Can we set the port as well as the DNS name of the site?

From what you write - you would need to set this on the reverse proxy to be translated. But why would you change your internal port and keep it externally on HTTPS/443 ?

Regards

Florian Rossmark

www.it-admins.com

No that's not what I write. Here is the normal situation:

PRTG on server myserver.local port 843 (443 is already in use) - this is fine internally, but for external this could be mydomain.com port 843 as I don't own the myserver.local domain.

A device, for example mobile phone internally would be set up the connection to https://myserver.local:843 and would work fine. However the moment they left the internal connection e.g. left the building, unless they use a VPN then that URL would cease to work. They would need to switch to https://mydomain.com:843 - not very convenient, and all the emails would be wrong as well.

So to prevent this and also make life easier as who wants to open and expose unnecessary ports externally, I have set up a web proxy on the firewall (HAProxy to be exact). It forwards both internally and externally https://prtg.mydomain.com (port 443) to https://myserver.local:843 - the "prtg" subdomain tells the proxy which server to connect to internally.

This works perfectly for both internal and external connections as the URL does not change, but as I stated in my original post it does not get reflected correctly in the emails sent out by PRTG (and the link it displays during an upgrade).

If there's a better way to do this I'm happy to hear your ideas.

As for .local internal and .com external - you can just always use the .com address internal and external - all you need to do is add a DNS zone prtg.mydomain.com to your DNS server and point it to the IP of your PRTG server - be careful, cause if you add the whole mydomain.com as a zone and prtg as a CNAME or A record you will need to add any external real world DNS setting there as well... but that's another topic...

What I don't understand is the issue with emails you talk about - that's quite confusing.. emails should always be your @mydomain.com public address - sender and receiver.

Sorry - I am a bit confused with what you really try to accomplish.

Regards

Florian Rossmark

www.it-admins.com

This is a sample from a recent email, the links do not work outside of my network (domains changed to protect identity):

Date/Time: 12/11/2018 10:34:28 (W. Europe Standard Time)
Last Result: 
Last Message: Failed to establish secure connection [Step 0] Socket Error # 10061 Connection refused. [Step 1] Socket Error # 10061 Connection refused. [Step 2] Socket Error # 10061 Connection refused. [Step 3] Socket Error # 10061 Connection refused. [Step 4] Socket Error # 10061 Connection refused. [Step 5] Socket Error # 10061 Connection refused. [Unsecure] IOHandler value is not valid
=============================================================================
Probe: X-1316
https://mydomain.co.uk:8081/probenode.htm?id=1
Group: Servers
https://mydomain.co.uk:8081/group.htm?id=64

I can set the DNS name, but PRTG adds the port as well to the URLs

• You need to set the DNS name in SETUP \ SYSTEM ADMINISTRATION \ USER INTERFACE to your external domain name.
• You need to create an internal DNS zone on your DNS server that has the same name - Windows:
  • DNS Manager
  • open DNS server
  • Forward Lookup Zones
  • Add new Zone
  • Primary Zone / Store in AD
  • all servers in domain or forest - as you need it
  • zone name: same as the external DNS name set in PRTG and reachable outside
    • mark the new zone
    • right click and add a NEW HOST
    • name - leave this blank
    • IP Address - your internal PRTG server IP
• External DNS / provider DNS
  • your domain.co.uk
  • add a host entry (A)
  • point it to the external IP address

I suppose the external DNS is already set correct.

Adding the same external domain as e.g.: prtg.mydomain.co.uk to your internal DNS server as a zone will allow you that your internal DNS server will resolve the IP to your private internal IP and from external your resolve to the public IP.

This is because, the internal DNS server will find this specific zone and DNS name and therefor return the internal IP to the DNS requester (client) - unless this zone is set up your internal DNS server would not find it in his own database and then go to a forwarder or root server to find the responsible DNS server and ask him instead what would result in a public IP address.

Once you have set up the DNS name correct in PRTG - your emails respective the URL in there should change - further should you be able to access it externally - and internally of course once you added the forward lookup zone to your DNS server so it can resolve it internally different then externally.

Hope this helps you. If not - I might misunderstand your issue still and need more clarification if possible.

Regards

Florian Rossmark

Thank-you for taking the time for your response, it's truly appreciated, but it's not what I'm asking as the proxy is dealing with both access from internal and external - the only problem is as per my original question "Can we set the port as well as the DNS name of the site?". The issue is the "port" not the FQDN, but perhaps it's not clear that I don't mean the actual port used by PRTG as it's not the same i.e. 443 vs 8081

PRTG keeps putting the port of the local server in every URL of its emails, the FQDN is fine, and for some reason so is the page displayed during an upgrade. See my previous example.

I don't want to expose another port to the internet when I don't have to - it's only HTTPS traffic so a proxy can and does do the job, but I can't use port 443 on the PRTG server because that's in use by another set of services.

In the end it's not a critical issue, but something that would be nice to fix.