Reverse proxy not working properly on opnsense.

Started by mkono87, January 19, 2021, 06:46:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 19, 2021, 06:46:08 AM Last Edit: January 19, 2021, 06:48:46 AM by mkono87
So I have been using pfsense for a few years now but decided to try out opnsense. I was able to import a few settings from pfsense (dhcp, rules, Nat and ddns). Everythibg seemed fine but then realized that my hosted services behind my let's encrypt container (swag) on unraid is working as intended. The invalid error is showing as if opnsense is providing the cert

The let's encrypt container is on 81 and 444 which port forwarding is setup in nat 80-81 ect, exactly the same as it was on pfsense. I also have ddns running properly pulling in my ip. I don't remeber having to add any certs or whatever to the firewall itself.

Does anyone have an idea what I could be missing? I ran opnsense on the nano usb so I just booted pfsense back up and left it for the night. But it's working as it should.

Sent from my Mi 9T using Tapatalk
January 19, 2021, 08:53:12 AM #1
Not quite sure what error or problem you are seeing. I am running OPNsense behind an nginx reverse proxy (with LE cert) just fine
January 19, 2021, 03:14:16 PM #2
Well that's great, so did I on pfsense and I know it shouldn't be a problem. When I check the invalid cert information in chrome it seems as if I trying to use a cert from opnsense rather than push to the lets encrypt container. You can see in the attached picture the Org in incorrect. Right now, while running opnsense, my domain points to the router gui.
January 20, 2021, 01:01:37 AM #3
What you are seeing is the self-signed cert on OPNsense, so the connection is direct to the OPNsense webserver rather than through your reverse proxy

Either your port forwards are misconfigured or this is a NAT reflection issue. You can test the latter by trying to connect from outside your LAN - if you can connect to the reverse proxy from outside but not from within your LAN, there is a NAT reflection issue (either it is not enabled or the port forwards are not configured properly to work with it)
January 20, 2021, 11:18:16 PM #4
Is NAT reflection not enabled by default? I didn't bother to check that so I will when I get a change to fire it up again.
March 21, 2021, 08:53:58 PM #5
Hi, did you manage to get this sorted? I have the exact same problem?
March 21, 2021, 09:12:39 PM #6
Quote from: mattbridges on March 21, 2021, 08:53:58 PM
Hi, did you manage to get this sorted? I have the exact same problem?
It Was due to nat reflection not being enabled by default.

Sent from my Mi 9T using Tapatalk

Print
Go Up Pages1
User actions