56
edits
Changes
Jump to navigation
Jump to search
mLine 20:
Line 20: − + − + − +
Generic website infrastructure setup (view source)
Revision as of 05:33, 10 October 2018
, 5 years ago→Port Forwarding, DMZ and Reverse Proxy
=Port Forwarding, DMZ and Reverse Proxy=
=Port Forwarding, DMZ and Reverse Proxy=
Once your Domain/subdomain refers to your IP address, Internet requests will arrive to your internet gateway but you'll need to setup port forwarding[https://en.wikipedia.org/wiki/Port_forwarding] in order to forward those requests toward your web server.
Once your Domain/subdomain refers to your IP address, Internet requests will arrive to your internet gateway, but you'll need to setup port forwarding[https://en.wikipedia.org/wiki/Port_forwarding] in order to forward those requests toward your web server.
The default internet port are 80 for http and 443 for https, once the portforwarding is configured for those port (80 & 443) it'll affect all the web traffics coming on this port. A simple port forwarding will work if you have a single web server (could host serveral websites) but if you have multiple web servers you may have to forward your traffic to a reverse proxy[https://en.wikipedia.org/wiki/Reverse_proxy] that will be able to redirect the traffic based on the domain/subdomain or/and url.
The default internet port are 80 for http and 443 for https, once the portforwarding is configured for those port (80 & 443), it'll affect all the web traffics coming on this port. A simple port forwarding will work if you have a single web server (could host several websites) but if you have multiple web servers you may have to forward your traffic to a reverse proxy[https://en.wikipedia.org/wiki/Reverse_proxy] that will be able to redirect the traffic based on the domain/subdomain or/and url.
If you want to be sure that internet traffic can't reach the other device on your network (LAN), you can place the reverse proxy in a DMZ[https://en.wikipedia.org/wiki/DMZ_(computing)] with firewall rules that allow only the traffic from internet to the reverse proxy and from the reverse proxy to specific IP on your local LAN (ie. your servers) but the firewall will block all other traffic coming from internet. For such setup there is an open source security appliance called pfSense that is able to do the firewall and the reverse proxy (with the module called HAProxy), pfSense can be installed on an old Pc or deployed on a virtual machine.
If you want to be sure that internet traffic can't reach the other device on your network (LAN), you can place the reverse proxy in a DMZ[https://en.wikipedia.org/wiki/DMZ_(computing)] with firewall rules that allow only the traffic from internet to the reverse proxy and from the reverse proxy to specific IP on your local LAN (ie. your servers) but the firewall will block all other traffic coming from internet. For such setup there is an open source security appliance called pfSense that is able to do the firewall and the reverse proxy (with the module called HAProxy), pfSense can be installed on an old PC or deployed on a virtual machine.
=Virtual host=
=Virtual host=