Re: Port 80/443 router conflict

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Stephen Partington
Date:  
To: Main PLUG discussion list
Subject: Re: Port 80/443 router conflict
You have two likely issues to overcome. The First is that letsencrypt
REQUIRES port 80 for certbot validation, Unless you can control your DNS to
perform DNS authentication. they disabled HTTPS validation some time ago.

This is the part that makes the above part obnoxious. Port 80 on just about
any ISP for the last 30 years has been blocked. Sometimes you can get it
turned on for business accounts, sometimes on a home account for WFH type
purposes. but rarely without a cost. This will the foul LetsEncrypt in a
big way for their normal validation.

With your DDNS provider it will vary depending on what your provider is.
Google has great DDNS support. Dreamhost, not so much.

DDNS is ususally what will be used for a system that is on DHCP and will
need to have its ip/dns records updated. CNAME is for a redirection of
Domain A to Domain B (No IP).

Here is the fun voodoo of a modern webserver. Apache and nginx both do this
well. You can put up one of those web-servers and use it as a web-server.
and then use a reverse proxy from that server into a website or location on
another machine that is not exposed to the internet. So your NAS is now
behind a location on your main server. IE your network is homedomain.org
and your webserver responds to it. your NASis behind your firewall, but you
set up a reverse proxy on your webserver so now homedomain.org/NAS goes
directly to your nas device's web page. If you have more DNS and DDNS tools
available you can create nas.homedomain.org and tell your webserver to talk
all nas.homedomain.org traffic and redirect to "webiste" A wich is a
reverse proxy to your NAS and then all other traffic si handled by
"website" B on the server itself.

I have had limited success with this because I am very new to this. But it
is an interest learning process and you learn a great deal about webtraffic
and the like.

On Mon, Mar 11, 2019 at 2:17 PM Herminio Hernandez, Jr. <
> wrote:

> The issue most of of the box routers have pretty basic port-forwarding. If
> you are already forarding 80/443 to one server then you will not be able to
> use it on another server unless you have more than public ip address.
>
> On Mon, Mar 11, 2019 at 2:14 PM Carlton Brooks <>
> wrote:
>
>> I have a successful homeassistant setup running on a NUC with a
>> letsencrypt certificate. It uses Port 80 and 443 for internet access.
>>
>> I just bought a Synology NAS disk station DS918+ to do all my bacups etc.
>>
>> If I want to access the outside world with the NAS with an SSL or
>> Letsencrypt certificate, I again need to have port 80/443 open.
>>
>> This is where I need help. I will admit the lack of knowledge at this
>> point but I do know that two devices can not share the same ports, but
>> how might I configure the NAS to gain outside secure access.
>>
>> I can get a domain name but am confused as to using a DDNS or cname to
>> gain access.
>>
>> Any help in "somewhat" simple terms would be greatly appreciated.
>>
>> Thanks
>>
>> Carlton Brooks
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss




--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.

Stephen
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss