[ale] [OT] Inbound web access using pfSense
Jim Kinney
jim.kinney at gmail.com
Sun Jun 28 07:24:28 EDT 2020
Oh. Get a let's encrypt cert and do the script to auto renew.
Conversely, I consider a self-signed cert as or more secure than a commercial one if I can confirm the fingerprint or get CA pub in advance.
On June 28, 2020 1:00:54 AM EDT, Jeff Hubbs via Ale <ale at ale.org> wrote:
>Now that I've got a static IP (just one) I'm starting to work on
>hosting
>my own web servers and the first thing I'm trying to do is make a nginx
>
>and Apache Guacamole rig export Windows Server Remote Desktop sessions
>via HTML5 (that's the Guacamole part) out to people who come in with a
>URL I give them. I do not yet have internet DNS involved so the URL I
>plan to give to one person I want to demonstrate the capability to will
>
>have the form https://<internet_ip_address>/abcd.
>
>I have all this set up behind a pfSense machine. From behind the
>pfSense
>machine, I can point a browser to a URL in the form of
>http://<nginx-guac_machine_ip_address>/wxyz, log in to Guacamole, and I
>
>get an RDP session on the adjacent Windows server painted in the
>browser
>window. In fact, I've got nginx where if I start the URL with http: it
>will "auto-escalate" to https: using a self-signed certificate. What
>I'm
>unclear about is what needs to happen in pfSense such that 1) someone
>over the internet can come in at .../abcd as described above and
>pfSense
>will change that to .../wxyz and 2) the https escalation still gets
>handled.
>
>I expect that I will be using the nginx-Guacamole server for other
>internet-reachable services so I won't want to do anything that will
>pave over that flexibility.
>
>- Jeff
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>https://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo
--
"no government by experts in which the masses do not have the chance to inform the experts as to their needs can be anything but an oligarchy managed in the interests of the few.” - John Dewey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20200628/e5d981ba/attachment.html>
More information about the Ale
mailing list