NethServer Version: 8
Module: “Network”
Hi,
I’m in a kind of situation.
Before all, I have a dynamic public IP so I’m forced to use a dynamic IP update utility to change my public IP on the registrar.
So I’ve got something like this setup on the DNS of the registrar:
domain.com A ttl 900 123.456.789.987
this entry will be automatically updated every 5 minutes from a local service connected via domain_connect.
Ionos (the registrar) let me point cnames to it, so I’ve got this:
app.domain.com CNAME ttl 900 @
mail.domain.com CNAME ttl 900 @
…etc.
(the @ sign for ionos means a link to the main domain [in this case domain.com])
Ionos give me also a free SSL wildcard certificate.
Having said that
I’ve got a NSrv8 installation under a NSec8 Firewall,
NSrv has webtop, nextcloud and nethvoice instances, for each one I’ve managed to create a dedicated hostname (something like nethvoice.domain.com etc.), opened all the required ports, generate all let’sencrypt certs (since even though I have a SSL certificate, NSrv8 cannot accept Wildcard type) and all works flawlessly.
But since I’m forced to expose 443 and 80 to the NSrv8 host for the let’sencrypt cert I can’t anymore use the firewall’s reverse proxy to manage all http/s traffic and routing it correctly.
For instance I’ve got a ton of other services such as jellyfin, all servarr suite some other stuff running on other hosts with other ports. Before upgrading from ns7 fw to NSec8 the reverse proxy function was working correctly since I wasn’t forced to expose http/s ports to the NS7 host. But now I can’t use it anymore.
So I’m here asking, is there a way to route any “unknown” http/s traffic for NSrv8 traefik proxy to the firewall one?
Sorry for the wot but it needed some explanation.
Kinds regards
Emanuele
