Accessing TP-LINK TL-SG1016PE switch behind reverse proxy

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Accessing TP-LINK TL-SG1016PE switch behind reverse proxy

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Accessing TP-LINK TL-SG1016PE switch behind reverse proxy
Accessing TP-LINK TL-SG1016PE switch behind reverse proxy
2022-06-10 04:16:24
Tags: #Reverse proxy
Model: TL-SG1016PE  
Hardware Version: V2
Firmware Version: 1.0.0 Build 20191218 Rel.49932

Hello,

 

I am trying to access my switch through my Nginx reverse proxy. I can access the switch fine using the local ip over http, but when I try with the domain name through my reverse proxy with over https, I can get the login page, but when I enter my credentials and click login the page times out (error 502). The issue seems to be with the logon.cgi page.

 

Would anyone know how to correctly configure a reverse proxy for this switch? (I have similar configuration working for my TP-Link router and many other services)

 

Here is my simple reverse proxy configuration:

 

server {

    listen 80 default_server;
    listen [::]:80 default_server;

    return 301 https://$host$request_uri;

}

 

server {
    listen 443 ssl http2;
    server_name ...

    ssl_certificate ...
    ssl_certificate_key ...

    access_log            /var/log/nginx/switch.access.log;
    error_log            /var/log/nginx/switch.error.log;


    location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_buffering off;
        client_max_body_size 0;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;

        proxy_set_header X-NginX-Proxy true;

 

      proxy_pass          (local_ip_over_http);
      proxy_redirect      (local_ip_over_http) (domain_name_over_https);
    }

  0      
  0      
#1
Options
2 Reply
Re:Accessing TP-LINK TL-SG1016PE switch behind reverse proxy
2022-06-20 16:21:47

  @remz 

server {

    listen 80 default_server;
    listen [::]:80 default_server;

    return 301 https://$host$request_uri;

 

you certain that listen 80 and return to https? 

i remember this old v1 model does not support https? https is not well supported on some old models like v1. 

and bad gateway 502, that could be a problem with your firewall 

 

and is there any error like: 

2013/01/17 13:33:47 [error] 15421#0: *16 upstream sent too big header while reading response header from upstream

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#2
Options
Re:Accessing TP-LINK TL-SG1016PE switch behind reverse proxy
2022-06-21 00:24:14

  @Tedd404 

 

hmm I don't see how that could be the issue since the SSL terminates at my reverse proxy (the proxy communicates with the switch"s web server over http), because indeed myt v1 does not support https.

 

I would be surprised if it were a firewall issue too since I have multiple other services accessed through that same reverse proxy (including my TP-Link router TL-R600VPN's web interface), but I will look into it.

 

the error from the Nginx reverse proxy is a timeout error:

2022/06/10 16:53:54 [error] 3630#3630: *29 upstream timed out (110: Unknown error) while reading response header from upstream, client: 192.168.1.123, server: switch . example . com, request: "POST /logon.cgi HTTP/2.0", upstream: "http://192.168.1.2:80/logon.cgi", host: "switch . example . com", referrer: "https:// switch . example . com/"

  0  
  0  
#3
Options