I feel like I should have gotten this to work by now but I am misunderstanding a setting and cant seem to get nginx to work properly.
I have a server hosting two webpages behind opnsense. They are www.mydomain.com/one and www.mydomain.com/two.
The server accepts incoming connections on 443. My current working opnsense configuration to access these webpages from external IPs is to forward all 443 connections going to WAN-IP to MyServer-IP. This works but there is a quite large volume of port sniffing and random access attempts when I do this.
I would like nginx to filter for and forward only requests for www.mydomain.net/(one or two) to MyServer-IP/(one or two). A fairly standard use case for nginx, that I somehow cant get working right. I have ssl certs stored on MyServer for the domain, so in my current setup where I forward all requests on 443, MyServer will do the filtering for any request to www.mydomain.com/(one or two) and serve the correct ssl cert.
I believe the system I am looking for is transparent reverse proxy, where all nginx does is look for a request using my domain name and forwards it without modifying data or serving certs.
These are my current rules to port forward all 443 to MyServer
Firewall > NAT > Port Forward: Interface WAN, IPv4, Protocol TCP/UDP, Destination WAN net, Destination Port Range HTTPS, Redirect target IP MyServer, Redirect Target Port HTTPS
i also have one for internal subnets to reach this server using the domain name
Firewall > NAT > Port Forward: Interface subnet1 subnet2 subnet3, IPv4, Protocol TCP/UDP, Destination WAN net, Destination Port Range HTTPS, Redirect target IP MyServer, Redirect Target Port HTTPS
and then in Firewall: Rules: WAN there is an autogenerated rule for IPv4 TCP/UDP, source/port any, destination MyServer(alias), port 443
The Nginx configuration I have tried is this, based on most write ups I have found
Upstream Server
Description: MyServer
Server: (MyServer IP)
Port: 80
Priority 1
Max Conns: 1000
Max Fails: 10
Fail Timeout: 60
Upstream
Description: MyServer Backend
Server Entries: MyServer
LoadBalancing: WRR
Enable TLS: False
Location
Description: MyServer Root
URL Pattern: /
match type: none
url rewriting: nothing selected
HTTP Server
HTTP Listen 80
HTTP Listen 443
Server Name: www.mydomain.com
Locations: MyDomain Root
URL Rewriting: nothing selected
Firewall: WAN: Rules
Protocol IPv4, TCP/UDP, source/port *, Destination WAN Address 443(and same rule with 80), Gateway/schedule *
Whenever I try and connect I get a "Cannot Complete Request" error. Nginx logs show a connection attempt by my device in http access logs with a status 404 error. I am a little confused here because it seems like I made pretty much the same forwarding rules as I did with NAT forwarding with nginx rules. But for whatever reason these requests aren't getting forwarded the same way. Hopefully it is something simple enough that someone who knows more about this can point me in the right direction.
Thanks,
QuoteLocation
Description: MyServer Root
URL Pattern: /
match type: none
url rewriting: nothing selected
forgot to specify Upstream for Location?
but (as always). this will work with tls termination. if you need it "without serving certs" (why?) then it will be a "tls passthrough" and it may work with streams only afaik