Offloading ssl/tls for https (the router handling the https, routing http through)

[JCompagner]

The router does get now lets crypt certificats so i guess by ddns domain xxxx.asuscomm.com has a nice valid certificate that i can use

But what like todo is forward the traffict that comes on https:/xxxxx.asuscomm.com to my local raspberry which does handle pure http on a specific port

So a virtual portmapping from 443 to internalip:8321 but that the router handles the https ...

Is that possible somehow?

 

[Jeffrey Young]

Is it a web site traffic you are trying to forward? I have installed nginx on the router and set it up as a SSL Reverse proxy. I am sure you can use other entware proxy solutions as well.

 

[JCompagner]

kind off.. ik like that redirect Home Assistant setup that is running locally on something like http://192.168.1.158:8123/

So for this to work we really need to install more stuff (the whole lets crypt is already there...)

 

[Jeffrey Young]

Maybe, I am not 100% clear of what you want to do.

 

[JCompagner]

just offloading https on the router (so the router handles all incoming https with the letscrypt certificate it already has)

Then it relays the httpS traffic through as http to my Pie

so the pie doesn't see it as https but just plain http
because the router handled that traffic

 

[Jeffrey Young]

OK, so then a reverse proxy that supports SSL is what you want. I've done that on the router before using NGINX, but there are plenty of options in entware.

 

[glens]

Are you saying you want the Pi to be a man-in-the-middle for ALL your in/out 443 traffic or that you want to downgrade only for specific traffic TO the Pi from outside?

 

[Yota]

Enable HTTPS for the Raspberry Pi and install your SSL certificate to the Raspberry Pi. If you are using Asus DDNS then the certificate and private key will be found in the jffs.

Then perform port forwarding on the router and everything will work.

Don't use a reverse proxy, it just adds unnecessary overhead. lets the router be a router.