How can I reverse-proxy-forward a subdomain to a specific internal port?

Question

I'm struggling to forward subdomains from WAN to particular services on my LAN. Most services are running on a NAS with a static LAN IP address. Some of the services are Docker containers, some are native in the NAS, each has its own port and already works fine on the LAN through that port.

What I want:

• How do I use reverse proxy to map each subdomain with standard port into internal IP with custom port? e.g.:
• https://subdomain.example.com:443 --> https://192.168.1.11:5001
• https://another.example.com:443 --> https://192.168.1.11:9007
• http://third.example.com:80 --> http://192.168.1.11:7777

What I have:

• Static IP: My ISP guarantees static IPv4 + IPv6 addresses, so I know that the IP is correct.
• Domain: The DNS listing is managed with my web hosting provider where it is pointing to the static IP of my home DSL connection. I understand this to be a "wildcard" domain, so no configuration is necessary (nor even possible) for individual subdomains.
• DSL modem: This has the static WAN IP and is configured to be "wide open" because my gateway is the only LAN device. No wifi.
• Gateway: UniFi USG with a web interface; it sees the DSL modem on the WAN side and my home network on the LAN side. I can forward desired external ports to desired LAN IP addresses + ports:
  from WAN IP * port 80,443 to LAN IP 192.168.1.11 port 80,443.
• Server: Synology NAS with static LAN IP and built-in reverse-proxy functionality, e.g. http://bin.example.com --> http://192.168.1.11:7777
  and for each service, I can specify WAN protocol+hostname+port, enable HSTS, enable HTTP/2, and internal protocol+hostname+port.
  
• Services: e.g. running a Docker container in bridge mode (lives on the host's IP address) with a published HTTP port 7777 toward its internal container port 80. Thus, http://192.168.1.11:7777 is a service I can access from a LAN computer.
• Pi-hole: A Raspberry Pi running Pi-hole. The gateway has this configured, and LAN devices are auto-dhcp (except the NAS with static IP).

Preliminary results:

• LAN computers can access the service equally well on http://example.com:7777/ and http://192.168.1.11:7777/ but not on http://bin.example.com/ and get the error DNS_PROBE_FINISHED_NXDOMAIN.
• WAN device (my smartphone with WiFi off) can not access the service on any of those addresses and get the error DNS_PROBE_BAD_CONFIG.
• WAN device can access the NAS's built-in services like the website at http://example.com//https://example.com/ (standard ports 80 and 443).

Answer 1

It sounds like you don't have anything doing the reverse proxying.

Reverse proxying is normally done by webserver software. Many advanced webservers (nginx, Caddy, Apache) will let you setup virtual hosts that do nothing but forward traffic to something behind it, and allow you to specify a port for the destination.

nginx has caching capabilities and a reputation for being very fast so it's often used for this purpose.

So you could install nginx and configure it, creating a virtual host for each of your services.

nginx will take some time to really learn but it's very powerful.