VM Ubuntu WEB server (apache+Mysql) (192.168.10.100)
VM FreeNas (192.168.10.80)
.
.
Problem 1
I have followed the setup, so MIAB is handling all DNS entries. Now I am having trouble accessing my domain via domain name from LAN. From outside all works great but from LAN network I need to use IP 192.168.10.90.
Problem 2.
How to set in MIAB that domainname.com will be used from WEBserver on 192.168.10.100 and domainname.com/mail will be used from 192.168.10.90
Nameservers can take up to 48 hours to update globally. If you are still having trouble by this time tomorrow, @ me so I get a notification and I can help you further.
Ok I will do. But just to be clear accessing MIAB via domainname.com from eg. my phone on mobile data or from work is OK. But when at home I need to use internal IP from MIAB to access the website.
The second issue that I have is I am running two servers behind Pfsense (one is MIAB and the other Ubuntu Webserver), as MIAB is currently running as main DNS as well I can’t reach website running on the second Web server from outside (mobile or work or any other network) of course I can access with in my LAN.
This is really not my area … but is port forwarding enabled properly?
Does Pfsense know to forward based on the http headers? Is that even a thing? How does Pfsense know which machine to forward to? I assume that you are using a different port for http/https on the webserver…
You are running DNS on the webserver to handle the private requests?
I am just rambling … maybe some of it makes sense … cause I do not know what I am talking about in terms that make sense to techies.
Yep problem 1 solved. The issue was with DNS Forwarder.
Still struggling with problem No.2.
Both MIAB and Ubuntu webserver are using port 80 for website. As I want to use MIAB webmail (https://mydomain.com/mail) and Web server https://mydomain.com on different server.
The web server is on a different host? internally?
You will need to use a maybe a 3rd server to do special filtered load balancing between the two. Apache can do this using a reverse proxy but currently I do not believe your setup is supported for MIAB at this point.
That said, do you have a secondary IP address you can use for MIAB instead?
You need to setup two DNS resolvers, one for external use and one for internal use. External clients will use the external one and internal ones, well I’ll leave that to you to work out.
DNSMasq will do what you want to do as that’s exactly how we use it. You need to setup your DHCP or whatever so that internally you point to the right IP address. I can’t recall if PFSense has DNSMasq built in or not. Smoothwall used to do this. I would assume that you have two network devices configured for your firewall.
On another note, FreeNAS in a VM is not a recommended way to run FreeNAS. It works perfectly until the moment it fails and you lose your ZFS pool and all your data is corrupt. Been there, done that and lost all the data,
Problem 2 can be handled by setting up an NGINX proxy and handle the routing. We do this to route traffic to monit which is on a different port. About 10 lines of NGINX.
So when I try to access the web page nothing happens. I have google several topics with NGINX proxy setting but all failed. Is some one using similar setting and if do can you please post instructions how to achieve that I can run a full apache / mysql site behind nginx proxy.
I am still fighting with this code. I have added the code above to /etc/nginx/conf.d/local.conf but than every night system check is performed and Error Provisioning TLS Certificate appears and the local.conf file is rewritten to original state.
Hi NAT Loopback I have figure it out and that is fine.
Second problem it looks more changeling that it is.
So to try to simplify I wanted to use the SSL cert that MIAB generated and with reverseproxy that I doable very nice. I get all the functionally from MIAB and use the SSL to access webserver to display from apache/mysql site server. As mentioned I did get it running as I wanted but MIAB run a script every night and overwrites the /etc/nginx/conf.d/local.conf to original state. Meaning I lose functionally of proxy.
I could add custom DNS name eg. web.mydomain.com -> to my webserver but then I would need to create a script for making sure that certs are up to date and transfered. So I am sure there is a more clean solution to allow me to share SSL cert generated by MIAB with Apache/SQL (second server).
If you got the above script running, why don’t you put that one in /home/user-data/www/<my_domain>.conf and create a directory with the name <my_domain> in the same directory.