Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
NGINX Reverse Proxy from behind OPNSense Not Working
« previous
next »
Print
Pages: [
1
]
Author
Topic: NGINX Reverse Proxy from behind OPNSense Not Working (Read 11478 times)
dudeman21
Newbie
Posts: 10
Karma: 0
NGINX Reverse Proxy from behind OPNSense Not Working
«
on:
June 03, 2018, 06:59:37 pm »
Hello all,
I've been searching various forums for a while now and I can't find the answer to what I'm doing wrong.
What I want to do: access services that I run on my unraid server behind opnsense such as nextcloud using a public IP address over HTTPS, ex: nextcloud.example.com. The issue seems to be opnsense sending the requests to the WEB GUI instead of the NGINX server. I'm running the NGINX in an UNRaid docker on port 81 (HTTP) and 443(HTTPS) to avoid conflicts with the unraid web gui. I want to be able to type
https://nextcloud.example.com
and have it automatically redirect from 443 to port 444 on my local NGINX IP address.
On my DNS account at namecheap for example.com, I have:
Type
Host
Value
A+DDNS
@
WAN IP (108.x.x.x)
CNAME
nextcloud
example.com.
using nslookup, example.com and nextcloud.example.com correctly resolve to my WAN IP.
On OPNSense I have the following NAT->port forward settings:
when I type example.com from within the network, I get to the opnsense web gui and it gives an error "Potential DNS rebind attack". When I go to example.com from outside (on my phone's data), I get connection time out.
as a test, I changed to web gui to use port 445 as HTTPS, and if I go to example.com from within my network, it redirects to example.com:445, indicating the web gui is capturing the request. From outside, I just get connection timeout.
On my unraid Let'd Encrypt-NGINX docker, I get: "Timeout during connect (likely firewall problem)" on all the domains and subdomains it tries.
I'm pretty sure the issue is the firewall not sending the requests from WAN to the NGINX but I don't know what the issue is. opnsense is pretty much a fresh install, those two port forward rules are the only thing I've added and it automatically added the NAT firewall rules on WAN. The only rules on LAN are the default rules.
Thanks for the help!
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: NGINX Reverse Proxy from behind OPNSense Not Working
«
Reply #1 on:
June 04, 2018, 09:28:48 am »
Destination needs to be the WAN IP.... Here's one from mine using aliases, but the alias is the WAN IP.
«
Last Edit: June 04, 2018, 09:33:30 am by marjohn56
»
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
dudeman21
Newbie
Posts: 10
Karma: 0
Re: NGINX Reverse Proxy from behind OPNSense Not Working
«
Reply #2 on:
June 05, 2018, 07:27:05 am »
I tried changing the rules, Let's Encrypt still can't access the NGINX server. Says likely firewall blocking.
I want port 80 coming in from the wan to forward to port 81 on 192.168.1.31.
Same for HTTPS, WAN:443->192.168.1.31:444
I must be missing something incredibly simple, I just can't figure it out. Thanks!
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: NGINX Reverse Proxy from behind OPNSense Not Working
«
Reply #3 on:
June 05, 2018, 09:53:32 am »
And I assume the associated firewall rules are there?
If they are, can you enable the logging, if not already on, and see what the logs say?
Just remembered, I use 1:1 NAT as I have multiple WAN IPs, I'll run up a test....
«
Last Edit: June 05, 2018, 09:55:10 am by marjohn56
»
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
dudeman21
Newbie
Posts: 10
Karma: 0
Re: NGINX Reverse Proxy from behind OPNSense Not Working
«
Reply #4 on:
June 14, 2018, 08:12:15 pm »
sorry for the long delay for my reply, I really appreciate your help. It turns out it was my ISP blocking everything on port 80 and 443. For anyone else reading this in the future: google to see if your ISP is blocking ports. If they are you have to use something else like 444....BUT I was using cloudflare DNS which by default doesn't allow HTTPS over a non standard port (
https://support.cloudflare.com/hc/en-us/articles/200169156-Which-ports-will-Cloudflare-work-with-
). You can easily fix this by using a port mentioned in that article like 8443 or shut off their proxying by clicking the yellow cloud in your DNS settings.
Note, I did have the incorrect NAT settings in OPNsense to begin with so thanks for helping me fix that. After that it was mostly a DNS issue, like it always is
Also for future readers, the live filter view on the firewall logs is much more useful if you use Boolean operators like | for OR. So if you want to see multiple IPs, do something like:
192.168.1.2|192.168.1.10|250.555.555.555, etc...
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: NGINX Reverse Proxy from behind OPNSense Not Working
«
Reply #5 on:
June 14, 2018, 09:58:02 pm »
Glad you got it sorted, also glad I have a decent ISP!
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
NGINX Reverse Proxy from behind OPNSense Not Working