Generic website infrastructure setup

From Dolibarr ERP CRM Wiki
Jump to navigation Jump to search

This pages aims to provide links toward other reliable sources, to understand the different topics it's important to understand the principle that internet use.

1. Internet is an IP network, meaning that to reach every server an IP is required

2. When a name is used to reach a server, this name need to be translated to an IP by a Domain name server (DNS)

3. Your network use a private range of IP address therefore can't be reached from internet without a specific configuration

Domain, Domain name server (DNS) and DynDNS

Wikipedia[1]: A DNS is important when you want to reach your server from internet because you don't want to learn your IP by heart, you'd rather buy a domain like and use it to reach your server.

  1. When you own a domain, you also own all the sub-domain like,, ...; you can map this domain and its sub.domain to either an IP or another domain usually with the company that sold you the domain (there is other type of DNS record but we won't mention them here).
  1. In order to link you domain to an IP, you'll need an A DNS record for a IPv4 address or an AAA DNS record for a IPv6 address; in case you don't own a fixed IP you can use a Dynamic DNS[2] service: there is a daemon runing on your network that will keep updating your IP in the DNS (usually the internet modem/gateway have this funciton).
  1. In order to link your domain to another domain, you will need to setup a NAME DNS record (e.g. to the domain with an A record).

Port Forwarding, DMZ and Reverse Proxy

Once your Domain refers to your IP address, Internet messages will arrive to your internet gateway but you'll need to setup port forwarding[3] in order to forward those message toward your web server.

the default internet port are 80 for http and 443 for https, once the PF is configured it'll affect all the traffics coming on this port, if you have multiple web server you may have to forward your traffic to a reverse proxy[4] that will be able to redirect the traffic based on the url.

If you want to avoid having internet traffic on your lan you can place the reverse proxy in a DMZ[5] with firewall rule that allow only the traffic from internet to the reverse proxy and from the reserse proxy to the local lan (ie. your servers). For such setup there is an open source called pfSense solution that is able to do the firewall and the reverse proxy (with the module called HAProxy)

Virtual host

your public IP can

SSL encryption

Let's encrypt / ACME

DMZ and port forwarding

Reverse proxy and SSL offloading