Messages

Ok I am back at getting my local web server accessible via the Internet.

Presently my web server is responding locally via port 80. I am going to also set it up for secure access via port 443, but want to get it going over port 80. Is it as easy as a port forward of 80 to my Internet interface? Am I missing something?

Hi Franco,

No worries...I do not use OpenVPN yet, so I can wait for 2.5.

Thanks,
Steve

Hello all,

I just upgraded one firewall to 21.1.5. It went fine with the exception of the current OpenVPN software having a vulnerability. Do we have an updated OpenVPN topatch the vulnerability?

Thanks,
Steve

Hello all,

I am building my own Apache web server and was hoping there would be a document or posting that explains all the steps to making that web server accessible on the public Internet via port 80 and 443. I have seen bits and pieces but nothing that brings it all together.

Thanks,
Steve

Hello all,

I am testing a Velocloud SD-WAN device and this needs to be in front of my fw. If I do that will OPNsense work ok, only with the WAN port having a non-public IP?

Thanks,
Steve

Is there any way to test port access Cromer the outside, against my firewall?

Something just hit me which I would like to confirm...

I could use the nginx plugin as my http/s server, in lieu of an Apache correct? If yes would I still be able to do a Wordpress site or does that eliminate that since its leverages Apache?

@spetrillo

For websites behind nginx go to: firewall - rule - wan - add a rule:
protocol IPv4 TCP/UDP - destination <this firewall> - port 443 (https) - description < something you like>
+
protocol IPv4 TCP/UDP - destination <this firewall> - port 80 (http) - description < something you like>

that should put the traffic to your opnsense nginx

Is this good to go?

This may help: https://forum.opnsense.org/index.php?topic=19305.0

Yes I found it...one thing I am not sure about are the firewall rules needed?

Anyone got an example of the firewall rules needed for this?

Can't see anything wrong with your port forwards/rules. I assume FIOS = WAN. Maybe then the issue is that your apache server is not configured to listen on the domain/subdomain.

In answer to your second question, yes a nginx reverse proxy would work

I checked my Apache server and its setup correctly. Is there a good tutorial on how to setup the nginx plugin for reverse proxy? It looks complicated.

But really, as chocapic suggested, having nginx as the primary webserver, serving content itself and/or proxying other webservers, is a great idea.

I run nginx as a reverse proxy for about 9 backend webservers in my network (plus have nginx running its own basic frontend). My nginx webserver runs in a LXD container in my network, not on OPNsense itself, but the concept is the same.

Running it on OPNsense means you don't need any port forwards, just need to open ports 80 and 443 so that the nginx server can receive external requests and serve or proxy the relevant content on the various domains/subdomains. Also means you only have to configure SSL termination in one place.

Edit: I should add that I run nginx in a container because I am somewhat paranoid about security. If nginx ever gets compromised, the damage is limited. I don't like running extraneous services on OPNsense for that reason

Could it be as simple as the reverse proxy to my vm?

All you should need to do is port forward ports 80 and 443 from your router to the VM. If the webserver is listening on www.my-domain.com, then that should work

Post your port forward config, as there may be something wrong with it

Here are my port forwards and WAN rules.

it allows me to host several websites at home by redirecting my subdomains to my public ip. nginx takes care of analyzing the origin of the subdomain in order to redirect it to the right server.

Are you using the plugin as your defacto web server or are you just using it to point to your web server? For example I have spun up an Ubuntu vm on my home network and installed Wordpress on it. It is now a working website. What I cannot seem to figure out is how do I tie the IP of the internal vm/web server to the www name I want to use. That seems to be my missing piece. I have A records in the domain's DNS pointing www to my public IP but that does not seem to do the trick. Its like I am missing something on OPNsense that equates www.my-domain.com to the internal IP of my vm/web server.

Make sense? Clear as mud?

Use nginx and lets encrypt.
https://wiki.slemoal.fr/index.php/OPNSense_os-acme-client
And
https://wiki.slemoal.fr/index.php/OPNSense_NGINX

Are you using the Nginx plugin?