Omada Controller 3.1.4 nginx reverse proxy
Omada Controller 3.1.4 nginx reverse proxy
Is it possible to use omada controller 3.1.4 behind name base nginx reverse proxy to another port?
I am using name bese nginx config to port 33333:
location / {
# Send traffic to the backend
proxy_pass https://192.166.200.222:8043;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
proxy_redirect https:// https://;
}
But when i enter to https://omada.mydomain.com:33333 browser show me error that cannot open URL https://omada.mydomain.com:8043
With other services there is no error.
Sorry for my english
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Here's my setup, I had posted this in a different thread a few months ago but that conversation went a different direction. I'm using the HAProxy package on pfsense, but I included the text config for native HA proxy that pfsense generated at the end.
HTTPS/443 front-end:
HTTP/port 80 front-end:
HAProxy config:
frontend EAP-Controller-https-443
bind 10.0.0.50:443 name 10.0.0.50:443 ssl crt-list /var/etc/haproxy/EAP-Controller-https-443.crt_list
mode http
log global
option http-keep-alive
timeout client 30000
acl eap-short var(txn.txnhost) -m str -i eap
acl eap-fqdn var(txn.txnhost) -m str -i eap.localdomain
acl aclcrt_EAP-Controller-https-443 var(txn.txnhost) -m reg -i ^eap(:([0-9]){1,5})?$
acl aclcrt_EAP-Controller-https-443 var(txn.txnhost) -m reg -i ^eap\.localdomain(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
http-request set-header host eap:8043 if eap-short aclcrt_EAP-Controller-https-443
http-request set-header host eap.localdomain:8043 if eap-fqdn aclcrt_EAP-Controller-https-443
http-response replace-value location 8043 %[hdr(location),regsub(8043,443)] if aclcrt_EAP-Controller-https-443
use_backend server-8043_ipvANY if aclcrt_EAP-Controller-https-443
frontend EAP-Controller-http
bind 10.0.0.50:80 name 10.0.0.50:80
mode http
log global
option http-keep-alive
timeout client 30000
acl eap-short var(txn.txnhost) -m str -i eap
acl eap-fqdn var(txn.txnhost) -m str -i eap.localdomain
http-request set-var(txn.txnhost) hdr(host)
http-request set-header host eap:8088 if eap-short
http-request set-header host eap.localdomain:8088 if eap-fqdn
http-response replace-value location 8088 %[hdr(location),regsub(8088,80)]
http-response replace-value location 8043 %[hdr(location),regsub(8043,443)]
default_backend server-http_ipvANY
backend server-8043_ipvANY
mode http
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server server 10.0.0.151:8043 id 101 ssl check-ssl check inter 10000 verify none
backend server-http_ipvANY
mode http
id 102
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server server 10.0.0.151:8088 id 101 check inter 10000
- Copy Link
- Report Inappropriate Content
@matt25 many thanks! I could manage to get it working, one additional point I was missing was to select the "Encrypt(SSL)" on the backend (not visible in your screenshots but visible on the text config)
- Copy Link
- Report Inappropriate Content
Hi guys,
Anyone succeeded in implemanting this with nginx ?
My nginx conf works over mobile but not over desktop ! I can't figure it out.
My desktop is presented with the logon screen but the login fails.
On my mobile phones/tablets, it works.
Here is my nginx conf :
server { if ($host = wifi.domain.com)
{ return 301 https://$host$request_uri;
}
listen 80;
server_name wifi.domain.com;
location /
{
proxy_pass https://192.168.1.21;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl http2;
server_name wifi.domain.com;
access_log /var/log/nginx/acces_wifi.domain.com.log;
error_log /var/log/nginx/error_wifi.domain.com.log;
location / {
proxy_pass https://192.168.1.21; proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/cert/bundleAG.crt;
ssl_certificate_key /etc/cert/privkeyAG.pem;
}
Thanks for your help
- Copy Link
- Report Inappropriate Content
I fixed it by using far less headers :
server { if ($host = wifi.domain.com)
{ return 301 https://$host$request_uri;
}
listen 80;
server_name wifi.domain.com;
location /
{
proxy_pass https://192.168.1.21;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name wifi.domain.com;
access_log /var/log/nginx/acces_wifi.domain.com.log;
error_log /var/log/nginx/error_wifi.domain.com.log;
location / {
proxy_pass https://192.168.1.21;
proxy_set_header Host $host;
}
ssl_certificate /etc/cert/bundleAG.crt;
ssl_certificate_key /etc/cert/privkeyAG.pem;
}
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 9751
Replies: 14
Voters 0
No one has voted for it yet.