"
This was solved with Frights help off forums - config ended up all being ok seemed to be an issue with the NGINX config not actually being applied until after a full FW reload.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
20.7 Legacy Series / Re: Reverse Proxy - Site accessible over WAN IP
December 08, 2020, 09:00:22 PM #2
20.7 Legacy Series / Re: Reverse Proxy - Site accessible over WAN IP
December 04, 2020, 04:18:27 PM
Cool ok so what I'm taking from that reply is FW rules are fine but something wrong with the NGINX setup. Thanks for the help with this by the way, much appreciated.
Server A behind FW is running a web gui on port y, I have a the following config in NGINX:
This all works fine and shows the GUI for this application. I then have another HTTP server in NGINX as configured in the pic in previous post with server name as the WAN IP, no files in html dir.
When i navigate to the WAN IP (from a different network) the gui for the application on Server A Port y is shown.
Server A behind FW is running a web gui on port y, I have a the following config in NGINX:
- Upstream Sever - Server A, port y, priority 1
- Upstream - Contains Upstream Server from above
- Location - pattern /, match none, url rewitre none, Upstream as above
- Server - name sub.domain.com, cert setup, ports 80/443, location as above
This all works fine and shows the GUI for this application. I then have another HTTP server in NGINX as configured in the pic in previous post with server name as the WAN IP, no files in html dir.
When i navigate to the WAN IP (from a different network) the gui for the application on Server A Port y is shown.
#3
20.7 Legacy Series / Re: Reverse Proxy - Site accessible over WAN IP
December 04, 2020, 03:51:10 PM
Nope unfortunately that was first thing i tried - here are FW rules on WAN if that helps get a better idea.
#4
20.7 Legacy Series / Re: Reverse Proxy - Site accessible over WAN IP
December 04, 2020, 03:12:43 PM
Hmm ok so I have created a new HTTP server as below:
Server name is WAN IP but i can't work out where/ how to block it. I tired create a new HTTP location that goes to nowhere but that doesn't seem to do anything as the site on Server A Port y still loads.
Server name is WAN IP but i can't work out where/ how to block it. I tired create a new HTTP location that goes to nowhere but that doesn't seem to do anything as the site on Server A Port y still loads.
#5
20.7 Legacy Series / Re: Reverse Proxy - Site accessible over WAN IP
December 03, 2020, 10:11:35 PM
But this then means that the sites behind the proxy are not available. Does NGINX not need the 443 to WAN IP open to accept the traffic to the mapped locations/ upstream servers?
#6
20.7 Legacy Series / Reverse Proxy - Site accessible over WAN IP (Solved)
December 03, 2020, 09:02:10 PM
I currently have 2 sites hosted on a server behind the OPNsense FW that accessible by two sub domians through the NGINX reverse proxy:
I then have a FW rule on the WAN interface that allows port 443 to the WAN address.
The two sites are perfectly accessible and working fine. My issue is that if you browse directly to the WAN IP it shows up the site hosted on Server A Port x. How do I make it so that no site is accessible on the WAN IP.
Separately is it possible to have the NGINX part of OPNsense running off an additional WAN virtual IP i have?
- sub1.domain > Reverse Proxy > Server A (port x)
- sub2.domain > Reverse Proxy > Server A (port y)
I then have a FW rule on the WAN interface that allows port 443 to the WAN address.
The two sites are perfectly accessible and working fine. My issue is that if you browse directly to the WAN IP it shows up the site hosted on Server A Port x. How do I make it so that no site is accessible on the WAN IP.
Separately is it possible to have the NGINX part of OPNsense running off an additional WAN virtual IP i have?
Pages1
