I am fooling around for month's with rewrite, reverse proxy etc. but I still do not have a solution for this Problem:
I have a platform of Servers in 10.0.100.x
Access ist from a public IP to local net via 10.0.0.254 and apache proxy 10.0.0.250
(ispconfig) the customers network.
The platform is accessed via router 10.0.0.251 / 10.0.100.254 who redirects to nginx proxy 10.0.100.250
I am able to access all servers via http but NOT https as the SSL-Certificate shall be hosted at 10.0.100.250 as "director" for the backend servers.
So, a true passthrough at apache proxy 10.0.0.250 for http and https is required OR
the simple method would be an URL to IP pass like:
Sorry unfortunately I misinterpret your question since it was somewhat unclear, so your problem is actually not related to OpenWrt, it is related to ssl-certificate.
You may need to find a solution to sync certificate, you should get only one per domain, and Eg. on cloud environments people usually push the cert to an s3 and later get them from other hosts, using a cronjob task or something, you may use rsync or scp for that, private key will remain the same so you can copy it once. since it is a small file you can even put it on your openwrt box, but having other hosts will be better to use push/pull from/to the main one (the one with the letsencrypt auto renewal script)
Hmm yes it is soo easy to deny a feature request.
BUT! Think it over.
This really would be a cool feature.
The router catches the URL Request and opens the connection to the
local Server without any other features(that causes configuring to death)
Maybe as an addon to an SSO Server with maybe flask, nginx and acme
Yes , as I said I managed to use 2x certbot on both proxies to "create" or better download the certificate from letsencrypt. I will check if the auto-renewal will be on both servers.
But, as I said the other solution would be a really cool feature as the proxy configurations on nginx and apache2 are ... well only one possible word: horrible and bloody useless when the router enables trespassing with one single line of configuration.