Access to Web Server from Outside

Started by spetrillo, January 24, 2021, 02:35:31 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 24, 2021, 02:35:31 AM
Hello all,

I have an Apache web server setup on a vm on my home network. I setup two port forwards, one for HTTP and one for HTTPS. Is there anything else I need to be able to see the web server from the outside?

Thanks,
Steve
January 24, 2021, 09:50:24 AM #1
Firewall rules on WAN generally, although by default OPNsense will set up associated rules when you set up the port forwards
January 24, 2021, 09:51:50 AM #2
PS - if OPNsense is configured properly but you still can't connect, check that your ISP is not blocking 80 and 443 inbound - many do, and if so you might be able to ask them to remove the block
January 24, 2021, 06:00:08 PM #3
Yes I have the port forwards and the fw rules setup. I am going to check with my ISP.
January 25, 2021, 08:37:03 PM #4 Last Edit: January 30, 2021, 07:32:43 PM by chocapic
January 26, 2021, 08:33:52 PM #5
January 27, 2021, 07:53:02 AM #6
yes it's a great plugin :)
January 27, 2021, 07:55:44 AM #7

it allows me to host several websites at home by redirecting my subdomains to my public ip. nginx takes care of analyzing the origin of the subdomain in order to redirect it to the right server.
January 29, 2021, 04:38:24 PM #8
Quote from: chocapic on January 27, 2021, 07:55:44 AM

it allows me to host several websites at home by redirecting my subdomains to my public ip. nginx takes care of analyzing the origin of the subdomain in order to redirect it to the right server.

Are you using the plugin as your defacto web server or are you just using it to point to your web server? For example I have spun up an Ubuntu vm on my home network and installed Wordpress on it. It is now a working website. What I cannot seem to figure out is how do I tie the IP of the internal vm/web server to the www name I want to use. That seems to be my missing piece. I have A records in the domain's DNS pointing www to my public IP but that does not seem to do the trick. Its like I am missing something on OPNsense that equates www.my-domain.com to the internal IP of my vm/web server.

Make sense? Clear as mud?
January 29, 2021, 10:34:43 PM #9
All you should need to do is port forward ports 80 and 443 from your router to the VM. If the webserver is listening on www.my-domain.com, then that should work

Post your port forward config, as there may be something wrong with it
January 30, 2021, 02:49:02 AM #10 Last Edit: January 30, 2021, 03:08:32 AM by Greelan
But really, as chocapic suggested, having nginx as the primary webserver, serving content itself and/or proxying other webservers, is a great idea.

I run nginx as a reverse proxy for about 9 backend webservers in my network (plus have nginx running its own basic frontend). My nginx webserver runs in a LXD container in my network, not on OPNsense itself, but the concept is the same.

Running it on OPNsense means you don't need any port forwards, just need to open ports 80 and 443 so that the nginx server can receive external requests and serve or proxy the relevant content on the various domains/subdomains. Also means you only have to configure SSL termination in one place.

Edit: I should add that I run nginx in a container because I am somewhat paranoid about security. If nginx ever gets compromised, the damage is limited. I don't like running extraneous services on OPNsense for that reason
January 30, 2021, 04:18:01 AM #11
Quote from: Greelan on January 29, 2021, 10:34:43 PM
All you should need to do is port forward ports 80 and 443 from your router to the VM. If the webserver is listening on www.my-domain.com, then that should work

Post your port forward config, as there may be something wrong with it

Here are my port forwards and WAN rules.
January 30, 2021, 04:18:41 AM #12
Quote from: Greelan on January 30, 2021, 02:49:02 AM
But really, as chocapic suggested, having nginx as the primary webserver, serving content itself and/or proxying other webservers, is a great idea.

I run nginx as a reverse proxy for about 9 backend webservers in my network (plus have nginx running its own basic frontend). My nginx webserver runs in a LXD container in my network, not on OPNsense itself, but the concept is the same.

Running it on OPNsense means you don't need any port forwards, just need to open ports 80 and 443 so that the nginx server can receive external requests and serve or proxy the relevant content on the various domains/subdomains. Also means you only have to configure SSL termination in one place.

Edit: I should add that I run nginx in a container because I am somewhat paranoid about security. If nginx ever gets compromised, the damage is limited. I don't like running extraneous services on OPNsense for that reason

Could it be as simple as the reverse proxy to my vm?
January 30, 2021, 05:11:31 AM #13
Can't see anything wrong with your port forwards/rules. I assume FIOS = WAN. Maybe then the issue is that your apache server is not configured to listen on the domain/subdomain.

In answer to your second question, yes a nginx reverse proxy would work
January 30, 2021, 07:01:13 AM #14
Quote from: Greelan on January 30, 2021, 05:11:31 AM
Can't see anything wrong with your port forwards/rules. I assume FIOS = WAN. Maybe then the issue is that your apache server is not configured to listen on the domain/subdomain.

In answer to your second question, yes a nginx reverse proxy would work

I checked my Apache server and its setup correctly. Is there a good tutorial on how to setup the nginx plugin for reverse proxy? It looks complicated.
Print
Go Up Pages1 2
User actions