1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

How to setup reverse-proxy with/without SSL termination on Merlin?

Discussion in 'Asuswrt-Merlin' started by ffsb, Jul 12, 2019 at 8:25 AM.

Tags:
  1. ffsb

    ffsb New Around Here

    Joined:
    Friday
    Messages:
    1
    Good Morning,

    Are there any step-by-step instructions to setup a secure reverse proxy (1-n portal) on a merlin router?
    • (if yes where?)
    • if not, can someone who might have done this share their knowledge?
    • Is this something that could be useful for other people? (or am I the only one in this situation!)
    my specific use case (see picture):
    I do have a couple of https applications (app1 on pc1, app2 on pc2...) that I have setup on my home lan. right now I am just forwarding the traffic from the merlin to the backend by port but I need to maintain individual certs etc... Ideally I would like to have "1" secure proxy on the merlin(?nginx?caddy?) which would front-end and secure my "n" services deployed on my LAN:
    • be as secure and easy to maintain as possible :)
    • automatically maintain its own certificate (let's encrypt) against my DDNS external DNS name foodomain.com but also include SAN for my local names pc1.foodomain.com pc2.foodomain.com
      so that I can reuse the same cert for the backends which use https
    • allow clients on my LAN to hit the router proxy as well so they have a secure path to the app1 on pc1 and app2 on pc2
    • allow on plain-http service (app2 on pc2) to be visible from the internet over https only using merlin for ssl termination.
    • disallow some service (app2 on pc2) to accept connections from anywhere but the incoming merlin which does ssl termination.(I understand that needs to be setup on the app2 pc2 itself... nothing to do with merlin, and can be easily achieved by instructing the firewall on pc2 to only accept incoming connections from 192.168.0.1 on p0rt 8-, but I am just listing it here to provide a complete set of requirements)

    it would be great if at some point in time, merlin could provide an elegant turn-key solution to automate all these configs! :)
    upload_2019-7-12_8-19-39.png
     
  2. SomeWhereOverTheRainBow

    SomeWhereOverTheRainBow Regular Contributor

    Joined:
    Jun 4, 2019
    Messages:
    107
    This can be done with nginx proxy on entware. you would need to know how to configure SSL certs on nginx i can point you at some guides people have written, but otherwise the rest is up to you.
    https://hqt.ro/nginx-web-server-with-php-support-through-entware/

    https://github.com/pedrom34/TutoAsus <------------this site is not 100% with what you need but it shows how to use ssl certificates with nginx