Menu
What's new
By:
Filters Better Search

How to setup reverse-proxy with/without SSL termination on Merlin?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ffsb

ffsb

New Around Here
Good Morning,

Are there any step-by-step instructions to setup a secure reverse proxy (1-n portal) on a merlin router?
  • (if yes where?)
  • if not, can someone who might have done this share their knowledge?
  • Is this something that could be useful for other people? (or am I the only one in this situation!)
my specific use case (see picture):
I do have a couple of https applications (app1 on pc1, app2 on pc2...) that I have setup on my home lan. right now I am just forwarding the traffic from the merlin to the backend by port but I need to maintain individual certs etc... Ideally I would like to have "1" secure proxy on the merlin(?nginx?caddy?) which would front-end and secure my "n" services deployed on my LAN:
  • be as secure and easy to maintain as possible :)
  • automatically maintain its own certificate (let's encrypt) against my DDNS external DNS name foodomain.com but also include SAN for my local names pc1.foodomain.com pc2.foodomain.com
    so that I can reuse the same cert for the backends which use https
  • allow clients on my LAN to hit the router proxy as well so they have a secure path to the app1 on pc1 and app2 on pc2
  • allow on plain-http service (app2 on pc2) to be visible from the internet over https only using merlin for ssl termination.
  • disallow some service (app2 on pc2) to accept connections from anywhere but the incoming merlin which does ssl termination.(I understand that needs to be setup on the app2 pc2 itself... nothing to do with merlin, and can be easily achieved by instructing the firewall on pc2 to only accept incoming connections from 192.168.0.1 on p0rt 8-, but I am just listing it here to provide a complete set of requirements)

it would be great if at some point in time, merlin could provide an elegant turn-key solution to automate all these configs! :)
upload_2019-7-12_8-19-39.png
 
ffsb said:
Good Morning,

Are there any step-by-step instructions to setup a secure reverse proxy (1-n portal) on a merlin router?
  • (if yes where?)
  • if not, can someone who might have done this share their knowledge?
  • Is this something that could be useful for other people? (or am I the only one in this situation!)
my specific use case (see picture):
I do have a couple of https applications (app1 on pc1, app2 on pc2...) that I have setup on my home lan. right now I am just forwarding the traffic from the merlin to the backend by port but I need to maintain individual certs etc... Ideally I would like to have "1" secure proxy on the merlin(?nginx?caddy?) which would front-end and secure my "n" services deployed on my LAN:
  • be as secure and easy to maintain as possible :)
  • automatically maintain its own certificate (let's encrypt) against my DDNS external DNS name foodomain.com but also include SAN for my local names pc1.foodomain.com pc2.foodomain.com
    so that I can reuse the same cert for the backends which use https
  • allow clients on my LAN to hit the router proxy as well so they have a secure path to the app1 on pc1 and app2 on pc2
  • allow on plain-http service (app2 on pc2) to be visible from the internet over https only using merlin for ssl termination.
  • disallow some service (app2 on pc2) to accept connections from anywhere but the incoming merlin which does ssl termination.(I understand that needs to be setup on the app2 pc2 itself... nothing to do with merlin, and can be easily achieved by instructing the firewall on pc2 to only accept incoming connections from 192.168.0.1 on p0rt 8-, but I am just listing it here to provide a complete set of requirements)

it would be great if at some point in time, merlin could provide an elegant turn-key solution to automate all these configs! :)
View attachment 18617
Click to expand...
This can be done with nginx proxy on entware. you would need to know how to configure SSL certs on nginx i can point you at some guides people have written, but otherwise the rest is up to you.
https://hqt.ro/nginx-web-server-with-php-support-through-entware/

https://github.com/pedrom34/TutoAsus <------------this site is not 100% with what you need but it shows how to use ssl certificates with nginx
 
You must log in or register to reply here.

Similar threads

Q
Problems unbound reverse proxy
Replies
2
Views
365
ColinTaylor
C
A
Primary router shows QIS_wizard page after IP conflict with secondary router in default mode
Replies
2
Views
413
Aziron5
A
D
Entware Voxel FW reverse proxy help
Replies
2
Views
477
Duke_
D
S
Tutorial Installing Caddy reverse proxy
Replies
3
Views
1K
hexcallm
hexcallm
T
How to add SSL cert?
Replies
0
Views
457
trevor68
T
Similar threads
Thread starter Title Forum Replies Date
JA93 Easiest setup for remote log server Asuswrt-Merlin 0
D RT-AC86U no Quick Internet Setup wizard and fails as AI-Mesh node Asuswrt-Merlin 9
Nas.CloudBusinessPortal Dual Wan setup with hotspot Asuswrt-Merlin 4
B How to setup IPV6 static route for Docker IPVLAN Asuswrt-Merlin 0
J Best setup for a wifi extender Asuswrt-Merlin 19
STRUZZIN Mesh Settings For AX58U Setup Asuswrt-Merlin 35
Preskitt.man setup ac68U as bridge to eero network for vpn support Asuswrt-Merlin 18
S Anyone have a rote basic setup guide for a AX86U? Asuswrt-Merlin 17
Nas.CloudBusinessPortal Fallback roter hardware setup Asuswrt-Merlin 4
G VPN client setup - VPN Director option not listed for redirect internet traffic Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 892 (members: 16, guests: 876)
Top