I have servers set up on a huge local intranet/network where they hosts local websites, however I want HTTPS on the websites hosted from the servers. I need HTTPS since the websites uses HTML 5 and uses phone cameras to take pictures and so forth. And I cant selfsign a certificate since I dont want the users to have to see errors and feel unsafe.
But the servers has to be private, inside the routers firewalls. I own a public domain, lets call it www.example.se. It would be really nice to go to www.example.se and it points to my private IP with the domain-name in the browser and https. Since its a public domain, https should be easy to fix?
The servers have two local dns ip adresses and one local dns name, which all are unreachable if you are not within the same internet. The public ip of the machines have almost all ports blocked from outside. The only way in to the network is being directly connected to it.
Im having a hard time getting my head around how to fix it, or if its even doable. Would like some tips on how to fix this, or a suggestion on how to make this work with some other solution. I just need the https to access user media (navigator.mediaDevices.getUserMedia(constraints)), and its nice to have https to give the users a sense of security.
EDIT 2017-11-20: Adding some more information.
From one of the clients computers inside the same router and firewalls I get this information when grepping DNS servers.
- IP4.ADDRESS[1]: XXX.XX.133.231/22
- IP4.GATEWAY: XXX.XX.132.1
- IP4.DNS[1]: XXX.XX.132.3
- IP4.DNS[2]: XXX.XX.172.2
- IP4.DOMAIN[1]: 'EXAMPLE'.local
- IP6.ADDRESS[1]: fe80::xxx:xxx:xxx:xxxx/64
- IP6.GATEWAY: --
If you have the DHCP server within the intranet under your control, you can specify a DNS server that everyone has to use. That DNS server can point to local IP addresses. Then, it will look like an ordinary website to visitors within your network.
If you want to connect via HTTPS, you would have to use something like Let's Encrypt to get a certificate or you can self-sign a certificate, although modern browsers will throw up an error if you self-sign.
Edit:
For https, it shouldn't be too big of a deal to get a CA to sign you a cert. If you don't want any connections to the outside world (air-gapped or something), then you need to find a CA to sign a certificate for you (costs $$$). Https shouldn't be too big of a need for you because only people within your network could carry out an attack, and it seems like you have it locked down pretty well. The best option for you would be to self-sign and have all the browsers within the network trust your certificate. That would be free and easy to do with no need to connect to the outside world.
For DNS, adding a DNS entry to point to your internal server will not affect other machines. All it will do is tell the other computers on your network that "www.example.se" exists at 192.168.1.1 (or whatever the internal ip of your server is).
Do you have a DNS server on your network or are you communicating using IP addresses?