Two HTTPS sites, same domainroot, different servers, one public IP?

[nitrobass24]

I have a single public IP
Single Domain name pointing to that IP (nitrobass24.com)
Right now I have a Citrix Access Gateway setup
I have a godaddy cert for nitrobass24.com
That all works great

I am trying to setup OwnCloud, so i can do file syncing over HTTPs

What i would like is

https://nitrobass24.com/access -->Citrix Access Gateway
https://nitrobass24.com/owncloud-->OwnCloud

Can i do this with just a reverse proxy?

 

[-Dragon-]

Yes, the RP then does the SSL for both servers to external users, and can either forward to the correct internal server via HTTP or HTTPS

 

[nitrobass24]

ok cool - any suggestion on technology? I can go MSFT, but that feels excessive.

I could do an nginx or apache, unless there is a better suggestion based on how i want to redirect.

 

[/usr/home]

I'm curious on this as well.

 

[-Dragon-]

Honestly I use Forefront TMG as my network firewall, and it's quite excessive. Honestly I'd much rather use something much more lightweight like pfSense and am actually planning to convert the firewall to pfSense and convert the TMG box into a straight router instead of NAT and put some of my servers on the network between the two and use IPv6 there when it goes live in my area and keep most of my clients and web servers behind the TMG router.

While I'm not terribly happy with TMG esp. since development has been discontinued, it has amazing reverse proxy support that makes publishing exchange, share point, and really any other web server you want practically trivial. It makes a web listener on 443 and 80 and forwards based on both host name and subfolders (e.g. you could make cloud.nitrobase24.com and nitrobase24.com/access work if you had a wildcard cert), and since it handles the SSL processing you only need HTTPS enabled on the there, it can then forward HTTP requests from the firewall to your web servers reducing that load (I use this for my synology forwarders since HTTPS can stress those little atom CPUs if doing bulk HTTPS transfers). It does need a valid cert if it's going to use HTTPS to connect to the server so you'll either need to import it to the local machine trusted certs or use a domain generated cert.

TMG also has built in support for exchange edge servers to make that deployment a breeze as well, and a decent URL filter and malware scanner, so finding a replacement that is as easy to use for reverse proxy, URL filtering, and malware scanning is a bit of a bitch.

You're probably going to have to setup an apache box and configure it as a reverse proxy, so Firewall:443 -> apache -> appropriate web server