Comment

Comment on issues setting up nginx as an https proxy

I think I’ll do this with one modification. I’ll make nginx serve the landing page with the subdomains when computers from router A try to access. ( by telling nginx to serve the page with the subdomains when contacted by 10.0.0.1) while I’ll serve another landing page that bypasses the proxy, by giving the direct 10.0.0.* IP of the server with the port, for computers inside router B .

Mostly since the Ethernet between router a and b is old. And limits transfers to 10Mbps. So I’d be handicapping computers inside router B by looping back. Especially since everything inside router B is supposed to be safe. And they’ll be the ones transferring most of the data to it.

Thanks for the breakdown. It genuinely helped in understanding the Daedalus-worthy path the connections need to take. I’ll update the post with my final solution and config once I make it work.

source

Sort:hotnew top

darkan15@lemmy.world ⁨1⁩ ⁨week⁩ ago
If you decide on doing the secondary DNS on the server on Router B network, there is no need to loop back, as the secondary DNS will maintain domain lookup and the requests on 10.0.0.x all internal to Router B network.

You can still decide to put rules on the reverse proxy if the origin IP is from 192.168.0.x if you see the need to differentiate traffic.

source
- brokenlcd@feddit.it ⁨1⁩ ⁨week⁩ ago
  I think I didn’t explain myself the right way.
  
  Computers from inside of Router B will access the server via it’s IP. Nginx will only serve an HTML file with the links. Basically acting as a bookmark page for the IP:port combos. While anything from Router A will receive a landing page that has the domain name, that will be resolved by pihole, exposed to the machines on Router A as an open port on router b`
  
  So basically the DNS will only be used on machines from Router A, and the rules on nginx are just to give links to the reverse proxy if the machine is from router A (I.e. the connection is coming from 10.0.0.1 from the server’s POV), or the page with the raw IP of the server+ port of the service.
  
  router A is Unfortunately junk from my ISP, and it doesn’t allow me to change the DNS. So I’ll just add Router B` ( and thus, the pihole instance that’s on the server) as a primary dns, and an external one as a secondary DNS as fallback.
  
  If you decide on doing the secondary local DNS on the server on Router B network, there is no need to loop back, as that DNS will maintain domain lookup and the requests on 10.0.0.x all internal to Router B network
  
  Wouldn’t this link to the 192.168.0.y address of router B pass through router A, and loop back to router B, routing through the slower cable? Or is the router smart enough to realize he’s just talking to itself and just cut out `router A from the traffic?
  
  source
  - darkan15@lemmy.world ⁨1⁩ ⁨week⁩ ago
    On your first part, clarifying your intent, I think that you are overcomplicating yourself by expecting traffic to come to the server via domain name (pass through proxy) from Router A network and by IP:Port from Router B network, you can access all, from anywhere through domains and subdomains, and avoid using numbers.
    
    If you can’t set up a DNS directly on Router A, you can set it per device you would want to access the server through port forwarding of Router B, meaning setting the laptop to use itself as primary DNS and as secondary use external, and any other device you would want in that LAN do the same, It is a bit tedious to do per device instead but still possible.
    
    Wouldn’t this link to the 192.168.0.y address of router B pass through router A, and loop back to router B, routing through the slower cable? Or is the router smart enough to realize he’s just talking to itself and just cut out `router A from the traffic?
    
    No, the request would stop on Router B, and maintain all traffic, on the 10.0.0.* network it would not change subnets, or anything.
    
    Remember that all my advice so far is so you don’t use any IP or Port anywhere, and your experience is seamless on any device using domains, and subdomains, the only place where you would need to put IP or ports, is on the reverse proxy itself, to tell anything reaching it, where the specific app/service is, as those would need to be running on different ports but be reached through the reverse proxy on defaults 80 or 443, so that you don’t have to put numbers anywhere.
    
    source
    brokenlcd@feddit.it ⁨1⁩ ⁨week⁩ ago
    
    No, the request would stop on Router B, and maintain all traffic, on the 10.0.0.* network it would not change subnets, or anything
    
    OK perfect. That was my hiccup. I thought it was going to go the roundabout way and slow the traffic down. I was willing to Put in numbers if it meant I wouldn’t have to go needlessly through the slower cable. If the router keeps everything inside of it’s own subnet if he realizes he’s talking to itself then it’s perfect.
    
    Thanks for the help
    
    source