Generating 2nd URL for different IP

Hi,
I got pointed to this service when setting up a NextCloud server. A Hanssosit.se version with scripts to use the service. Works great!
First, I have some awareness of how DNS works, and some working knowledge of LAN addressing and port forwarding. But I may sound goofy as well. I did use Configuring your dynDNS Client — deSEC DNS API documentation

I have another VM running a debian based product (OpenProject). If it helps, my need is a NextCloud connection allowed to OpenProject. But using my LAN address to OpenProject does not work. So I am trying to create DNS URL to allow access, even if only via Internet address coming back into my LAN.

You can look up my ID and see the Comcast IP. Your service and whatever else was used to create the direct safe link gets me to my NextCloud VM.
Now I am looking to also get to my OpenProject VM, hoping to use the already established desec.io service.
Some simple specs.

Comcast IP is 73.216.2.55
Routing for port 80 & 443 is to my NextCloud VM at 10.0.0.252
I want to route via my desec.io buildupthekingdom.dedyn.io URL to my OpenProject via https at 10.0.0.178.
I followed the instructions in Configuring your dynDNS Client — deSEC DNS API documentation for Option 2 use ddclient. Here is the result. Any help is appreciated. Including after my garbled usage of technical terms.

With thanks,

Rory Griffin
protocol=dyndns2
use=if, if=73.216.2.55
ssl=yes
server=update.dedyn.io
login=RoryGriffinIT@gmail.com
password=‘not2begivenout’
buildup-vm-openproject.dedyn.io

Hi Rory,

Am I correct in assuming that Comcast is an Internet provider and that they connect your LAN (10.0.0.0/?) using a dynamic IPv4 address? This would imply your two hosts are in this same LAN, basically in a typical home setup?

If so, your question could be generalized to: How can I run multiple web services behind a single dynamic IPv4 address?

There is no such thing as a DNS URL! DNS resolves names to other data such as IPs. There are URLs using IPs and those using names to identify the host. The later use DNS to resolve the name to an IP and from that point on they are identical* in that the data is sent to that IP.
*) Browsers and tools such as curl will also use the name to insert the HTTP Host: header and when using HTTPS to insert the SNI when negotiating the secure connection.

So you have:

  • DNS: buildup-vm-openproject.dedyn.io A 73.216.2.55
  • Port mapping: 73.216.2.55:80 -> 10.0.0.252:80
  • Port mapping: 73.216.2.55:443 -> 10.0.0.252:443

And you want to add:

  • DNS: buildupthekingdom.dedyn.io A 73.216.2.55 or buildupthekingdom.dedyn.io CNAME buildup-vm-openproject.dedyn.io
  • And some port mappings pointing to 10.0.0.178?

DNS can only help you resolve a name to an IP address. If your two servers use the same public IP then DNS alone will not help you distinguish between your hosts. (Other protocols such as HTTP — Host: header —, or TLS SNI may help. The port numbers can also be used to differentiate the target.) DNSSEC and by extension deSEC is no different than DNS in this respect.

That does not make sense! Given a http:// URL, how would the client know to use HTTPS?

I have no knowledge of how you handled the mapping between public and private IPs. Probably some port forwarding setup in your router? You might be able to set up different ports for one of the hosts and map them, e.g.:

  • 73.216.2.55:80 -> 10.0.0.252:80
  • 73.216.2.55:443 -> 10.0.0.252:443
  • 73.216.2.55:8080 -> 10.0.0.178:80
  • 73.216.2.55:8443 -> 10.0.0.178:443

Note that some services get confused when such a mapping is used. I don’t know how NextCloud or OpenProject would handle this but you could probably solve this by reconfiguring e.g. OpenProject to listen on port 8080 and 8443 and map:

  • 73.216.2.55:8080 -> 10.0.0.178:8080
  • 73.216.2.55:8443 -> 10.0.0.178:8443

But using different ports would require you to adjust some of the calling URLs to include the alternate ports.

Or you set up one of the hosts to initially receive all packets and act as a proxy for the other one using virtual hosts and Host: / SNI to distinguish the target.

Setting up two DNS names for the same IP is no problem. Either use a CNAME or simple add another A or AAAA record. The later requires updating both when the public IP changes of course. The former is much easier to mange as most routers include a DynDNS client and can keep one name up to date.

If you also get a public IPv6 prefix from Comcast you may be able to use IPv6 instead of IPv4 which would allow different IPs for your Hosts. Given a dynamic IPv6 prefix setting this up correctly ist not exactly trivial though.

HTH
fiwswe

1 Like

As fiwswe already pointed out, if you only have one public IPv4 address, you cannot route two DNS names on the same port via IPv4 HTTPS to different virtual machines.

My suggestion would be to take the Debian based OpenProject VM, add a second vhost to its Apache config for the Nextcloud host and set up a ProxyPass (using mod_proxy_http) to forward the traffic to the Nextcloud VM (Probably also possible the other way round, my suggestion is based on the fact that I know how OpenProject’s apache config looks like, and I don’t know how Nextcloud’s one looks like).

Then you can point both names to the same dyndns IP (e.g. via CNAME), route the traffic to the Debian VM, which will forward the needed traffic to the Nextcloud VM.

You will need to setup both VM’s HTTPS certificates on the Debian VM and the traffic inside your network between the two VMs will be unencrypted (so you’d need a different solution, like different ports, if this is a problem for you).

You also need to keep in mind that as your public IP address is in the DNS, depending on your network connectivity your VMs won’t be able to reach each other via public hostname. The easiest way to fix this is to add each other’s IP addresses for the two dedyn host names into the /etc/hosts file on both VMs. So that the VMs won’t use DNS but the direct internal IP address.

fiwswe, mihi,
Thank you for your responses. First I had to find out bitnami rules for changing listenening ports (they created the prebuilt OpenProject VM package). CHange Xfinity port forwarding. And my Lastpass details. As I said I know some things, but you answered my question and gave me info for a solution. From my home computer I typed in https://builldupthekingdom.dedyn.io:8443 and voila! Have a great week! And since it is Friday a great weekend, too.

Rory