Having multiple web services run at home on the same ports (80 and 443)
Is there a possibility to run several webserver-applications from my home network? So with the same IP forward port 80 and 443 to different devices, depending on the domain name. Right now I use different ports, like 1001, 1002 and 1003 and on my router forward them to a specific device on the correct ports. What I do want however is to go to sub.mydomaina.nl for application A, sub.mydomainb.nl for application B and so on, or with the same domain, only a different subdomain.
To make things more complicated, I'm running two networks at home. I have the 192.168.2.x-network from which I run a router as a private network at the 192.168.1.x-range. On both networks I have web applications running. At the moment it's just two, Synology and Pihole but I want to experiment with converting an old laptop to an Apache-server and be able to run websites from there. I know that I can configure multiple domains in Apache but could that also work for other devices? How would I configure this?
Is this possible, and if it is possible how would I achieve this?
Thanks in advance! :)
Solution 1:
I know that I can configure multiple domains in Apache but could that also work for other devices? How would I configure this?
Yes, if you configure Apache as a reverse proxy it can forward the requests to other webservers based on domain (or even based on URL path). Then it's enough to forward ports 80 & 443 to the central Apache server and it'll route to individual apps.
You need to load the proxy
and proxy_http
modules in Apache, and the most basic configuration would look like this (for one domain):
<VirtualHost *:80>
ServerName foo.example.com
ProxyPass / http://192.168.2.x
</VirtualHost>
As you can see it works very much like a regular Apache vhost, only instead of DocumentRoot or Alias you specify a remote URL via ProxyPass. (There are actually 3–4 different ways of doing the same thing; you will also find examples with ProxyPass inside a <Location>
tag, or via SetHandler, or even RewriteRule.)
You may also need the ProxyPreserveHost
option. If it's enabled the webapp will see it's being accessed through "foo.example.com"; if it's disabled the webapp will see "192.168.2.x" instead. Certain webapps may also require a ProxyPassReverse
statement in order to rewrite HTTP response headers.
(Note: Don't confuse this setup with a forward proxy! Do not enable the ProxyRequests
option.)
Finally, HTTPS is also configured in Apache using standard SSLEngine and SSLCertificateFile options – not in the proxied webapp itself. So you can have a single central Certbot installation, just exclude it from proxying using ProxyPass /.well-known/acme/ !
or similar.
This same process also works for Nginx, and in addition there are many products which can't host anything themselves but only work as dedicated proxies (or load balancers). As mentioned in Peleion's post, HAproxy and Træfik are two such examples, although they might just be overkill for your use case.
Solution 2:
What you are referring to is a reverse proxy - it forwards incoming traffic to specific applications according to rules you set. It can be used for anything, not just HTTP/S.
Nginx, Traefik, and HAProxy would all do what you are asking.