Omada Controller 3.1.4 nginx reverse proxy

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Omada Controller 3.1.4 nginx reverse proxy

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada Controller 3.1.4 nginx reverse proxy
Omada Controller 3.1.4 nginx reverse proxy
2019-05-24 07:02:12
Model: EAP225  
Hardware Version: V3
Firmware Version: latest

Is it possible to use omada controller 3.1.4 behind name base nginx reverse proxy to another port?

 

I am using name bese nginx config to port 33333:

 

location / {
                # Send traffic to the backend
                proxy_pass https://192.166.200.222:8043;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP         $remote_addr;
proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host              $http_host;
proxy_max_temp_file_size           0;
proxy_redirect                     https:// https://;
        }

 

But when i enter to https://omada.mydomain.com:33333 browser show me error that cannot open URL https://omada.mydomain.com:8043

 

With other services there is no error.

Sorry for my english

  0      
  0      
#1
Options
14 Reply
Re:Omada Controller 3.1.4 nginx reverse proxy
2019-05-27 00:56:37

Hi,

 

From your description I know that you want to use port 33333 instead of port 8043, for this you just revise the port in the jetty.properities. The default path of it is: C:\Program Files (x86)\TP-LINK\EAP Controller\properties

 

  0  
  0  
#2
Options
Re:Re:Omada Controller 3.1.4 nginx reverse proxy
2019-05-27 05:47:25

Its work, but...

I have configured nginx on port 33333, and many reverse proxy name base services (localhosted or remote services), for example

 

 

service1 using port 11111,  but i have connect it from reverse proxy by name service1.mydomain.com:33333

service2 using port 22222,  but i have connect it from reverse proxy by name service2.mydomain.com:33333

service_omada using port 8043,  but i have not connect it from reverse proxy by name omada.mydomain.com:33333, because when i enter https://omada.mydomain.com:33333 browser shows me error that cannot open URL https://omada.mydomain.com:8043 (omada server answer error...)

 

Of course, if I change the omada service port number to 33333, i can access to omada service, bacause omada controller installed in another host. But what will be if omada controller will be run on the same server with nginx?It is not correct - two process cannot using the same port.

 

  0  
  0  
#4
Options
Re:Re:Omada Controller 3.1.4 nginx reverse proxy
2020-03-29 21:22:13

@g2_ufo I faced the same issue. It boils down to two factors:

1) The Omada Controller expects the Host header of each request to contain the ":8043" port explicity (or any port you configured to serve HTTPS). Else, it will redirect you, causing the issue you're seeing.

2) Because of the above, all 302 redirects from the Omada Controller will contain the ":8043" port explicitly, meaning your browser will try to connect to that port, instead of the proxy one.

 

I fixed this by enabling two rewrite rules in my proxy. (I use HAProxy, so I don't have a snippet for nginx, but I'm confident the same results can be achieved)

1) In every request, port ":8043" gets added to the Host header (so that the Omada Controller will not redirect you to use that port explicitly)

2) In every respone where the Location header is set (typically 302), the ":8043" part is removed, or changed to the non-standard one your proxy is using (so that your browser won't change the current port it's currently using)

 

This is working for me, and I hope you find it useful!

  1  
  1  
#5
Options
Re:Re:Omada Controller 3.1.4 nginx reverse proxy
2020-06-02 15:32:55

@Alfredo. Would you be able to post the snippets for the rewrite rules from your HAProxy config?

  0  
  0  
#6
Options
Re:Re:Omada Controller 3.1.4 nginx reverse proxy
2020-11-02 21:59:01

@Alfredo. Thank you for the input on what you used to get this working. I'm trying to get it done in Apache and haven't had much luck. Hoping you could share your configurations on github/gist? Thanks!

  0  
  0  
#7
Options
Re:Re:Omada Controller 3.1.4 nginx reverse proxy
2021-02-06 10:30:23

@Alfredo. Hi could you possibly post your config so we can look to convert it to nginx reverse proxy?

  0  
  0  
#8
Options
Re:Omada Controller 3.1.4 nginx reverse proxy
2021-02-07 00:40:01

@g2_ufo 

I have this running behind the HAProxy package on my pfsense firewall. Here is my setup with the header re-writes, hope this helps. In my case, I am using the re-writes to allow the use of the standard port 443. I am using eap.localdomain as the dns name for my controller.

 

http-request header set

name: host, fmt: eap.localdomain:8043

 

customaction: http-response replace-value location 8043 %[hdr(location),regsub(8043,443)]

  1  
  1  
#9
Options
Re:Omada Controller 3.1.4 nginx reverse proxy
2021-02-08 02:59:35 - last edited 2021-02-08 03:00:34

@g2_ufo Here is my configuration for Apache 2. I use Apache OpenID Connect module to protect that site, but you should be able to move it to something else. https://gist.github.com/bdwilson/a5e2f3567a5d81c07d98ae552fd8348e.  The SSL certificates referenced is for a wildcard Lets Encrypt cert for my domain. 

  2  
  2  
#10
Options
Re:Omada Controller 3.1.4 nginx reverse proxy
2021-03-31 16:21:34

@BubbaW 


Came here to say thank you so much for posting this!  You're the only example I could find of an Apache reverse proxy config.  Great work!!

  1  
  1  
#11
Options
Re:Omada Controller 3.1.4 nginx reverse proxy
2021-08-13 19:51:37 - last edited 2021-08-13 19:52:52

@matt25 Could you please share a couple of screenshots of the backend/frontend ACL/Actions? Thanks.

  0  
  0  
#12
Options