Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 5508 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Request Redirection to another (external) server

GernotMeyer

Hi,

I am using lets encrypt. The certificate has 2 names: server.domain.com and domain.com.

But both are pointing to different server in the internet. One to 1.1.1.1 other to 1.1.1.2.

The lets encrypt environment is on 1.1.1.2. So yes!: I can have 2 certificates. But because of other things it would be good to have only one.

How to proceed:

I defined a redirection on 1.1.1.1 (sophos SG to redirect all traffic from 1.1.1.1/.well-known/acme-challenge/* to 1.1.1.2/well-known/acme-challenge/* but it doesn't work.

 

 

Is this possible like this or not? What is wrong?



This thread was automatically locked due to age.
  • 0

    Have not played with redirection or with LetsEncrypt.   But I think they can issue wildcard certificates.   That would be the cleanest configuration.

  • 0

    On further thought, this is not even possible.

    Redirection returns a pointer, something like "Sorry, but I have moved to a new address".   Example:  I navigate to server1.example.com/something, and it says "try again using server2.example.com/somethingelse"   So server1 and server2 both need to resolve to valid DNS entries, and if TLS is used, they need to have valid certificates that match their names.

    Some web servers implement virtual directories, where the web server relays requests for public system server1.example.com/something to internal system server2.example.com/something.  This is not something UTM attempts to do, but you might be able to do it on your webserver.   Of course, it can be messed up by path conflicts, and the scripting logic on the second server might get confused by the relay mechanism.

     

  • 0

    Gernot, why do you have /.well instead of /well ?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML