-
Can not connect to a server on the WAN side of the firewall on the same subnet as the WAN interface
I have a static IP package with my ISP and have my ClearOS home/office setup on one IP as well as a public-facing web server and a Nextcloud server. For security reasons, I would like to remove the internal connections to these servers and have all connectivity to them go through the WAN interface.
Currently, I can not connect to these servers via the wan interface. I am not sure if it is routing or firewall or both.
Any advice on altering the firewall and/or static routes would be greatly appreciated.
Greg. -
-
ZeroTier LAN to LAN?
Hi, I am looking at moving from OpenVPN to ZeroTier. I thought there may be a plugin but no such luck. The installation is simple but I can not connect from the other device. I believe it is related to network bridging / firewall rules.
Has anyone else implemented a LAN to LAN ZeroTier setup between two ClearOS setups?
Greg -
-
I don't know why I am having such difficulty. I have setup Apache and Nginx in the past. I must be missing something.
I have allowed port 80 and 443 in the incoming firewall settings. I added a virtual server to proxypass as follows:
Virtual host: home.[mydomain].ca
Alias: /ha
Enabled: Enabled
Protocol: HTTP
Target server: internal_iport
Target path: left blank
Validate SSL on connection to target: Disabled
I also have the web server installed as I assumed it was needed for some reason. They both point to the same domain could that be the issue? Do they conflict or work together?
I also tried another domain name that points to the ClearOS WAN IP and get a 404 error with the web server turned on and a "can not connect.." error with the web server turned off.
Any assistance is greatly appreciated.
Greg -
-
Hi Greg
Yes, you can use ProxyPass with or without SSL to forward external requests to internal webservers and the chosen SSL certificate does indeed get passed on. I use it for a couple of Servers and use Lets Encrypt Certs as well.
Its not that hard to configure and you should get the hang of it in about 10 to 15 minutes. Haven't tried it with multiple domains though but with Subdomains pointing to different internal servers it works just fine so i guess it would work with TLD's as well.
Things to remember when setting it up:
Target server: Depending on which Protocol you choose (http/https or both) you enter the corresponding http://internal-serverip or https://internal-serverip
Target path: If you want to simply point it to the internal servers main root folder you can leave it empty otherwise /foldername
The rest should be self explanatory
Hope this helps you out otherwise don't hesitate to ask -
-
Anyone know how to use proxy pass? There is no real documentation.
I purchased proxypass the other day assuming it was a front end for Nginx. My goal is to use it to consolidate multiple servers behind the firewall and have it provide ssl with the cert from lets encrypt. The servers behind the firewall are not running ssl. The documentation amounts to little more than a tooltip. I think that I may need ssl on the web servers but would like the ins and outs. Can the web server run without ssl? If it need ssl cert be self signed? Does it get passed right through proxypass?
Thanks in advance.
Greg -
-
Thanks again.
-
-
It looks like certbot-0.31.0-2.el7.noarch
It gets created with the letencrypt folder. -
-
I just deleted the README file and it seems to be working now.
Thank you so much for your help. I really appreciate it.
Greg -
-
I think we are getting closer. Here is an excerpt from the log:
For some reason it is looking for the cert here -> /etc/letsencrypt/live/README/cert.pem -
-
The strange part is that deleting the letsencrypt folder removes the missing certificate errors and lets me start over. I have the original backed up. When I try to get a new cert, it seems to work, a bunch of info is displayed and the folder is recreated and certs are added. I restored the backup and no have the "Ooooops: Certificate not found." error on the Lets Encrypt page as well as the missing certificates error on the cert manager page. I ran the grep commands and this is what I get.
Here are the files:
I noticed that the certs have a 1 in the name but the symbolic links do not. Not sure if that could be the issue. I guess it depends on if the apps access the certs via link or directly. Now I have requested certs too many times and have reached the certbot limit. The /etc/pki/CA/sys-0-cert.pem cert is still in place as well. -
Toggle Sidebar