Want to setup DNS Multi-Tenant on ERPNext with the nginx port set to something other than port 80.
Does anyone know if this is even possible?
What might I have trouble with if I try to go this route?
No, I don’t want to use the multi-port implementation of multi-tenant because I need to use FQDN domain names for the tenants. I just don’t want casual malicious persons to stumble on a port 80 login screen and start trying to do harm so I have chosen an unusual port number that is not reserved elsewhere.
Hi @bkm
well technically that depends how and where your server is hosted.
for me in a tiny local network I simply use CNAME subdomains at my hosting provider that points to my firewall/Router and that is forwarding the ports for http and https to that server whereas http is always forwarded to https by nginx.
Please use https for starters if you expose your server to the www!
So as long as your serverblocks in nginx.conf listen on the right ports and point to https port it should work on any port addressed from the outer world.
if you have a totally exposed host (all ports accessible) the same as the above should be valid. Even if that is not recommended - always have a propper firewall guarding you for only valid friendly traffic!
If you are hosted with a provider this should be the case anyway but then you might have a hard time doing so as mostly standart ports are reachable from the outer world
But lets be honest - if I want to harm your server I would not rely on port 80 but check for all open doors anyway and use scripts to see what protocolls are behind it, then take it from there… so to fully investigate your IP I have a good night of sleep while my Computer does the work. Anyone else (normal random unexperienced user) will have a very hard time harming your ERPNext installation - chances are 99,9 % they can´t do anything to harm it - I tried my self
even if some person would decide to propperly ddos your stuff it is a planed and precise action that takes experience and prior investigation since most firwalls or cloud services these days can protect you from it - downtime is not noticable!
No matter what port I use (other than 80), nginx can be told to watch the chosen port. That means the inbound traffic (user logins) must be told to use that port. So I was trying to figure out how to point a FQDN to an ip address with a port number.
I am not sure I can use a DNS record to tell erp.mydomain,com to point to 111.222.333.444:8787 Never tried adding port designations to an A record in the DNS records set. I don’t think it’s possible, but I will have to give it a try.
That was my reason for asking about DNS Mutli-tenant with an odd port number. Wanted to know if anyone had done this before.
No you cant tell a CNAME or A records to hit a certain port… only theIP or Hostname… regardless if the user aims for that port in the Address bar and it is forwarded by the destination router then it will hit the targetserver!
DNS is just resolving the IP or host not the port.
So as said - the user needs to hit the right port in the address bar
if that is really your need.
But as stated you really dont need that - just get a propper Firewall.
Oh and please hit the solution button and alter the Headding with [SOLVED] so the admins can close this
Thanks. That will save a lot of time it experimenting. I will just use the default port 80 so that my client DNS records can work properly.
BTW… I have never really had much luck with CNAME records unless the URL is from the same hosting company as the target host ip address. Not sure why that it the case. Each hosting company has different interfaces for setting the DNS records and no two are the same. Some allow different syntax than others and that makes it hard to set them for my clients. Constantly having to experiment with them.
well then your HOP is not working to specs as CNAME is intended to do exactly that as it should throw the underlaying canonical name on the CNAME as well if it cant deligate an IP via A or AAA…
Ahh… Well, I never have good luck with clients that have their URL’s on a GoDaddy account. That is where most of my problems begin when it comes to setting DNS records.
Thanks for the help. I may just spend some time on the phone with GoDaddy tech support from one of my client sites to see if they can shed some light on that.
All of the hosting companies are different. There is one that a client uses that requires an extra period at the end of an MX record (I think that was A2 Hosting) and another that disallows certian priority numbers for MX records (think that was HostWinds). Too many quirks to keep track of.
Ja, some HOPs just have funky security policies that are intended to leave little wiggle room for malicious traffic or to protect their customers from firewalling with a 20$ ISP Router that will give in if you push the right buttons… Its a good intention behind it.