Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reverse proxying the webgui

    webGUI
    2
    4
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fabio72
      last edited by

      I'm trying to setup an apache reverse proxy to access the webgui from outside, using a dedicate web gateway. The connection between my LAN and the web server uses a VPN tunnel.

      I first used the ProxyPass directive inside a virtual location (pfsense) but I lost all the css and scripts.

      Then I used a dedicated virtual host to proxy the root of the webgui:

      ServerName pfsense.domain.name
ProxyPreserveHost on
ProxyPass / https://192.168.1.250:8443/
ProxyPassReverse / https://192.168.1.250:8443/

      Now using the url https://pfsense.domain.name I can reach the correct login page.
      If I try to login, pfsense logs a correct login attempt, but I'm redirected to the login page again.

      I had to configure the alternate hostnames to bypass the  DNS Rebind Check.

      Is it possible to reverse proxy the webgui?

      Many thanks,
      Fabio

      1 Reply Last reply Reply Quote 0
      • F
        Fabio72
        last edited by

        I got it  ;D

        I was testing using http on my proxy and https on webgui.
        now I enabled https also on the proxy connection and everything is fine.

        I'm using google authenticator module for apache to secure pfsense access through the reverse proxy and a https://letsencrypt.org/ certificate

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Still way less secure then just vpn into your network and access your gui that way.

          Why anyone would put their gui open to the public be it behind a reverse proxy or not makes no sense.. So if I hit this IP and just happen to guess your password I have full access to your pfsense..  Did you change the default login even or is that still admin?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • F
            Fabio72
            last edited by

            Will be hard to guess the OTP password on the proxy gateway… then you will have to guess the gui password as well.

            I need to access from work where I have not mobile data (nuclear plant, the walls are so thick). And I cannot use VPN on my workstation, only proxy access to internet.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.