Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

How can I reverse-proxy-forward a subdomain to a specific internal port?

by |Published

I’m struggling to forward subdomains from WAN to particular services on my LAN. Most services are running on a NAS with a static LAN IP address. Some of the services are Docker containers, some are native in the NAS, each has its own port and already works fine on the LAN through that port.

What I want:

What I have:

  • Static IP: My ISP guarantees static IPv4 + IPv6 addresses, so I know that the IP is correct.
  • Domain: The DNS listing is managed with my web hosting provider where it is pointing to the static IP of my home DSL connection. I understand this to be a “wildcard” domain, so no configuration is necessary (nor even possible) for individual subdomains.
  • DSL modem: This has the static WAN IP and is configured to be “wide open” because my gateway is the only LAN device. No wifi.
  • Gateway: UniFi USG with a web interface; it sees the DSL modem on the WAN side and my home network on the LAN side. I can forward desired external ports to desired LAN IP addresses + ports:
    from WAN IP * port 80,443 to LAN IP 192.168.1.11 port 80,443.
  • Server: Synology NAS with static LAN IP and built-in reverse-proxy functionality, e.g. http://bin.example.com --> http://192.168.1.11:7777
    and for each service, I can specify WAN protocol+hostname+port, enable HSTS, enable HTTP/2, and internal protocol+hostname+port.
    enter image description here
  • Services: e.g. running a Docker container in bridge mode (lives on the host’s IP address) with a published HTTP port 7777 toward its internal container port 80. Thus, http://192.168.1.11:7777 is a service I can access from a LAN computer.
  • Pi-hole: A Raspberry Pi running Pi-hole. The gateway has this configured, and LAN devices are auto-dhcp (except the NAS with static IP).

Preliminary results:

  • LAN computers can access the service equally well on http://example.com:7777/ and http://192.168.1.11:7777/
    but not on http://bin.example.com/ and get the error DNS_PROBE_FINISHED_NXDOMAIN.
  • WAN device (my smartphone with WiFi off) can not access the service on any of those addresses and get the error DNS_PROBE_BAD_CONFIG.
  • WAN device can access the NAS’s built-in services like the website at http://example.com//https://example.com/ (standard ports 80 and 443).

You may also like

Ioncube Encoder support
Published

Ioncube Encoder support

Preconditions (*) 1. Magento/product-community-edition 2.3.4 2. PHP 7.3 3. ionCube 10.3.9 Summary (*) When I’m using ionCube Encoder for encoding of custom […]