NGINX Reverse Proxy for https does not work (no way to configure ip tables rules from wag config file)

[bluecraank]

Hello,

so i try to get https in front of the MFA Portal, but a soon as i change it, no connection can be established.

tcpdump show traffic, but no response from portal.

Is there any limitation built into your webserver?

[NHAS]

Hi there, wag does support being used behind a reverse proxy.

You will need to enable the proxy optioknin the configuration file and add the X-Forwarded-For headers. I haven't tested it myself.

Your issue may be cause by ip tables rules that wag adds that disallow input to any port on the host other than the Web server port (and ip) and icmp (ping)

I would suggest using wag directly to do your TLS for the vpn mfa page at least (the config has options for cert and key path for tls)

[bluecraank]

Hey,

yeah my issue is that the port is blocked on the server because of wag

Is there any chance to allow Port 443 and the other ports for the webservers?

[bluecraank]

Okay, i added in iptables.go an additional entry for allowing 443 This works :D

Maybe there should be the option, if key "Proxied" is set to true, then u can also set "ProxyPort" if Proxy is on same server

[NHAS]

Yep I 100% agree with you there, it should give you the option of adding an arbitrary port (or just ip tables rules in general)

I'll add this to the list of things to do. Web ui is almost done! So I'll be getting to them soon

[NHAS]

Sweet, I've fixed this on the unstable branch, by adding a config directive ExposePorts which should allow people to go and expose whatever ports they like on the VPN host.

I'll be doing a round up release today or tomorrow after I've tested everything.

[bluecraank]

Nice work man! Nice to see activity on this project. I will test it on ubuntu.