Author Topic: Web Server Question (Read 1812 times)

spetrillo · « **on:** May 25, 2021, 02:14:12 am »

Ok I am back at getting my local web server accessible via the Internet.

Presently my web server is responding locally via port 80. I am going to also set it up for secure access via port 443, but want to get it going over port 80. Is it as easy as a port forward of 80 to my Internet interface? Am I missing something?

fabian · « **Reply #1 on:** May 25, 2021, 09:10:37 pm »

It is better to have the nginx or haproxy plugin inbetween. They can also handle the Let's Encrypt ACME challenge for you so you don't need to do anything for that in the backend if you also install the ACME plugin.
In that case, you can also go via HTTP over TCP/80 to your backend, if the request is done via HTTPS. In that case NAT is wrong, you will need a simple Pass rule on the WAN interface to your local reverse proxy (pass TCP/80 and pass TCP+UDP/443 both with the target IP "WAN Interface"). In that case, you also have to move your web interface to a different port.

Documentation and tutorials can be found here: https://docs.opnsense.org/plugins.html#web

---

But yes, you can port forward TCP/80 and TCP+UDP/443 to your webserver if you like, then you have to manage everything there, including protocol security, firewall and TLS.

spetrillo · « **Reply #2 on:** May 26, 2021, 04:44:38 am »

Quote from: fabian on May 25, 2021, 09:10:37 pm

It is better to have the nginx or haproxy plugin inbetween. They can also handle the Let's Encrypt ACME challenge for you so you don't need to do anything for that in the backend if you also install the ACME plugin.
In that case, you can also go via HTTP over TCP/80 to your backend, if the request is done via HTTPS. In that case NAT is wrong, you will need a simple Pass rule on the WAN interface to your local reverse proxy (pass TCP/80 and pass TCP+UDP/443 both with the target IP "WAN Interface"). In that case, you also have to move your web interface to a different port.

Documentation and tutorials can be found here: https://docs.opnsense.org/plugins.html#web

---

But yes, you can port forward TCP/80 and TCP+UDP/443 to your webserver if you like, then you have to manage everything there, including protocol security, firewall and TLS.

Can I use nginx with my Apache server or do I remove Apache on my web server?

Greelan · « **Reply #3 on:** May 26, 2021, 12:51:04 pm »

Use nginx as a reverse proxy to your Apache server. Nginx will receive client queries and then proxy them to the backend Apache server. All the https work is done on the frontend nginx server

spetrillo · « **Reply #4 on:** May 26, 2021, 03:44:08 pm »

Quote from: Greelan on May 26, 2021, 12:51:04 pm

Use nginx as a reverse proxy to your Apache server. Nginx will receive client queries and then proxy them to the backend Apache server. All the https work is done on the frontend nginx server

Ok good deal. Does anyone know if I can use Cloudflare cert with the nginx plugin?

fabian · « **Reply #5 on:** May 27, 2021, 11:54:50 pm »

It allows you to use any working certificate + key you define under Trust - > Certificates.

If you have them, just upload them there and they will be available in the nginx plugin (and any other plugin as well)

Author Topic: Web Server Question (Read 1812 times)

spetrillo

Web Server Question

fabian

Re: Web Server Question

spetrillo

Re: Web Server Question

Greelan

Re: Web Server Question

spetrillo

Re: Web Server Question

fabian

Re: Web Server Question