Ok I am back at getting my local web server accessible via the Internet.
Presently my web server is responding locally via port 80. I am going to also set it up for secure access via port 443, but want to get it going over port 80. Is it as easy as a port forward of 80 to my Internet interface? Am I missing something?
It is better to have the nginx or haproxy plugin inbetween. They can also handle the Let's Encrypt ACME challenge for you so you don't need to do anything for that in the backend if you also install the ACME plugin.
In that case, you can also go via HTTP over TCP/80 to your backend, if the request is done via HTTPS. In that case NAT is wrong, you will need a simple Pass rule on the WAN interface to your local reverse proxy (pass TCP/80 and pass TCP+UDP/443 both with the target IP "WAN Interface"). In that case, you also have to move your web interface to a different port.
Documentation and tutorials can be found here: https://docs.opnsense.org/plugins.html#web (https://docs.opnsense.org/plugins.html#web)
---
But yes, you can port forward TCP/80 and TCP+UDP/443 to your webserver if you like, then you have to manage everything there, including protocol security, firewall and TLS.
Quote from: fabian on May 25, 2021, 09:10:37 PM
It is better to have the nginx or haproxy plugin inbetween. They can also handle the Let's Encrypt ACME challenge for you so you don't need to do anything for that in the backend if you also install the ACME plugin.
In that case, you can also go via HTTP over TCP/80 to your backend, if the request is done via HTTPS. In that case NAT is wrong, you will need a simple Pass rule on the WAN interface to your local reverse proxy (pass TCP/80 and pass TCP+UDP/443 both with the target IP "WAN Interface"). In that case, you also have to move your web interface to a different port.
Documentation and tutorials can be found here: https://docs.opnsense.org/plugins.html#web (https://docs.opnsense.org/plugins.html#web)
---
But yes, you can port forward TCP/80 and TCP+UDP/443 to your webserver if you like, then you have to manage everything there, including protocol security, firewall and TLS.
Can I use nginx with my Apache server or do I remove Apache on my web server?
Use nginx as a reverse proxy to your Apache server. Nginx will receive client queries and then proxy them to the backend Apache server. All the https work is done on the frontend nginx server
Quote from: Greelan on May 26, 2021, 12:51:04 PM
Use nginx as a reverse proxy to your Apache server. Nginx will receive client queries and then proxy them to the backend Apache server. All the https work is done on the frontend nginx server
Ok good deal. Does anyone know if I can use Cloudflare cert with the nginx plugin?
It allows you to use any working certificate + key you define under Trust - > Certificates.
If you have them, just upload them there and they will be available in the nginx plugin (and any other plugin as well)