Reverse proxying the webgui



  • I'm trying to setup an apache reverse proxy to access the webgui from outside, using a dedicate web gateway. The connection between my LAN and the web server uses a VPN tunnel.

    I first used the ProxyPass directive inside a virtual location (pfsense) but I lost all the css and scripts.

    Then I used a dedicated virtual host to proxy the root of the webgui:

    ServerName pfsense.domain.name
    ProxyPreserveHost on
    ProxyPass / https://192.168.1.250:8443/
    ProxyPassReverse / https://192.168.1.250:8443/
    
    

    Now using the url https://pfsense.domain.name I can reach the correct login page.
    If I try to login, pfsense logs a correct login attempt, but I'm redirected to the login page again.

    I had to configure the alternate hostnames to bypass the  DNS Rebind Check.

    Is it possible to reverse proxy the webgui?

    Many thanks,
    Fabio



  • I got it  ;D

    I was testing using http on my proxy and https on webgui.
    now I enabled https also on the proxy connection and everything is fine.

    I'm using google authenticator module for apache to secure pfsense access through the reverse proxy and a https://letsencrypt.org/ certificate


  • Rebel Alliance Global Moderator

    Still way less secure then just vpn into your network and access your gui that way.

    Why anyone would put their gui open to the public be it behind a reverse proxy or not makes no sense.. So if I hit this IP and just happen to guess your password I have full access to your pfsense..  Did you change the default login even or is that still admin?



  • Will be hard to guess the OTP password on the proxy gateway… then you will have to guess the gui password as well.

    I need to access from work where I have not mobile data (nuclear plant, the walls are so thick). And I cannot use VPN on my workstation, only proxy access to internet.