Access Website internally?
-
Hi
I was wondering if someone could shed some light on the issue im having,
Currently i have a website internally which i need to access
I have the NAT reflection enabled, and i can ping the site but shows err connection timeoutI checked the states
i see that its closed on the acknowledgment
the IP that is trying to access is 192.168.3.211 and the server which has the website is 192.168.3.190not sure what else i should look for
Thank you -
@killmasta93 said in Access Website internally?:
192.168.3.190
Why do you not just resolve whatever the fqdn is for this site to that IP?
-
@johnpoz
Thanks for the reply,
I tried adding on the custom option on dns resolverlocal-data: "sub.domain.com A 192.168.3.211"
but then realized that the server 192.168.3.190 has NGINX reverse proxy which therefore
putting the IP wont work
this is the nginx config which proxies to an IIS with multiple portsserver { # listen 80; listen 443 ssl; server_name xxx.xxx; ssl_certificate /etc/letsencrypt/live/xx.xxx/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xx.xxx/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_stapling on; ssl_stapling_verify on; location ~ /.well-known { root /var/www/letsencrypt; allow all; } location / { proxy_pass http://192.168.3.211:8093/; # headers setting proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Client-IP $remote_addr; } }
-
@killmasta93 said in Access Website internally?:
local-data: "sub.domain.com A 192.168.3.211"
211 ? 190 !
-
@killmasta93 said in Access Website internally?:
192.168.3.190 has NGINX reverse proxy which therefore
putting the IP wont workHuh? Your client is still going to send the host info when he tries to connect.. So why wouldn't it work?
Dude if you want help you have to tell us how your setup.. So your reverse proxy is on 3.190, which sends the data to 3.211? So you want to send it back to the client your coming from?
WTF Dude??
BTW all you need is a host override in the gui, you don't have to use a custom option anything.
-
@johnpoz @Gertjan
Sorry that i wasnt clear, let me clear the setup againCurrently i have windows server with IIS on 192.168.3.211
in that IIS i have 3 websites
192.168.3.211:8093
192.168.3.211:8091
192.168.3.211:8092As i only have 1 WAN ip (i separate my wan navigation from my web services) i needed to use a reverse proxy, so i created another VM with NGINX
and redirected the subdomains according to each website
ex:
sub.domain.com----NGINX proxy------192.168.3.211:8093
sub2.domain.com----NGINX proxy------192.168.3.211:8091
sub3.domain.com----NGINX proxy------192.168.3.211:8092and its working perfectly when the user is not in the LAN
So when the user is in the LAN and try to access sub.domain.com they get error connection time out
ex:
User ip: 192.168.3.156 trying to access sub.domain.com
the sub.domain.com IP starts with 181.49
and my Wan address 181.57
NGINX reverse proxy IP 192.168.3.190This is my NAT
Hope this made my question better
-
@killmasta93 said in Access Website internally?:
1 WAN ip (i separate my wan navigation from my web services) i needed to use a reverse proxy
Sure - I use HAproxy.. On pfsense for this.. And I have no issues access service internally or externally via the public fqdn from my client.
You for sure could run into asymmetrical issues with such a setup.. Unless you did a pure nat sort of setup where the reverse proxy would send the traffic back to pfsense wan to get back to the client on your lan..
-
@johnpoz
Thanks for the reply, as i was looking into HAproxy but wanted the Let encrypt on NGINX rather then on pfSense, i do have pure NAT enabled so not sure why its not letting on my LAN to access it -
@killmasta93 said in Access Website internally?:
but wanted the Let encrypt on NGINX rather then on pfSense
"Letsencrypt"is a concept, a brand, not code.
It needs, on 'your' side, a program, most often scripts like Python, bash etc that runs on some system (OS).
NGINX is a web server; that, on request from a web browser, gets files from its local storage and send it to the browser asking for it. It does not natively execute programs or scripts.Your NGINX runs on a device (host) : install certbot, acme.sh or whatever script you like, that interfaces with the Letenscrypt API servers. The traffic will just flow through pfSEnse, as any other traffic.