Join Log in
Score:1
Tecnhnik avatar Server

forwarding 443 to two servers using single external IP?

tv flag
Tecnhnik

i have an exchange server in a small office, and a synology web server running the website. Iam forwarding https 443 to my exchange server from my router for owa/ecp etc with a SSL. The synology NAS running my website is just using 80 right now, id like to add a SSL cert to the website for this id need to forward 443 to the NAS also.

so right now the flow is - external 443 > mydomain (my public ip / router) > forwards to exchange server IP.

My ask is can i forward 443 to my NAS IP also?, because if i type in htts://example.com it brings up the OWA (as expected). And if its just http://example.com it brings up my website. But i want to add ssl to my website which will mean all http will redirect to https.

is this possible?

98
2 + 0
Score:1
Sabre avatar Server
cn flag
Sabre

This could be done if you accept that the domain names have to be different for each purpose.

Like exchange.mydomain.com and nas.mydomain.com

IN which case you could put a proxy on 443 like HAProxy or NGINX

Both domains could be pointed at the same port, same IP, and let the host headers sort out where it gets forwarded on the back end. This way you do not have to remember non standard ports to append to a URL.

This is how web hosts that host multiple sites per IP do it, either in the web server or by proxy. And why if you do a reverse DNS lookup on multiple sites they will sometimes resolve to the same IP but still both run on 443.

Not terribly hard, but not a point and click deploy either, just totally doable.

+ 2
Tecnhnik avatar
tv flag
Tecnhnik
thanks ill look into setting up a proxy, will be a learning curve at the same time
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Beware that with a reverse proxy and Exchange, it will be tricky to make NTLM auth work. Nginx only can do it in its paid version, Apache can't do, I don't know about haproxy but I doubt it can do it too. The way to do it using FOSS is to use Caddy reverse proxy server, custom build with nonstandard module; that's easy, just pick module on their web build page.
0
Reply
Score:0
Dre avatar Server
in flag
Dre

My ask is can i forward 443 to my NAS IP also?

Short answer: No. A specific port can only be forwarded to a single host.

You can work around this limitation by using an alternative HTTP port for the synology NAS.

You would need to login to your NAS admin page, go to Control Panel/Network/DSM Settings and under DSM ports change the HTTPS port to something that is not in use. I'd recommend either 8443 or 8080. These are pretty common ports to use, and are not likely to interfere with any other services you are running in your environment. If you are using 8080, you could try 8081. Really almost anything (that is not in use) will work, but try to keep it under 10000.

+ 3
vidarlo avatar
ar flag
vidarlo
Or you can use name based vhosting and a reverse proxy.
1
Reply
Tecnhnik avatar
tv flag
Tecnhnik
thanks for the reply, i dont think synology allows you to change the webstatiion port which is the application used to host websites. i can change the web services port which is the admin page of the nas but thats not what i want.
0
Reply
Dre avatar
in flag
Dre
Hi. This link may have a way to change the ports on the application side: https://kb.synology.com/en-ro/DSM/tutorial/How_do_I_customize_the_alias_port_or_domain_for_specific_Synology_services
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.