When you need to expose a service running on a non-standard port (e.g., 10000) through a clean hostname like mywebapp.mydomain on port 80/443, DNS alone can't solve the port-mapping problem. Here's why:
- DNS resolves names to IPs only
- Port specifications require application-layer solutions
Option 1: Reverse Proxy (Recommended)
Using Nginx as reverse proxy:
server {
listen 80;
server_name mywebapp.mydomain;
location / {
proxy_pass http://localhost:10000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Option 2: Port Forwarding with Rinetd
/etc/rinetd.conf configuration:
0.0.0.0 80 myserver.mydomain 10000
Note: This will forward all port 80 traffic, so use judiciously.
Option 3: SRV Records (Advanced DNS)
While not HTTP-compatible, some protocols support SRV records:
_service._proto.mywebapp.mydomain. IN SRV 10 5 10000 myserver.mydomain.
Complete workflow for Nginx solution:
- Create DNS record:
mywebapp IN CNAME myserver - Install Nginx:
sudo apt install nginx - Create config at
/etc/nginx/sites-available/mywebapp - Enable site:
ln -s /etc/nginx/sites-available/mywebapp /etc/nginx/sites-enabled/ - Test config:
nginx -t - Reload:
systemctl reload nginx
- Always use HTTPS for production (certbot + Let's Encrypt)
- Restrict source IPs when possible
- Monitor proxy connection counts
| Method | Pros | Cons |
|---|---|---|
| Reverse Proxy | SSL termination, load balancing | Additional dependency |
| Port Forwarding | Simple, no app changes | No protocol awareness |
| Application Config | Native solution | Requires code changes |
Standard DNS resolution only handles hostname-to-IP mapping without port specification. When you create a CNAME like mywebapp.mydomain → myserver.mydomain, it doesn't solve the port requirement (10000 in your case). Here are three practical approaches:
# Nginx configuration example
server {
listen 80;
server_name mywebapp.mydomain;
location / {
proxy_pass http://myserver.mydomain:10000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}For web applications, implement HTTP 301/302 redirect:
# Python Flask example
from flask import Flask, redirect
app = Flask(__name__)
@app.route('/')
def redirect_to_port():
return redirect("http://myserver.mydomain:10000", code=302)Using iptables for Linux systems:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT \
--to-destination myserver.mydomain:10000
sudo iptables -t nat -A POSTROUTING -j MASQUERADEWhile mostly used for non-HTTP services, SRV records can specify ports:
_http._tcp.mywebapp.mydomain. 3600 IN SRV 10 5 10000 myserver.mydomain.Note: Most web browsers don't support SRV record resolution for HTTP/HTTPS.
- Reverse proxies provide additional benefits like load balancing and SSL termination
- Port forwarding at network level may bypass application security layers
- Monitor connection limits when using simple redirects