-
Notifications
You must be signed in to change notification settings - Fork 112
Gotchas
Max Dor edited this page Oct 1, 2017
·
6 revisions
If you are using NAT and doing port forwarding (with or without a reverse proxy in between) to the homeserver/identity server running on the same box, then you will most likely run into the issue that the homeserver is not able to talk to the identity server.
This is because the domain used is a public one that will give a public IP, forcing your gateway to rewrite the packet, sending it back to the homeserver/identity server box for a connection it is not aware of (and sending a RST packet).
There are several options to go around this:
- Have at least two IPs on the box running the HS and IS and reverse proxying IS endpoints to the 2nd IP
- have a mechanism to resolve the DNS name to the internal IP via:
- local
/etc/hostsor equivalent - your internal DNS (Bind9 with split view or dnsmasq with record overwrite)
- local
- handle mirror NAT and perform a rewrite of the source IP after NATing (so essentially double NAT)