Route to multiple VMs from web using one public IP

scottybeam

New Member
Feb 22, 2021
7
0
1
45
Can anyone point me in the general direction to learn how I would go about hosting multiple linux VMs serving websites using a single public IP ?

If I port forward on the router to one VM, I can't use port 80/443 to route to another... My prelim findings have turned up haproxy, but I'm stuck since I admittedly don't have experience with it (results seem to focus on load balancing mainly).

Or if there's an even better solution, I'm all ears.
 
I appreciate the feedback -- I think I probably should have emphasized that I am redirecting to *different* internal IPs attached to different VMs which are hosting their own apache servers. Not multiple sites on one machine.

Code:
One public IP --> router --> Port fwd 80/443 --> [proxmox] --> internal IP #1 on VM listening on 80/443
                                                           --> internal IP #2 on VM listening on 80/443
                                                           --> internal IP #3 on VM listening on 80/443

Obviously the above scheme doesn't work, so I'm open to any solutions to achieve that effect. Many thanks
 
Last edited:
I appreciate the feedback -- I think I probably should have emphasized that I am redirecting to *different* internal IPs attached to different VMs which are hosting their own apache servers. Not multiple sites on one machine.

Code:
Public IP --> router --> Port fwd 80/443 --> [proxmox] --> internal IP #1 on VM listening on 80/443
                                                       --> internal IP #2 on VM listening on 80/443
                                                       --> internal IP #3 on VM listening on 80/443

Many thanks
You can do that with haproxy or nginx
 
You can do that with haproxy or nginx

I will present very simple solution that you can use like start point in your lab environment.

Code:
   | internet
   |
   | public ip
----------                             |-------|
| router |                      /------| web01 |
----------       |---------|  /        |-------|
     |-----------| haproxy |==
                 |---------|  \        |-------|
                                \------| web02 |
                                       \-------|
----------------------------------------------------------------
|                                proxmox                       |
----------------------------------------------------------------


traffic flow:

internet -> public_ip -> port forwarding 80 and 443 to haproxy private ip
haproxy will get traffic and based on http requested domain will make routing decision to send trafic
to web01 or web02

Example ip addressing

Code:
haproxy: 10.10.10.10/24 gw: 10.10.10.1
web01:   10.10.10.11/24 gw: 10.10.10.1
web02:   10.10.10.12/24 gw: 10.10.10.1

router lan interface: 10.10.10.1

You must have SSL cert for both sites. Let's Encrypt is free and fine solution

Very basic haproxy config for this topology

Code:
global
    log 127.0.0.1 local2 debug
    maxconn 2000
    tune.ssl.default-dh-param 2048
    user haproxy
    group haproxy

defaults
    mode http
    log global
    option http-server-close
    option httplog

frontend https
    bind 10.10.10.10:80
    bind 10.10.10.10:443 ssl crt /etc/ssl/certs/domain01.pem crt /etc/ssl/certs/domain02.pem
    http-request redirect scheme https code 301 if !{ ssl_fc }
    mode http
    option http-keep-alive
    acl domain01 ssl_fc_sni domain01.com
    acl domain01 ssl_fc_sni domain02.com
    use_backend domain01-back if domain01
    use_backend domain02-back if domain02

backend domain01-back
    mode http
    balance roundrobin
    server web01 10.10.10.11:80 check
backend domain02-back
    mode http
    balance roundrobin
    server web02 10.10.10.12:80 check

Like I say, this is very basic conf and is not for production use.
Now you have starting point for your research
 
I will present very simple solution that you can use like start point in your lab environment.



Like I say, this is very basic conf and is not for production use.
Now you have starting point for your research

This is awesome -- thank you very much, great jumping off point that looks like it's going to give a great head start.
 
The general term for what the OP is trying to get going is called a Reverse Proxy, if I understand the question correctly. Yes, NGINX is the best known. I had a something similar setup on my pfsense router, using squid. The reverse proxy interface was clunky at best. Took me over a week to get it figured out and working. When I finished, requests for office.<mydomain>.net went to my onlyoffice box, while requests for cloud.<mydomain>.net went to my nextcloud install. Likewise, cameras. went to bluecherry, etc. It didn't matter what port the destination service was running on either.
 
Check out "NGINX Proxy Manager" (NPM). It's a GUI to Manage your NGINX Reverse Proxy. Runs as a Docker Container (so you'll need to spin-up a VM or Container to run Docker). Really a great web front end to manage reverse proxies and includes SSL Cert Management via Letsencrypt.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!