Set up internal availability of a public WEB server


I connected my web server (in Docker container) via Traefik and set up port forwarding from the WAN interface on the router to the Traefik container on DMZ.


Access from the Internet (PC-2) and from the DMZ (PC-3) - the same VLAN - works without any problems. Unfortunately I cannot reach the reverse proxy and the WEB server from the private VLAN. Instead of Traefik reverse proxy , I get an answer / error message from the router that the certificate is invalid. What do I have to configure (NAT, port forwarding, etc.) so that the connection from other VLANs works?

Many thanks for your help!

The simplest way to do this is to put an entry in /etc/hosts of the OpenWrt main router matching the public name to the private IP. Restart the dnsmasq process to load the name into the DNS server. Then using the public name on PC-3, it will receive and use the LAN IP for a direct connection, but the name on the certificate still matches.

Hi @mk24, thanks for the your reply. I configured the matching and traffic rule allow internal port 8443, Traefik runs with me in a bridging mode and port 443 is already occupied by docker host. Unfortunately it didn't work, probably because of entryPoint on traefik (443). I can try to move the traefik container to macvlan, but before I start with that, is there another way to route through the wan interface? I saw, it's possible to translate the source ip address to ougoing interface. Would that be a solution? Unfortunately I have no experience with this :frowning: