[ale] [OT] Inbound web access using pfSense

jhubbslist at att.net jhubbslist at att.net
Sun Jun 28 15:12:59 EDT 2020 

I already have nginx performing a redirect to the same machine's 
Guacamole front end, which as you know is a Tomcat app. So the way I 
have nginx configured now, when it is hit with 
https://<nginx-guac_machine_ip_address>:80/wxyz nginx is converting that 
to http://127.0.0.1:8080/guacamole-1.1.0. So I've got two mechanisms in 
series here, in order pfSense and nginx, that do mangling even without 
making use of internet DNS and I'm trying to get the pfSense-nginx 
transition sorted such that pfSense will make the intermediate 
connection between itself and nginx and do so without breaking the https 
escalation.

On 6/28/20 7:20 AM, Jim Kinney wrote:
> I don't think pfsense will handle the /xyz->/abc layer. That's just 
> for the ngnx proxy.
>
>
> On June 28, 2020 1:00:54 AM EDT, Jeff Hubbs via Ale <ale at ale.org> wrote:
>
>     Now that I've got a static IP (just one) I'm starting to work on hosting
>     my own web servers and the first thing I'm trying to do is make a nginx
>     and Apache Guacamole rig export Windows Server Remote Desktop sessions
>     via HTML5 (that's the Guacamole part) out to people who come in with a
>     URL I give them. I do not yet have internet DNS involved so the URL I
>     plan to give to one person I want to demonstrate the capability to will
>     have the form https://<internet_ip_address>/abcd.
>
>     I have all this set up behind a pfSense machine. From behind the pfSense
>     machine, I can point a browser to a URL in the form of
>     http://<nginx-guac_machine_ip_address>/wxyz, log in to Guacamole, and I
>     get an RDP session on the adjacent Windows server painted in the browser
>     window. In fact, I've got nginx where if I start the URL with http: it
>     will "auto-escalate" to https: using a self-signed certificate. What I'm
>     unclear about is what needs to happen in pfSense such that 1) someone
>     over the internet can come in at .../abcd as described above and pfSense
>     will change that to .../wxyz and 2) the https escalation still gets handled.
>
>     I expect that I will be using the nginx-Guacamole server for other
>     internet-reachable services so I won't want to do anything that will
>     pave over that flexibility.
>
>     - Jeff
>     ------------------------------------------------------------------------
>     Ale mailing list
>     Ale at ale.org
>     https://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
>
> -- 
> "no government by experts in which the masses do not have the chance 
> to inform the experts as to their needs can be anything but an 
> oligarchy managed in the interests of the few.” - John Dewey 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20200628/b15485c5/attachment.html>

More information about the Ale mailing list