And route all port 80 traffic to 443 (https) if they’re trying to access that service?Ĭan I use something like CertBot to get the SSL certs? Are you referring to let’sencrypt certs? Purchase a domain to point traffic to my (router Public IP or my server local IP?) using specific ports for certain domain name traffic. I still run an internal DNS but that is very different from a security standpoint.įor each domain, I should port from 80 to 443 in my router settings? Got hacked in 2002 via DNS and learned my lesson. If you have multiple IPs, then you can specifically set subdomains to resolve to those other IPs in the DNS.Īt least that's how it works on 16.04 and earlier. If you DNS provider supports wild cards, you can redirect all subdomains to a single IP. Just use the VirtualHost stanza and ServerName setting for each domain. Setting up virtual hosts in apache like that is trivial. I prefer to use back-end ports that don't require root for security reasons. The internal "back-end" server IP can be the same or different. You'll need 2 different SSL certs - 1 for each domain. You'd probably want to redirect port 80 public traffic to port 443 on the public interface for each specific domain. It is easiest to use virtual domains and use different domains to point to different back end services. I just don't use it that way.ĭomains don't include ports or subdirectories. I guess apache can be a reverse proxy and host a few different webapps.
0 kommentar(er)
