"Virtual addresses" for internal applications

I'm not sure whether that is an actual OpenWrt question but I'm sure it is involved setup-wise so I'll go ahead.

I have two servers with IPs A and B. I have in my intranet 3 applications running on the addresses A:5000, A:5001 and B:5000 (ports are made up here).

  1. I would like to make the access a bit more convenient and have an address like serviceA.home.net or whatever pointing to A:5000. How do I achieve this? I tried to read up about the topics DNS and reverse proxy yesterday evening and I'm fairly convinced that I can achieve that with a combination of that but I'm not sure. Would I need to define some form of virtual address on the router, give that a static address and point that address to A:5000?

  2. Related but secondary - A:5001 and B:5001 could be two equal services hosted on both servers and I would like to do load balancing. That is a job for a reverse proxy like nginx AFAIK. If I host that on A and expose that as A:5002, would I then need to do the same procedure as in 1) to get this going or am I mistaken in both cases?

I agree that this is not strictly a OpenWrt question but I figured that you might actually know that a lot better than I apparently do. Appreciate the answers.

My two cents:

  • DNS does not deal with port numbers.
  • What you explain can be done using HTTP/HTTPS, are we talking about web applications?
2 Likes

Options:

  • IPv6 - all clients need IPv6 connectivity.
  • IPv4 over VPN - all outside clients need a permanent VPN connection.
  • IPv4 with split DNS - outside ports need to match the ones inside.
  • IPv4 over reverse proxy - study the relevant NGINX documentation.

You can also combine IPv6 and IPv4 methods.
A free IPv6 prefix can be obtained from an IPv6 tunnel broker.
With an IPv6 GUA, your clients should prefer IPv6 over IPv4.

Multiple web apps on the same host can be served with virtual hosts.
Multiple containers/VMs can be connected as separate hosts with macvlan.
See the libvirt documentation for shared host bridge.

You can use Cloudflare with argo tunnels, register your FQDN as cname pointing to your running argo tunnel id.
With this method you don't have to open any port on the firewall.
You can also harden access further by using ZeroTrust ans WAF rules.