OPNsense Forum

English Forums => General Discussion => Topic started by: xkapr on August 19, 2022, 03:43:34 pm

Title: nginx reverse proxy, help with config
Post by: xkapr on August 19, 2022, 03:43:34 pm

Hi, it is possible to achieve this scenario with opnsense, nginx and acme plugins.

I have a router with opensense installed WAN port has a public IPv4. LAN is 192.168.1.1/24 subnet.
I have a dns record subdomain.mydomain.tld pointing to WAN addres.
I have configure acme plugin to generate certificates. Certificates are generating correctly.

Now I am messed up with nginx configuration. I have a microsoft iis web server in local lan with ip 192.168.1.100 There are some websites/services runing .

http://192.168.1.100:80/service1 
http://192.168.1.100:80/service2
http://192.168.1.100:80/service3

Now I want to connect from internet to this server using nginx reverse proxy in this way:

1. Redirect http/https trafic with domain name to service1 with use of acme certificate
http://subdomain.mydomain.tld/ or https://subdomain.mydomain.tld/ -> http://192.168.1.100:80/service1

2. Redirect http trafic to public WAN ip without domain name to service2 and service3
http://publicIPv4/service2 -> http://192.168.1.100:80/service2
http://publicIPv4/service3 -> http://192.168.1.100:80/service3
http://publicIPv4/whatever -> http://192.168.1.100:80/whatever

I was only able to partially configure it in nginx plugin:
1. configured upstream and upstream server to point 192.168.1.100

2. configured locations
Description: subdomain.mydomain.tld
Url Pattern: /service1
Match type: Case Insensitive Match ("~*")
Force HTTPs: 1
Upstream server: 192.168.1.100

Description: publicIPv4
Url Pattern: /
Match type: none
Force HTTPs: 0
Upstream server: 192.168.1.100


3. configured 2 http servers
Name: subdomain.mydomain.tld
Certificete: subdomain.mydomain.tld
Location: subdomain.mydomain.tld

Name: publicIPv4
Certificate: none
Location: publicIPv4

With this configuration http://publicIPv4/whatever working like I want.
https://subdomain.mydomain.tld/service1 working.
But how can I https://subdomain.mydomain.tld/ redirect to http://192.168.1.100:80/service1

Thanks for the advice on the correct configuration.

Title: Re: nginx reverse proxy, help with config
Post by: Fright on August 20, 2022, 10:19:42 am

Hi!
if I understand correctly that everything works except for redirecting the "fqdn" requests to IIS with a "service1" prefix, then you can try to create a "/"-pattern location with a "/service1/" Path Prefix and assign this location to "subdomain.mydomain.tld" server