Hi,

From your description I know that you want to use port 33333 instead of port 8043, for this you just revise the port in the jetty.properities. The default path of it is: C:\Program Files (x86)\TP-LINK\EAP Controller\properties

Its work, but...

I have configured nginx on port 33333, and many reverse proxy name base services (localhosted or remote services), for example

service1 using port 11111,  but i have connect it from reverse proxy by name service1.mydomain.com:33333

service2 using port 22222,  but i have connect it from reverse proxy by name service2.mydomain.com:33333

service_omada using port 8043,  but i have not connect it from reverse proxy by name omada.mydomain.com:33333, because when i enter https://omada.mydomain.com:33333 browser shows me error that cannot open URL https://omada.mydomain.com:8043 (omada server answer error...)

Of course, if I change the omada service port number to 33333, i can access to omada service, bacause omada controller installed in another host. But what will be if omada controller will be run on the same server with nginx?It is not correct - two process cannot using the same port.

@g2_ufo I faced the same issue. It boils down to two factors:

1) The Omada Controller expects the Host header of each request to contain the ":8043" port explicity (or any port you configured to serve HTTPS). Else, it will redirect you, causing the issue you're seeing.

2) Because of the above, all 302 redirects from the Omada Controller will contain the ":8043" port explicitly, meaning your browser will try to connect to that port, instead of the proxy one.

I fixed this by enabling two rewrite rules in my proxy. (I use HAProxy, so I don't have a snippet for nginx, but I'm confident the same results can be achieved)

1) In every request, port ":8043" gets added to the Host header (so that the Omada Controller will not redirect you to use that port explicitly)

2) In every respone where the Location header is set (typically 302), the ":8043" part is removed, or changed to the non-standard one your proxy is using (so that your browser won't change the current port it's currently using)

This is working for me, and I hope you find it useful!

@Alfredo. Would you be able to post the snippets for the rewrite rules from your HAProxy config?

@Alfredo. Thank you for the input on what you used to get this working. I'm trying to get it done in Apache and haven't had much luck. Hoping you could share your configurations on github/gist? Thanks!

@Alfredo. Hi could you possibly post your config so we can look to convert it to nginx reverse proxy?

@g2_ufo 

I have this running behind the HAProxy package on my pfsense firewall. Here is my setup with the header re-writes, hope this helps. In my case, I am using the re-writes to allow the use of the standard port 443. I am using eap.localdomain as the dns name for my controller.

http-request header set

name: host, fmt: eap.localdomain:8043

customaction: http-response replace-value location 8043 %[hdr(location),regsub(8043,443)]

@g2_ufo Here is my configuration for Apache 2. I use Apache OpenID Connect module to protect that site, but you should be able to move it to something else. https://gist.github.com/bdwilson/a5e2f3567a5d81c07d98ae552fd8348e.  The SSL certificates referenced is for a wildcard Lets Encrypt cert for my domain. 

@BubbaW 

Came here to say thank you so much for posting this!  You're the only example I could find of an Apache reverse proxy config.  Great work!!

@matt25 Could you please share a couple of screenshots of the backend/frontend ACL/Actions? Thanks.