Entware Voxel FW reverse proxy help

[Duke_]

Hi

I have been trying to setup a reverse proxy, so I can have handle multiple domains on the same IP, with each their own server, but having an issue.
My router is Netgear XS4 R7800 with latest Voxel firmware V1.0.2.105SF installed. Big thanks to @Voxel for his great work.
Entware was setup and NGINX installed. All good!
Default file /opt/etc/nginx/nginx.conf was kept, except user was changed to root (user root;) from user nobody:nogroup, which NGINX was complaining about.
A test configuration was made in /opt/etc/nginx/sites-enabled/ for just port 80, like this:

server {
        listen 80;

        server_name www.domain1.com;
        location / {
                proxy_pass http://192.168.0.100:80;
        }
}

Port added to firewall with (/etc/netwall.conf was also tried):
iptables -I INPUT -p tcp --dport 80 -j ACCEPT

The routers own webinterface I moved to another port, by changing /www/cgi-bin/uhttpd.sh (XX and YY):
$UHTTPD_BIN -h /www -r ${REALM} -x /cgi-bin -t 40 -p 0.0.0.0:XX -C /etc/uhttpd.crt -K /etc/uhttpd.key -s 0.0.0.0:YY

Ports were also edited in: /etc/config/uhttpd

Webinterface works fine on the new port address, but it does not work when using the www.domain1.com. Router IP from LAN ,it is fine.

If I change file in /opt/etc/nginx/sites-enabled/ to use ie. port 81, it works fine from the outside via www.domain1.com:81 and of course LAN.
It seems something blocks the incoming port 80.

Any help would be greatly appreciated.

 

[Voxel]

Hi

I have been trying to setup a reverse proxy, so I can have handle multiple domains on the same IP, with each their own server, but having an issue.
My router is Netgear XS4 R7800 with latest Voxel firmware V1.0.2.105SF installed. Big thanks to @Voxel for his great work.
Entware was setup and NGINX installed. All good!
Default file /opt/etc/nginx/nginx.conf was kept, except user was changed to root (user root;) from user nobody:nogroup, which NGINX was complaining about.
A test configuration was made in /opt/etc/nginx/sites-enabled/ for just port 80, like this:

server {
        listen 80;

        server_name www.domain1.com;
        location / {
                proxy_pass http://192.168.0.100:80;
        }
}

Port added to firewall with (/etc/netwall.conf was also tried):
iptables -I INPUT -p tcp --dport 80 -j ACCEPT

The routers own webinterface I moved to another port, by changing /www/cgi-bin/uhttpd.sh (XX and YY):
$UHTTPD_BIN -h /www -r ${REALM} -x /cgi-bin -t 40 -p 0.0.0.0:XX -C /etc/uhttpd.crt -K /etc/uhttpd.key -s 0.0.0.0:YY

Ports were also edited in: /etc/config/uhttpd

Webinterface works fine on the new port address, but it does not work when using the www.domain1.com. Router IP from LAN ,it is fine.

If I change file in /opt/etc/nginx/sites-enabled/ to use ie. port 81, it works fine from the outside via www.domain1.com:81 and of course LAN.
It seems something blocks the incoming port 80.

Any help would be greatly appreciated.

Very interesting. If I'm not mistaken, I did something similar with nginx on R7800, and I used "Port Forwarding / Port Triggering". There you can use some trick: forward port 80 to some IP (like 192.168.1.123) and then replace that in nvram with 192.168.1.1 (router IP). If I'm not mistaken, it worked.

Something like:

nvram show | grep forwarding
forwarding1=HTTP↔to↔R7800 TCP 80 80 80 80 192.168.1.123 0 1

nvram set forwarding1="HTTP↔to↔R7800 TCP 80 80 80 80 192.168.1.1 0 1"
nvram commit

Forwarding to 192.168.1.1 from WebGUI is not allowd so (192.168.1.123 --> 192.168.1.1)

Good luck,
Voxel.

 

[Duke_]

Very interesting. If I'm not mistaken, I did something similar with nginx on R7800, and I used "Port Forwarding / Port Triggering". There you can use some trick: forward port 80 to some IP (like 192.168.1.123) and then replace that in nvram with 192.168.1.1 (router IP). If I'm not mistaken, it worked.

Something like:

nvram show | grep forwarding
forwarding1=HTTP↔to↔R7800 TCP 80 80 80 80 192.168.1.123 0 1

nvram set forwarding1="HTTP↔to↔R7800 TCP 80 80 80 80 192.168.1.1 0 1"
nvram commit

Forwarding to 192.168.1.1 from WebGUI is not allowd so (192.168.1.123 --> 192.168.1.1)

Good luck,
Voxel.

Thank you so much, that did the trick:

nvram set forwarding10="HTTP TCP 80 80 80 80 192.168.1.1 0 1"
nvram commit

Then a reboot was needed and voila port was opened.

iptables -L -n | grep :80

ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:80

All working fine now. Excellent.

Thanks again @Voxel !