How to access router WEB UI through nginx proxy

[Olivier L]

Hello everyone
I have a dedicated small machines in my network running a nginx reverse proxy server to access different we services (http2) such as plex, transmission, radarr, NAS asustor web ui, ...

I would like to access my asus wrt merlin AX88U router through the same proxy. But it fails.

Do you know if it is feasible ? How to configure nginx to do so ?

Thanks

 

[Dabombber]

Fails how, and what's the config you're currently trying? Is the DNS entry for the domain pointing to the nginx server? The only setting I've needed specifically needed for the WebUI through nginx is client_max_body_size so firmware upgrades could be done.

 

[Olivier L]

Nothing displayed...

 

[RMerlin]

Proxying will most likely not work properly. The httpd bases authentication on the IP address, so if one client authenticated through nginx, then anyone else will magically be authenticated as well if they also tried to access the proxy.

 

[Dabombber]

Authentication seems to be token based, logging in through a second device (or even another web browser on the same device) will cause the first one to be logged out.

 

[RMerlin]

Authentication seems to be token based, logging in through a second device (or even another web browser on the same device) will cause the first one to be logged out.

A combination of both actually: there's a token, and also the IP address of the logging client. I experimented a few years ago in using haproxy (as an attempt to improve general SSL performance of the webui - which it did), and it didn't work properly. The web server would have to be modified to handle passing the origin client info through a meta header.

 

[paulv]

A combination of both actually: there's a token, and also the IP address of the logging client. I experimented a few years ago in using haproxy (as an attempt to improve general SSL performance of the webui - which it did), and it didn't work properly. The web server would have to be modified to handle passing the origin client info through a meta header.

Hi,
Would your warning still be true today ?
I just proxied my AsusWrt Merlin through caddy without much problem.
I just had to enable tls_insecure_skip_verify on the caddy conf to allows self-signed certificate.

I didn't tested firmware upgrade, but all the UI works AFAICT: forms saves correctly, login/logout works as expected, including preventing another tab from login at the same time.
my caddy conf is :

router.mydomain.com {
    reverse_proxy https://192.168.2.1:8443 {
        transport http {
            tls_insecure_skip_verify  # Allows self-signed certificate
        }
    }
}

 

[Tadas]

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('http://domain') does not match the recipient window's origin ('https://domain'). System status empty