Menu
What's new
By:
Filters Better Search

How to setup reverse-proxy with/without SSL termination on Merlin?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ffsb

ffsb

New Around Here
Good Morning,

Are there any step-by-step instructions to setup a secure reverse proxy (1-n portal) on a merlin router?
  • (if yes where?)
  • if not, can someone who might have done this share their knowledge?
  • Is this something that could be useful for other people? (or am I the only one in this situation!)
my specific use case (see picture):
I do have a couple of https applications (app1 on pc1, app2 on pc2...) that I have setup on my home lan. right now I am just forwarding the traffic from the merlin to the backend by port but I need to maintain individual certs etc... Ideally I would like to have "1" secure proxy on the merlin(?nginx?caddy?) which would front-end and secure my "n" services deployed on my LAN:
  • be as secure and easy to maintain as possible :)
  • automatically maintain its own certificate (let's encrypt) against my DDNS external DNS name foodomain.com but also include SAN for my local names pc1.foodomain.com pc2.foodomain.com
    so that I can reuse the same cert for the backends which use https
  • allow clients on my LAN to hit the router proxy as well so they have a secure path to the app1 on pc1 and app2 on pc2
  • allow on plain-http service (app2 on pc2) to be visible from the internet over https only using merlin for ssl termination.
  • disallow some service (app2 on pc2) to accept connections from anywhere but the incoming merlin which does ssl termination.(I understand that needs to be setup on the app2 pc2 itself... nothing to do with merlin, and can be easily achieved by instructing the firewall on pc2 to only accept incoming connections from 192.168.0.1 on p0rt 8-, but I am just listing it here to provide a complete set of requirements)

it would be great if at some point in time, merlin could provide an elegant turn-key solution to automate all these configs! :)
upload_2019-7-12_8-19-39.png
 
ffsb said:
Good Morning,

Are there any step-by-step instructions to setup a secure reverse proxy (1-n portal) on a merlin router?
  • (if yes where?)
  • if not, can someone who might have done this share their knowledge?
  • Is this something that could be useful for other people? (or am I the only one in this situation!)
my specific use case (see picture):
I do have a couple of https applications (app1 on pc1, app2 on pc2...) that I have setup on my home lan. right now I am just forwarding the traffic from the merlin to the backend by port but I need to maintain individual certs etc... Ideally I would like to have "1" secure proxy on the merlin(?nginx?caddy?) which would front-end and secure my "n" services deployed on my LAN:
  • be as secure and easy to maintain as possible :)
  • automatically maintain its own certificate (let's encrypt) against my DDNS external DNS name foodomain.com but also include SAN for my local names pc1.foodomain.com pc2.foodomain.com
    so that I can reuse the same cert for the backends which use https
  • allow clients on my LAN to hit the router proxy as well so they have a secure path to the app1 on pc1 and app2 on pc2
  • allow on plain-http service (app2 on pc2) to be visible from the internet over https only using merlin for ssl termination.
  • disallow some service (app2 on pc2) to accept connections from anywhere but the incoming merlin which does ssl termination.(I understand that needs to be setup on the app2 pc2 itself... nothing to do with merlin, and can be easily achieved by instructing the firewall on pc2 to only accept incoming connections from 192.168.0.1 on p0rt 8-, but I am just listing it here to provide a complete set of requirements)

it would be great if at some point in time, merlin could provide an elegant turn-key solution to automate all these configs! :)
View attachment 18617
Click to expand...
This can be done with nginx proxy on entware. you would need to know how to configure SSL certs on nginx i can point you at some guides people have written, but otherwise the rest is up to you.
https://hqt.ro/nginx-web-server-with-php-support-through-entware/

https://github.com/pedrom34/TutoAsus <------------this site is not 100% with what you need but it shows how to use ssl certificates with nginx
 
You must log in or register to reply here.

Similar threads

J
Noob DNS questions
Replies
3
Views
392
bennor
B
A
Primary router shows QIS_wizard page after IP conflict with secondary router in default mode
Replies
2
Views
585
Aziron5
A
johndoe85
Tutorial How to install Wireproxy on your Asus-Merlin Router
Replies
0
Views
957
johndoe85
johndoe85
D
Entware Voxel FW reverse proxy help
Replies
2
Views
1K
Duke_
D
G
Access webserver on lan synology from guest network on AX88u router
Replies
1
Views
453
grottoguy
G
Similar threads
Thread starter Title Forum Replies Date
C OVPN server setup problem Asuswrt-Merlin 7
pippo_105 I cannot setup Wireguard on my AX6000 Asuswrt-Merlin 6
XIYO Questions Regarding acme.sh Cron Job Setup and Directory Linking Asuswrt-Merlin 1
T Troubles with VPN Client + DDNS Setup on GT-BE98 Asuswrt-Merlin 5
anotherengineer Proper PPPoE Setup on Merlin? Asuswrt-Merlin 14
J SSID QR Code validity after hard reset but using same SSID Password when setup again? Asuswrt-Merlin 1
docta_v Is there any VPN provider with easy setup for port forwarding on Merlin? Asuswrt-Merlin 5
R How to setup WAN VLAN for Nokia Optical modem on RT-AC87U? Asuswrt-Merlin 12
M AI Mesh node setup without cable? Asuswrt-Merlin 19
E Is safe to setup "Alert preference"? Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 702 (members: 20, guests: 682)
Top