Community discussions

MikroTik App
 
tomasmato
newbie
Topic Author
Posts: 30
Joined: Thu May 19, 2022 3:23 pm

More domains / web services on port 80

Fri May 20, 2022 1:17 pm

Hi everyone, I have two web servers in my network, I needed to set up a proxy on my Mikrotik so that when I enter the address example.com into my browser, my router redirects it to 10.25.2.2 and when I enter example.org to 10.25.2.3, etc. .

I found this tutorial on how to make it work:
https://www.youtube.com/watch?v=KSqdW3Y ... akoNetwork

I directed the given domain to the router's IP address, where I set up WebProxy, WebProxy Access, NAT redirect and DNS.

After this setting, however, after entering the address, I will see an error - attachment "error.png"

So far, I'm testing it on the internal IP router, to which I also directed the domain, then of course I'll change it to a public IP.

Router internal IP: 10.25.1.1
Web server IP address: 10.25.2.2

It is interesting that when I ping that domain into Tools -> Ping it pings 10.25.1.1 but when I open New Terminal and ping that domain it corresponds to 10.25.2.2 ...

Please don't know where the mistake might be? Why does it show me an error and it won't get to that web server?

I enclose screenshots from the settings of my Mikrotik in the attachment.

Thank you very much in advance for all the advice.
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: More domains / web services on port 80

Fri May 20, 2022 1:35 pm

I sincerely advise you to let it go and not waste time.
It is completely useless, now 95% of the contents are in httpS and the proxy is no longer usable.

Have a nice day.
 
tomasmato
newbie
Topic Author
Posts: 30
Joined: Thu May 19, 2022 3:23 pm

Re: More domains / web services on port 80

Fri May 20, 2022 2:27 pm

I sincerely advise you to let it go and not waste time.
It is completely useless, now 95% of the contents are in httpS and the proxy is no longer usable.

Have a nice day.
Thank you for the recommendation, so I would like to ask what did you recommend instead of a proxy to get more websites / domains running on one IP?

Thank you in advance.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: More domains / web services on port 80

Fri May 20, 2022 2:32 pm

Can you please try to explain better what you try to accomplish?

I do not understand
what did you recommend instead of a proxy
to get more websites / domains running on one IP?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: More domains / web services on port 80

Fri May 20, 2022 2:39 pm

You want proxy, but not the limited one in RouterOS that was not made for this, real reverse proxy (Nginx, HAProxy, ...) on another machine.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: More domains / web services on port 80

Fri May 20, 2022 2:40 pm

What I have understand:
you want than if you write on browser http(s)://(www.)example.com internally is asked the server 10.25.2.2
and if you write on browser http(s)://(www.)example.org internally is asked the server 10.25.2.3

This can be doned only if the user do not use DoH or DoT, but you force on firewall NAT all DNS query to be redirected on routerboard,
and on routerboard you set static DNS entry for (^|www\.)example\.org$ and (^|www\.)example\.com$ (already RouterOS RegEx syntax)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: More domains / web services on port 80

Fri May 20, 2022 2:42 pm

You want proxy, but not the limited one in RouterOS that was not made for this, real reverse proxy (Nginx, HAProxy, ...) on another machine.
Thanks, I didn't understand the user request.. ¯\_(ツ)_/¯
 
tomasmato
newbie
Topic Author
Posts: 30
Joined: Thu May 19, 2022 3:23 pm

Re: More domains / web services on port 80

Fri May 20, 2022 2:45 pm

You want proxy, but not the limited one in RouterOS that was not made for this, real reverse proxy (Nginx, HAProxy, ...) on another machine.
So Mikrotik can't do this directly?

I meant something like this in this tutorial:

https://www.youtube.com/watch?v=KSqdW3Y ... akoNetwork
 
tomasmato
newbie
Topic Author
Posts: 30
Joined: Thu May 19, 2022 3:23 pm

Re: More domains / web services on port 80

Fri May 20, 2022 2:46 pm

Can you please try to explain better what you try to accomplish?

I do not understand
what did you recommend instead of a proxy
to get more websites / domains running on one IP?
Yes, I have 2 web servers on the network and there should be several websites running on each of them. I have guaranteed connectivity and I have 1 public IP address. I need several websites to run on that one IP address, I found out on the Internet that Proxy is used for this, but you say that it is no longer good to use it ....

Hosting companies have also not assigned their own public IP for each site / domain, but there are several sites running on one IP - I need to achieve this in my network.


(sorry for my english, it is not ideal)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: More domains / web services on port 80

Fri May 20, 2022 2:48 pm

You can open a port, but you can not manage DNS from outside request.
Listen to Sob's advice.

You need a Reverse-Proxy, not a "web-proxy"...

You just redirect on NAT the 80 and 443 to reverse-proxy and when connection coming from outside, the reverse-proxy redirect to correct internal server the required web.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: More domains / web services on port 80

Fri May 20, 2022 2:49 pm

It's not completely impossible and what you have should work, only it's just for http (not https) and bit of a hack.

And about this:
It is interesting that when I ping that domain into Tools -> Ping it pings 10.25.1.1 but when I open New Terminal and ping that domain it corresponds to 10.25.2.2 ...
That's correct. In Tools->Ping, DNS resolution is done by WinBox on machine where it runs. In Terminal it's done on router.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: More domains / web services on port 80

Fri May 20, 2022 2:58 pm

In summary:
clear static DNS,
delete useless NAT rule,
deactivate web-proxy,
install the reverse-proxy (for example Nginx) on another internal machine,
create a dst-nat rule that sends from the public IP as dst-address ports TCP 80,443 to action change dst-address to <Nginx server IP>
Done.
(Apart from configuring Nginx well)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: More domains / web services on port 80

Fri May 20, 2022 2:59 pm

That would be proper solution. But if you want to play with this anyway, test what this does:
/tool fetch url=http://yourservershostname.cz/index.html
 
tomasmato
newbie
Topic Author
Posts: 30
Joined: Thu May 19, 2022 3:23 pm

Re: More domains / web services on port 80

Fri May 20, 2022 3:10 pm

That would be proper solution. But if you want to play with this anyway, test what this does:
/tool fetch url=http://yourservershostname.cz/index.html
Thank you very much, I tried to do it and it answered this:

status: failed

failure: closing connection: <connection failed> 10.25.2.2:80 (5)


But normally, when I type in local network to browser direct IP 10.25.2.2:80, site works.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: More domains / web services on port 80

Fri May 20, 2022 3:26 pm

Then you need to find out why server doesn't communicate with router. You can also use:
/system/telnet address=10.25.2.2 port=80
It can be either something on server (firewall not allowing connections from router's address) or maybe you're doing something unusual on router (for example some mangle rules for routing router's traffic elsewhere).

Who is online

Users browsing this forum: bananaboy1101, Bing [Bot], dido1236, Michiganbroadband, tinodj and 77 guests