06-02-2019, 07:25 AM
(06-01-2019, 06:14 PM)humanpuff69 Wrote: But one of the problem is that it only have little port and doesnt open port 80 or the http port , this is bad for website
Losing port 80 and 443 mean that setting up https and using cloudflare is not possible . Correct me if im wrong but it is enough for my web app
Well. The title as well as the content of this thread clearly indicate that it is a NAT VPS and it is also mentioned that you only get a certain number of non-standard ports for IPv4. That's why it's not fair to complain now (imho).
Maybe you don't know what a NAT VPS is? A NAT VPS is one of many VPSs on a host node with a single IPv4 address. In order to provide access to the Internet and reach the VPS from outside the NAT technology is used. There is a internal network (NAT LAN) and the external network (Internet). When the traffic goes from internal to external the NAT setup on the firewall will replace the IP addresses inside the data packets to the one single public IPv4 IP address. Backwards it is the same way (the public WAN IP is replaced with the private NAT LAN IP of the VPS). All of this is done through a NAT port map where all records are stored so that the the NAT knows who has sent/requested the outgoing/incoming data packets.
![[Image: IC196010.gif]](https://i-technet.sec.s-msft.com/dynimg/IC196010.gif)
What all of the above means is that you can't use any common port easily because a port can only be used once per IP address. You have many VPSs and all want to host a website on port 80/443. That wont work. You will experience notorious errors like this port is already in use or cannot bind socket.
OP has mentioned upcoming HA proxy support. This will help with the NAT issue and providing access to port 80 / 443 for all VPSs. What it does is internally redirect the requests to the web server on the NAT VPSs based on certain rules.
For example you open "www.p4v.com" and this site is hosted on a NAT VPS behind HA proxy. What happens is that the request is first received by the HA proxy. The proxy checks its configurations and looks for the NAT VPS that hosts the domain "www.p4v.com". If it can find the host it will forward the data packets to the NAT VPS and its web server. So based on the configured domains inside the HA proxy the traffic can be handed off internally to the VPS that hosts the web server for that domain. This way you can share port 80 / 443 between all the internal NAT VPSs behind the single IPv4 IP address. The actual web server on the NAT VPS can run at any port for this purpose. It won't matter which port the web server uses.
![[Image: load-balancing-haproxy-nginx.png]](https://wakatime.com/static/img/blog/load-balancing-haproxy-nginx.png)
You get a full /80 IPv6 prefix for use with the NAT VPS (if your location supports IPv6). You can use any port you want on that IPv6 prefix including 80/443. This means you can host all normal applications at their common ports.
The question now is most likely: but I have no IPv6 and how can I reach it? How can my clients reach it? Well. You mentioned Cloudflare. BINGO! You can run a IPv6 only setup on your VPS and use Cloudflare to provide IPv4 access to the services on your VPS. This way everyone can access your service without having IPv6 access on their end.
I wrote a guide for this on FreeVPS.us a while ago. Since that the Cloudflare UI has changed a bit but the guide still works as is and I use it with my NAT VPS from OP.
URL: https://freevps.us/thread-16793.html
Works well. I setup self signed SSL certificates on the VPS and changed the SSL setup in Cloudflare to full. So my web server on the VPS only listen on port 443 with SSL only (no HTTP / 80). Be aware though that I wouldn't recommend processing private information because Cloudflare is a MITM (Man in the middle) and can decrypt the SSL traffic (better said it not only can but it does decrypt it to actually process it). This means they could a) steal information and b) manipulate traffic.
A thing of trust and security.
![[Image: zHHqO5Q.png]](https://i.imgur.com/zHHqO5Q.png)