC7GSr0
Plenty of similar videos about this topic on youtube anyway.
It is not a trivial task to set it up and make everything work properly, but it is not rocket science either.
Thanks
already watch the video and now installed via docker but i dont know how to install directly to host no idea for that maybe need more research btw thanks again.Yes, it is free. Nginx PM can do loadbalance as well, but it is not what we are talking about here. First of all, have you seen the video I linked above already?
nginx proxy manager its free...? hence, i install nginxproxymanager in our local network then do loadbalancer their can you explain detail please appreciated.
Thanks
Here is another one:
https://www.youtube.com/watch?v=cjJVmAI1Do4
Also, you need to decide if you want to deploy Nginx as a docker container (or on the system directly) in one of your linux machines, OR in one dedicated machine, on its own.