Use MikroTik as Transparent Web Proxy Server for Multiple Web Servers

Scenario:
You have single public IP address 188.50.11.21 and 2 internal web servers hidden behind public IP address:

  • www.example1.com – 192.168.1.243
  • www.example2.com – 192.168.1.245

And you would like to forward traffic to each of the web server at the WAN side. RouterOS and his Web Proxy package allows this for HTTP traffic (not HTTPS).

Here are steps how to proceed (tested on 6.37.X):

You need to enable Web Proxy:

/ip proxy
set enabled=yes src-address=0.0.0.0

Then define which web addresses and ports to permit on proxy side (note last action deny – this will secure our Proxy Server as Private and not to be Open):

/ip proxy access
add dst-host=www.example1.com dst-port=80
add dst-host=www.example2.com dst-port=80
add action=deny

Note: If you want to define single dst-host for multiple records like example1.com and *.example1.com use this: add dst-host=*example1.com dst-port=80

After define static DNS record for Mikrotik Proxy to know where to forward request (or you can use advanced regex record also for subdomains):

/ip dns static
add address=192.168.1.243 name=www.example1.com
add address=192.168.1.245 name=www.example2.com

Last step will be enable of NAT on from WAN>MikroTik Proxy Web Server:

/ip firewall nat
add action=redirect chain=dstnat dst-address=188.50.11.21 dst-port=80 protocol=tcp \
to-ports=8080

Final workflow would be like this:

Internet user visit www.example1.com -> 188.50.11.21:80 -> 188.50.11.21:8080 -> 192.168.1.243:80
Internet user visit www.example2.com -> 188.50.11.21:80 -> 188.50.11.21:8080 -> 192.168.1.245:80

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.