Generic website infrastructure setup
This pages aims to provide links toward other reliable sources, to understand the different topics it's important to understand the principle that internet use.
1. Internet is an IP network, meaning that to reach every server an IP is required
2. When a name is used to reach a server, this name need to be translated to an IP by a Domain name server (DNS)
3. Your network use a private range of IP address therefore can't be reached from internet without a specific configuration
Domain, Domain name server (DNS) and DynDNS
Wikipedia: A DNS is important when you want to reach your server from internet because you don't want to learn your IP by heart, you'd rather buy a domain like mycompany.org and use it to reach your server.
- When you own a domain, you also own all the sub-domain like www.mycompany.org, erp.mycompany.org, yyy.xxx.mycompany.org ...; you can map this domain and its sub.domain to either an IP or another domain usually with the company that sold you the domain (there is other type of DNS record but we won't mention them here).
- In order to link you domain to an IP, you'll need an A DNS record for a IPv4 address or an AAA DNS record for a IPv6 address; in case you don't own a fixed IP you can use a Dynamic DNS service: there is a daemon runing on your network that will keep updating your IP in the DNS (usually the internet modem/gateway have this funciton).
- In order to link your domain to another domain, you will need to setup a NAME DNS record (e.g. to the domain with an A record).
Port Forwarding, DMZ and Reverse Proxy
Once your Domain refers to your IP address, Internet messages will arrive to your internet gateway but you'll need to setup port forwarding in order to forward those message toward your web server.
the default internet port are 80 for http and 443 for https, once the PF is configured it'll affect all the traffics coming on this port, if you have multiple web server you may have to forward your traffic to a reverse proxy that will be able to redirect the traffic based on the url.
If you want to avoid having internet traffic on your lan you can place the reverse proxy in a DMZ with firewall rule that allow only the traffic from internet to the reverse proxy and from the reserse proxy to the local lan (ie. your servers). For such setup there is an open source called pfSense solution that is able to do the firewall and the reverse proxy (with the module called HAProxy)
your public IP can