Questions about Forwarding Frame Settings relative to LetsEncrypt

I don’t want to get too specific here hoping that the answers are helpful to people reading this in the future, but if I don’t make an example it’s too hard to respond.

Let’s say hypothetically (meaning I’m doing it now and will do it more in the future):

  • A person has multiple servers inside the building all with reserved Internal-IP’s in the router, and one of them is the DMZ server listening to the only External IP address connected to the building.
  • The other server (s) have a variety of tasks, like one is just spinning the MySQL server for the sites that didn’t upgrade correctly to MariaDB, but other future servers may be serving BigBlueButton, or other things that require NginX, or just dividing workload like spinning the Collabora service to Nextcloud served files, and so on.

Can a shell-type site using the Frame Forwarding features on the DMZ server managed with Virtualmin:

  • Get a set of SSL keys from Let’s Encrypt?
  • Grant external access to the other systems inside the building?
  • Serve all that access through the encrypted channel based on the keys assigned to the shell-site?

Assuming all three questions are answered with YES, I intuitively assume that if a server was located outside the building, all the traffic from the client to the DMZ would be encrypted, but all the forwarded traffic between the external server to the DMZ and back would probably be in the clear depending on the way that external server was set up.

Also, what kind of clever <head> section content is valuable to achieve the desired results of encrypted content?

Bueller, Bueller, Bueller?

Nothing? :cricket: :cricket: :cricket: Not even a R.T.F.M. link from anybody?