Omada Controller 3.1.4 nginx reverse proxy
Omada Controller 3.1.4 nginx reverse proxy
Is it possible to use omada controller 3.1.4 behind name base nginx reverse proxy to another port?
I am using name bese nginx config to port 33333:
location / {
# Send traffic to the backend
proxy_pass https://192.166.200.222:8043;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
proxy_redirect https:// https://;
}
But when i enter to https://omada.mydomain.com:33333 browser show me error that cannot open URL https://omada.mydomain.com:8043
With other services there is no error.
Sorry for my english
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi,
From your description I know that you want to use port 33333 instead of port 8043, for this you just revise the port in the jetty.properities. The default path of it is: C:\Program Files (x86)\TP-LINK\EAP Controller\properties
- Copy Link
- Report Inappropriate Content
Its work, but...
I have configured nginx on port 33333, and many reverse proxy name base services (localhosted or remote services), for example
service1 using port 11111, but i have connect it from reverse proxy by name service1.mydomain.com:33333
service2 using port 22222, but i have connect it from reverse proxy by name service2.mydomain.com:33333
service_omada using port 8043, but i have not connect it from reverse proxy by name omada.mydomain.com:33333, because when i enter https://omada.mydomain.com:33333 browser shows me error that cannot open URL https://omada.mydomain.com:8043 (omada server answer error...)
Of course, if I change the omada service port number to 33333, i can access to omada service, bacause omada controller installed in another host. But what will be if omada controller will be run on the same server with nginx?It is not correct - two process cannot using the same port.
- Copy Link
- Report Inappropriate Content
@g2_ufo I faced the same issue. It boils down to two factors:
1) The Omada Controller expects the Host header of each request to contain the ":8043" port explicity (or any port you configured to serve HTTPS). Else, it will redirect you, causing the issue you're seeing.
2) Because of the above, all 302 redirects from the Omada Controller will contain the ":8043" port explicitly, meaning your browser will try to connect to that port, instead of the proxy one.
I fixed this by enabling two rewrite rules in my proxy. (I use HAProxy, so I don't have a snippet for nginx, but I'm confident the same results can be achieved)
1) In every request, port ":8043" gets added to the Host header (so that the Omada Controller will not redirect you to use that port explicitly)
2) In every respone where the Location header is set (typically 302), the ":8043" part is removed, or changed to the non-standard one your proxy is using (so that your browser won't change the current port it's currently using)
This is working for me, and I hope you find it useful!
- Copy Link
- Report Inappropriate Content
@Alfredo. Would you be able to post the snippets for the rewrite rules from your HAProxy config?
- Copy Link
- Report Inappropriate Content
@Alfredo. Thank you for the input on what you used to get this working. I'm trying to get it done in Apache and haven't had much luck. Hoping you could share your configurations on github/gist? Thanks!
- Copy Link
- Report Inappropriate Content
@Alfredo. Hi could you possibly post your config so we can look to convert it to nginx reverse proxy?
- Copy Link
- Report Inappropriate Content
I have this running behind the HAProxy package on my pfsense firewall. Here is my setup with the header re-writes, hope this helps. In my case, I am using the re-writes to allow the use of the standard port 443. I am using eap.localdomain as the dns name for my controller.
http-request header set
name: host, fmt: eap.localdomain:8043
customaction: http-response replace-value location 8043 %[hdr(location),regsub(8043,443)]
- Copy Link
- Report Inappropriate Content
@g2_ufo Here is my configuration for Apache 2. I use Apache OpenID Connect module to protect that site, but you should be able to move it to something else. https://gist.github.com/bdwilson/a5e2f3567a5d81c07d98ae552fd8348e. The SSL certificates referenced is for a wildcard Lets Encrypt cert for my domain.
- Copy Link
- Report Inappropriate Content
Came here to say thank you so much for posting this! You're the only example I could find of an Apache reverse proxy config. Great work!!
- Copy Link
- Report Inappropriate Content
@matt25 Could you please share a couple of screenshots of the backend/frontend ACL/Actions? Thanks.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 9544
Replies: 14
Voters 0
No one has voted for it yet.