I am setting up a website and i have a server that redirects all traffic on port the HTTP and HTTPS port to my real server to hide my ip and prevent DDOS and other stuff and i want to know if the ssl certificate will still work with the server in the middle of the client and the real server. I have made a diagram to show it more clearly.
Hi @EvanGamer2019, and welcome to the LE community forum 
Unfortunately, for me, the diagram lacks enough detail to answer your question with certainty.
In general, this seems like what any CDN (like CloudFlare) is doing.
If so, then, yes; the "CDN" device can obtain and use certs and then proxy to the actual backend content.
So basically what is going on is i have the client connect the VPS that will forward the packet to my server and then once the server is done processing the request it sends it back to the VPS witch sends it back to the client. And my domains DNS server will have my VPS for the A record. So its basically a proxy to hide my servers real IP.
So you have a basic reverse proxy setup. Do you have multiple servers to handle requests forwarded by your VPS? If so, your VPS is acting as a load balancer.
As the client would actually connect to the reverse proxy, it's also that device that should have the certificate. The connection between your VPS proxy and actual servers could also be a certificate from your own private CA for example.
So how would i set it up could i use cert bot on both server for it to work. My VPS is not a load balancer it only sends it to the one server
Not sure as I'm not familiair with sslh (I assume you mean GitHub - yrutschle/sslh: Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port) by that, right?) Its README doesn't contain much info unfortunately.
Although.. If I read it correctly.. sslh is a transparent proxy and does not function as a TLS endpoint at all.. That would mean your webserver behind sslh would terminate the TLS connection and you could run certbot just at your webserver behind the proxy. No need for multiple certificates.
I saw a guide on it where you can actualy use it to forward any port from any ip to another ip. So for example someone with the ip 0.0.0.0 sends a packet on port 80 to my sslh server at 0.0.0.1 and then the server sends it to my real server at 0.0.0.2 and my server then gets the packet and then sends a packet to 0.0.0.1 and the server sends it back to 0.0.0.1. I believe thats how it works. So it should work as you say correct.
You should be able to easily test that config with HTTP.
Once that works, then complicate SECURE it with HTTPS (LOL).
Thank you for all the help.
I hope you were meaning 0.0.0.0 or you'll have a loop 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
