OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: mvdheijkant on April 21, 2022, 08:01:55 pm
-
I'm using Nginx with reversy proxy instead of NAT.
What will the "Original URL Pattern (Regex)" and "New URL Pattern" be if I want to access a website externally with url "https://my.externaldomain.eu" going to an internal server that can be accessed by "https://externaldomain.localdomain.local".
-
You don't need any. Just use the new hostname in the http server and the internal one in the upstream server.
-
Yes, it sounds very strait forward. But than I think there's some other problem. let me explain a little bit further.
"https://my.externaldomain.eu" has a let's encrypt certificate on opnsense and "https://externaldomain.localdomain.local" is running with a self signed certificate.
First thing I tried and which worked was to create an internal website accessible from the lan also with "https://my.externaldomain.eu". The internal certificate was a random selfsigned certificate. With the necessary configuration on Nginx I was able to access the website from an external source.
I copied the configuration and changed the upstream server with "https://externaldomain.localdomain.local".
And at that point i'm kind of lost what to change to make it work.
-
Does it actually make sense to use TLS between the upstream server and nginx?
If no, go via HTTP. If yes, use a certificate, OPNsense is trusting or disable certificate validation (advanced option; easy but not recommend) in the upstream.
-
I saw the same kind of question on https://forum.opnsense.org/index.php?topic=15343.0.
but there was no answer given on scenario's:
https://sited.com proxies in to https://192.168.xxx.bbb:443
https://sitee.com proxies in to https://192.168.xxx.ccc:443
They where supposed to work the same, have the same configuration, as the previous examples. Are they?
I'm looking for those configurations.