OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: frenchish on December 13, 2018, 05:05:15 pm
-
Hi All
I am trying to setup nginx as a reverse proxy on the WAN to a webserver on the LAN.
I have followed the guide here https://docs.opnsense.org/manual/how-tos/nginx.html?highlight=nginx to the letter and know I have the correct internal host configured as the Upstream server, all settings followed.
I am starting to think this requires some configuration elsewhere that I am missing.
I have also configured the WAN interface on the firewall to allow connection to "This Firewall" on the port configured under the nginx "http server" port.
Also with the configuration internally the proxy works fine, if I point my LAN side browser at the LAN IP on the firewall I get proxied to the webserver fine, only failed WAN side.
Completely stumped here, any pointer much appreciated.
-
1. Define an upstream server
2. Define an upstream (set the upstream server from (1))
3. Define a location and set the upstream from (2)
4. define an HTTP server and use the location from (3)
5. click the orange buttons with two arrows at the bottom of the view and it should work
---
I have not written the other mandatory fields but I am sure you know what to fill in.
TLS requires that you add a certificate (with key).
-
Hey Fabian
Yes have done these, but no dice.
See answers inline quoted
1. Define an upstream server
desc= int_www server=1.1.1.1 port:8080
2. Define an upstream (set the upstream server from (1))
desc=int_up Servers=int_www
3. Define a location and set the upstream from (2)
desc=int_loc url_pattern:/ upstream=int_up
4. define an HTTP server and use the location from (3)
servername=test.example.local listenhttpport=81 location=int_loc
5. click the orange buttons with two arrows at the bottom of the view and it should work
Done
---
I have not written the other mandatory fields but I am sure you know what to fill in.
TLS requires that you add a certificate (with key).
also works from inside but not on the external interface WAN
Am I right in thinking this should work externally with a rule to allow external addrs to the firewall on the http server port configured in nginx?
Thanks for the quick response.
-
Am I right in thinking this should work externally with a rule to allow external addrs to the firewall on the http server port configured in nginx?
Yes, the plugin does not configure firewall rules, so you have to do this by yourself.
You will very likely need a (quick) floating rule which allows access from everywhere
-
Fabian, thanks for the pointer.
It turns out it was a floating rule needed rather than a rule on the WAN port only.
I would like to understand floating rule more but can not find anything in the documentation, are there commands for listing the internal firewall rules and how these tie together, like iptables i suppose.
All good now :)
-
floating rules apply to multiple interfaces (you can select them or you can leave it empty for all) and the quick option defines if the rule is first (checked) or last match (unchecked). Quick rules override interface rules and not quick rules will be overridden by interface rules (if there is another for the same packet).