Using domain name instead of ip:port

msnews · April 28, 2023, 5:32pm

Hi,

since I configured nextcloud on router. I configured:

accessing luci on port 81 and 8443(https)
accessing nextcloud on port 80 and 443

Now I want to use domain name instead of ip:

Entering myrouter.com to open 192.168.10.1:81;
entering mycloud.com to open 192.168.10.1:80.

How to achieve this?
thanks

frollic · April 28, 2023, 5:54pm

You can't, DNS and port are two different things.

lleachii · April 28, 2023, 6:05pm

msnews · April 28, 2023, 6:09pm

ok. thanks

msnews · April 28, 2023, 6:10pm

just for my LAN use, no public access from wan

lleachii · April 28, 2023, 6:17pm

Not sure what your response means - nonetheless DNS A/AAAA records cannot be used to specify a port.

You could use another Private IP to NAT to another IP, but that's not what you you desire, as you want some kinda port change.

msnews · April 28, 2023, 6:23pm

Thank you. Not a big deal, I just use ip+port.

TjeuKayim · April 28, 2023, 8:00pm

The easiest solution is probably to configure lighttpd-mod-proxy as reverse proxy. Their documentation also uses port '81' in one of the examples, see https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_proxy#Options

In the future, when draft-ietf-dnsop-svcb-https has gained more adoption, this new DNS record allows specifying different ports. At the moment, Safari on iOS already supports DNS responses like myrouter.com. 300 IN HTTPS 1 . alpn="h2" port=81 ipv4hint=192.168.10.1 and connects to port 81, as I tested with OpenWRT package nsd-nossl_4.6.1-1 that supports that record type. Though most other browsers do not yet implement this.

eduperez · April 28, 2023, 8:01pm

Using NGINX (or other reverse proxy), you can have more than one service on the same address and port.

msnews · April 30, 2023, 10:23pm

good to know, thanks. Nextcloud does not fully support lighttpd(I got some unresolved errors) so I am using nginx now,

msnews · April 30, 2023, 10:24pm

I am using nginx. Can you explain in details?

stangri · April 30, 2023, 10:33pm

If memory serves me correctly, the fakeinternet package does something similar with resolving a domain.com to a local IP (192.18.1.1) and then redirecting requests to port 80 on that IP to 192.168.1.1:88.

Obviously you'd have to duplicate everything it does for each additional domain you need hijacked.

tboege · April 30, 2023, 11:04pm

I am using haproxy to share multiple services on the same port

papdee · May 1, 2023, 5:33am

put luci back on port 80 and configure the webserver to manage the redirects based off the URL so that myrouter.com redirects to 192.168.10.1:81 and mycloud.com to 192.168.10.1:82. Not sure if uhttpd can do this but nginx certainly can.

frollic · May 1, 2023, 6:36am

Apache can too.

spence · May 1, 2023, 1:37pm

If you are using http only and not https then the redirect or reverse proxy should be fairly straight forward to implement.

It may get more complex to also work with https (ssl/tls).

It has been several years since I worked with these issues but another potential solution is to add a secondary IP (alias) and bind one of the http servers to the alias and set DNS names to match if your goal is only for access on the lan. Unfortunately I don't have OpenWrt experience with this to give specific config advice.

gstrauss · May 3, 2023, 5:55am

This is true of any HTTP server, or HTTPS server supporting TLS SNI (server name indication), which includes lighttpd, and includes nginx.

gstrauss · May 3, 2023, 6:01am

lighttpd documentation

As others have noted, you need to configure DNS for domain names.
If you configure DNS with
myrouter.com 192.168.10.1
mycloud.com 192.168.10.1
then you can configure lighttpd to respond to them separately

$SERVER["socket"] == ":80" {
    $HTTP["host"] == "mycloud.com" {
        ...
    }
    #else {
    #    ...
    #}
}
$SERVER["socket"] == ":81" {
    $HTTP["host"] == "myrouter.com" {
        ...
    }
    #else {
    #    ...
    #}
}

lighttpd will still be listening on both ports, and can be configured to respond with a default site different from the other two, if desired.

If you are using TLS, then you should configure TLS certificates with those names, and tell lighttpd about those certificates.

eduperez · May 3, 2023, 9:09pm

The difference is that a pure HTTP server (acting as a server and not as a proxy) will only be able to serve their own content, while a PROXY can be used in front of different servers.

gstrauss · May 3, 2023, 11:20pm

Hi @eduperez, I am a lighttpd developer and well-versed in HTTP and related protocols, including proxying HTTP.

I'm sorry but I do not understand the point you have been trying to make.

You wrote:

Using NGINX (or other reverse proxy), you can have more than one service on the same address and port.

That could have been written equivalently as
"Using lighttpd or NGINX (or other reverse proxy), you can have more than one service on the same address and port."

Again, I do not see the point you were trying to make, other than possibly that you know how to use nginx. Congrats! So do I. I do prefer lighttpd, though I am a bit biased.