Multiple Web Servers at Home

2

I want to build a home network which has multiple webservers inside and plan to use tiny processor boards like raspberry pi, etc. as webservers.

I found that I need to use reverse proxy to reach multiple servers from one public IP's. My plan is, the behind the modem there will be two separate networks: one for everything other than servers, second for servers only. On server network next device is reverse-proxy and last devices servers.

Server network like this: [ modem -> reverseProxy -> Servers). ] -> OtherDevices (PC,Phone etc.)]

My questions are:

  1. My reverse proxy device which I plan to use has 2 Network Ethernet Controllers. Do I need to create another sub-network(NAT I guess) for security or other reason? Do I need to use both ethernet ports?

  2. My second question if I use both ethernet ports do I need routing between 2 network or nginx reverse proxy will just handle it?

  3. My last question if I use routing between two networks does it cause any security issue? Is it worth to use both ethernet controllers? Take spending time and security into account, should I just use one controller or both with bridging or Nat?

Emre Anıl TERZİOĞLU

Posted 2019-12-11T07:17:17.880

Reputation: 23

I cannot help you with all the details, but it sounds to me like what you are going to set up with two networks is similiar to what is known as a DMZ where the computers in the DMZ are accessible from the outside and from the other inside networks, but where they are not able (for security reasons) to access anything in the other inside networks. – MortenSickel – 2019-12-11T08:01:17.737

@MortenSickel Actually only reverse proxy device can be accessible from outside with help of Port forwarding so i think my network has no DMZ but not sure :) – Emre Anıl TERZİOĞLU – 2019-12-12T07:45:44.673

Answers

2

Reverse proxy is not the same thing as IP routing – it only forwards the HTTP requests at application layer; the proxy itself acts as the TCP server and as client.

So the only requirement is that the proxy itself must be able to connect to the final webserver, but it doesn't matter whether they're on the same subnet or not. There is no DNAT or anything like that involved, so you can use a single interface – "NAT loopback" won't be an issue.

user1686

Posted 2019-12-11T07:17:17.880

Reputation: 283 655

Thanks for the answer. Do you think is this a good way to serve multiple servers from one public ip? My another question if I want to use 2. interface too what should I do about connecting these 2 interfaces? routing TCP ports with iptable is enough or should i do another things. – Emre Anıl TERZİOĞLU – 2019-12-12T08:01:24.470

Yes, it's very commonly used. – user1686 – 2019-12-12T08:32:35.993

Asked: 2019-12-11T07:17:17.880

Viewed: 58 times

Active: 2019-12-11T08:02:59.167