Map subdomain to local IP through public IP

de flag

I want to map subdomain to local IPs on my machine to achieve a IP for each of my virtual machines.

I know I can setup a DNS on my own machine but that will only resolve the domain on my own machine. -> Public IP -> Internal IP 1 -> Public IP -> Internal IP 2 -> Public IP -> Internal IP 3

is there anything that might achieve the same goal?

Note: I don't want only port 80 I want something like a NAT or Reverse proxy for all TCP payloads.

Thank you for reading.

in flag

You can't.

The "trick" that is normally used to simulate what you ask for (with a reverse proxy) works (only) with HTTP(S) because the protocol includes the requested DNS host name in each request. That is what allows a HTTP reverse proxy running on the primary IP-address to identify that a request is for a specific site and forward it to correct back-end server.

Most other protocols do not include the DNS hostname the client used to connect to a server. The client locally resolves whatever DNS hostname is used to an IP-address and attempts to make a connection to that IP-address. The original hostname information is "lost" and the only information carried in the (initial) request are the resolved IP-address and port number.

For every protocol that isn't natively hostname aware there won't be any way to correctly map the request to a specific back-end server.

Also see: How do I make protocol foo hostname-aware?

Do the SSH or FTP protocols tell the server to which domain I am trying to connect?

The solution is to use IPv6 on all your servers and map each of your DNS hostnames to the IPv6 address of the correct back-end server.

cn flag
You can make proxying "work" for none HTTP protocols if you use TLS and SNI, but it gets complicated quickly.
HBruijn avatar
in flag
Indeed. Although AFAIK most if not all commonly used SSL/TLS libraries support SNI and have included that support for many years, that doesn't automatically translate into support for applications linked to those libraries. Each client needs to make code changes to leverage SNI and those don't make sense when the server side code doesn't provide SNI support (yet) either. And the urgency to adapt SNI seems less for many other applications than it was for web servers and browsers and even for those it took years.
I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.