1
Tutorials and FAQs / Reverse proxy setup and firewall rules (HAproxy or nginx)
« on: March 27, 2020, 04:40:42 pm »
Hi,
My first post so please be patient with me.
Background;
I've been using OPNsense for a few months at home and have found it feature rich and fits my needs perfectly. The existing setup is running OPNsense 20.1.2-amd64. I've configured an OpenVPN server on it so I can access my network remotely and securely. I've followed the tutorial to set up a NIC on a separate subdomain for a guest network that routes only to the internet and not to my LAN. Setup port forwarding but now removed this in preparation for reverse proxy.
What I'm trying to do now;
Previously I port forward to my servers but now I'd like to run reverse proxy as I'm trying to run more than two servers and think this would be the more appropriate route to take.
I'd like to set this up;
WAN IP: 12.3.45.67 (static)
DNS:
test1.example.com --> 12.3.45.67
test2.example.com --> 12.3.45.67
test3.example.com --> 12.3.45.67
test4.example.com --> 12.3.45.67
test5.example.com --> 12.3.45.67
test6.example.com --> 12.3.45.67
OPNsense: (setup to use 192.168.100.254:8008 on LAN) (single wan interface 12.3.45.67)
test1.example.com --> 192.168.100.11:443
test2.example.com --> 192.168.100.12:80
test3.example.com --> 192.168.100.13:80
test4.example.com --> 192.168.100.14:21
test5.example.com --> 192.168.100.15:80
test6.example.com --> 192.168.100.16:443
I've followed;
https://wiki.opnsense.org/manual/how-tos/haproxy.html
checked;
https://forum.opnsense.org/index.php?topic=15181
https://forum.opnsense.org/index.php?topic=16253
Questions;
Should I be using nginx or HAProxy? (I don't wish to offload the SSL.)
Is there a step that I'm missing? Is there an idiots guide available?
Overview (Is this correct?);
Login to provider and set DNS records.
Install plugin nginx or HA proxy
Configure reverse proxy (I see this varies on which I use I've so far unsuccessfully had a go with HAproxy)
Configure firewall to point to reverse proxy (is this This Firewall or do I specify the LAN IP of the firewall?)
All should work.
I'm going to keep trying with this and will post more up as I progress any help or pointers would be appreciated.
Thanks
My first post so please be patient with me.
Background;
I've been using OPNsense for a few months at home and have found it feature rich and fits my needs perfectly. The existing setup is running OPNsense 20.1.2-amd64. I've configured an OpenVPN server on it so I can access my network remotely and securely. I've followed the tutorial to set up a NIC on a separate subdomain for a guest network that routes only to the internet and not to my LAN. Setup port forwarding but now removed this in preparation for reverse proxy.
What I'm trying to do now;
Previously I port forward to my servers but now I'd like to run reverse proxy as I'm trying to run more than two servers and think this would be the more appropriate route to take.
I'd like to set this up;
WAN IP: 12.3.45.67 (static)
DNS:
test1.example.com --> 12.3.45.67
test2.example.com --> 12.3.45.67
test3.example.com --> 12.3.45.67
test4.example.com --> 12.3.45.67
test5.example.com --> 12.3.45.67
test6.example.com --> 12.3.45.67
OPNsense: (setup to use 192.168.100.254:8008 on LAN) (single wan interface 12.3.45.67)
test1.example.com --> 192.168.100.11:443
test2.example.com --> 192.168.100.12:80
test3.example.com --> 192.168.100.13:80
test4.example.com --> 192.168.100.14:21
test5.example.com --> 192.168.100.15:80
test6.example.com --> 192.168.100.16:443
I've followed;
https://wiki.opnsense.org/manual/how-tos/haproxy.html
checked;
https://forum.opnsense.org/index.php?topic=15181
https://forum.opnsense.org/index.php?topic=16253
Questions;
Should I be using nginx or HAProxy? (I don't wish to offload the SSL.)
Is there a step that I'm missing? Is there an idiots guide available?
Overview (Is this correct?);
Login to provider and set DNS records.
Install plugin nginx or HA proxy
Configure reverse proxy (I see this varies on which I use I've so far unsuccessfully had a go with HAproxy)
Configure firewall to point to reverse proxy (is this This Firewall or do I specify the LAN IP of the firewall?)
All should work.
I'm going to keep trying with this and will post more up as I progress any help or pointers would be appreciated.
Thanks