Welcome! Log In Create A New Profile

Advanced

Basic reverse proxy setup (noobie)

Posted by Richie79 
Basic reverse proxy setup (noobie)
October 21, 2018 10:30AM
Hi, I'm a NGIX noobie trying to setup basic reverse proxy server for the first time to harden my home security IP camera which doesn't support SSL natively. Camera is behind my pfSense firewall and DD-WRT router in it's own bridged subnet and I'm able to access it fine from outside and inside. I've installed NGIX successfully in my router, but I haven't managed to make it work.

I tried to follow the instructions found here:
https://security.stackexchange.com/questions/56779/securing-remotely-accessible-ip-cameras-that-do-not-support-https

My Nginx conf file is in the following path:
/opt/etc/nginx/nginx.conf

For testing purpose only I try to direct all HTTP traffic from 192.168.6.66:666 to 192.168.6.66:8080. I've set the router to start Nginx after reboot. Nginx is able to save all the configurations successfully after router reboot. I've also configured port forwarding on my router and my firewall, to ports mentioned above. I still can't access the camera from port 8080 (inside or outside). When I get the HTTP to work first, then I move on to HTTPS.

What am I doing wrong?
Find attached screenshot of Nginx configuration.
Are the configurations in wrong place? I wrote them in the beginning of configuration file.
Attachments:
open | download - Nimetön.png (363.7 KB)
Re: Basic reverse proxy setup (noobie)
October 24, 2018 04:52PM
It seems that these Nginx forum posts are unable to be edited afterwards. Strange... Nevertheless, here's some further clarification.

192.168.6.66 is my camera's current IP. It's behind my firewall and behind router in its own subnet.
My firewall faces Internet and my router is behind my firewall.
666 is the current TCP port I connect to when I want to use this camera from outside.
8080 is the TCP port I wish to use for Nginx reverse proxying. Meaning that I would like to connect to port 8080 from outside and Nginx should forward all the traffic from 8080 to 666.

I would like to first try it with HTTP only and move to HTTPS when HTTP works. Please keep in mind that Nginx is installed in my Linux DD-WRT router.

I am hesitating a bit with port forwarding. I have firstly opened TCP port 8080 from my firewall to forward all traffic coming from WAN IP and from port 8080 to my router. Then from my router I should obviously forward same TCP port to my Nginx (Nginx should be listening port 8080) in order for Nginx to be able to port forward from 8080 to my camera's port 666. Obviously Nginx should have its on IP, but how do I configure it? My router has DHCP on, but Nginx hasn't been shown up as an active client so obviously IP address needs to be configured manually.

Please bare with me, this is my first time configuring Nginx and installing it into router. I'd be happy to provide any further info.

BTW: I noticed a typo in my orginal script: Server token started with capital "S". It's now fixed and below is the corrected Nginx config as text. Config is currently for HTTP testing only:

server {
listen 8080;
location / {
proxy_pass http://192.168.6.66:666;
}
}
user nobody;
worker_processes 1;

#error_log /opt/var/log/nginx/error.log;
#error_log /opt/var/log/nginx/error.log notice;
#error_log /opt/var/log/nginx/error.log info;

#pid /opt/var/run/nginx.pid;


events {
worker_connections 64;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log /opt/var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 107
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready