41
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: − =DNS=+ + + + + + + + + + + + + + + + + + + + + + + − https://fr.wikipedia.org/wiki/Domain_Name_System[https://fr.wikipedia.org/wiki/Domain_Name_System] + +
Generic website infrastructure setup (view source)
Revision as of 18:52, 8 October 2018
, 5 years agono edit summary
This pages aims to provide links toward other reliable sources, to understand the different topics it's important to understand the principle that internet use.
1. Internet is an IP network, meaning that to reach every server an IP is required
2. When a name is used to reach a server, this name need to be translated to an IP by a Domain name server (DNS)
3. Your network use a private range of IP address therefore can't be reached from internet without a specific configuration
=Domain, Domain name server (DNS) and DynDNS=
Wikipedia[https://fr.wikipedia.org/wiki/Domain_Name_System]
A DNS is important when you want to reach your server from internet because you don't want to learn your IP by heart, you'd rather buy a domain like mycompany.org and use it to reach your server
1. When you own a domain you also own all the sub-domaine like www.mycompany.org, erp.mycompany.org, yyy.xxx.mycompany.org ...; you can map this domian and its sub.domain to either an IP, another domain usually with the company that sold you the domain ( there is other type of DNS record but we won't mention them here)
2.in order to link you domain to an IP, you'll need an A DNS record for a V4 IP address or an AAA DNS record for a IP V6 address; in case you don't own a fixed IP you can use a Dynamic DNS[https://en.wikipedia.org/wiki/Dynamic_DNS] service: there is a daemon runing on your network that will keep updating your IP in the DNS ( usually the internet modem/gateway have this funciton)
3. in order to link your domain to another domain, you will need to setup a NAME DNS record (e.g. to the domain with an A record)
=Port Forwarding, DMZ and Reverse Proxy=
Once your Domain refers to your IP address, Internet messages will arrive to your internet gateway but you'll need to setup port forwarding[https://en.wikipedia.org/wiki/Port_forwarding] in order to forward those message toward your web server.
the default internet port are 80 for http and 443 for https, once the PF is configured it'll affect all the traffics coming on this port, if you have multiple web server you may have to forward your traffic to a reverse proxy[https://en.wikipedia.org/wiki/Reverse_proxy] that will be able to redirect the traffic based on the url.
If you want to avoid having internet traffic on your lan you can place the reverse proxy in a DMZ[https://en.wikipedia.org/wiki/DMZ_(computing)] with firewall rule that allow only the traffic from internet to the reverse proxy and from the reserse proxy to the local lan (ie. your servers). For such setup there is an open source called pfSense solution that is able to do the firewall and the reverse proxy (with the module called HAProxy)
=Virtual host=
=Virtual host=
your public IP can
=SSL encryption=
=SSL encryption=
=Let's encrypt / ACME=
=Let's encrypt / ACME=
=DMZ and port forwarding=
=DMZ and port forwarding=
=Reverse proxy and SSL offloading=
=Reverse proxy and SSL offloading=