Hey guys, so im trying to setup a configuration for a reverse proxy into my home assistant instance on a raspberry pi 4. I have nginx running on port 80 and 443 along with luci on the same ports; however I can't get connect to the server from my domain name (I get a connection refused error). How can I fix this issue without exposing luci directly to the internet?
My nginx config for the server looks like this:
server {
set $forward_scheme http;
set $server "192.168.4.120";
set $port 8123;
listen 80;
listen [::]:80;
server_name xxxxxxx.duckdns.org;
# Block Exploits
include /etc/nginx/conf.d/include/block-exploits.conf;
location / {
# Proxy!
include /etc/nginx/conf.d/include/proxy.conf;
}
}
block-expoits.conf
proxy.conf
Additional info:
The pi is connected within a separate interface called IOT, which separates devices such as the pi from my main interface with everything else (i.e. my computer) on it. The firewall is configured to have the IOT directed to wan and my main interface going to wan and the IOT interface (which allows my computer to talk to the IOT stuff). It's similar in setup as the Guest network in the Openwrt guide, which is why the address isn't the default 192.168.1.xxx addresss.
Use different ports. Or, if your installation supports it, bind the ports to specific IP addresses instead of binding them to 0.0.0.0.
So, do I need to change the ports that Nginx listens to or the ones for Luci? Which one is the easiest change and how do I go about changing them and making everything adapt to the changes?
Your call for which approach to take. "Easiest" is a subjective metric. You'll need to consider not only how easy it is to find and edit the appropriate configuration file(s), but also how easy/convenient it is to use the service afterwards.
Some possible approaches which may or may not be suitable for your needs:
- Your proposed nginx config only exposes port 80 to the Internet, not port 443. You could configure luci to listen internally on port 443 only, leaving 80 free for use by nginx externally.
- You could configure luci to bind to its LAN IP address, and configure nginx to bind to its WAN IP address, instead of binding to all addresses, while keeping the port numbers the same. It's possible to have multiple processes using the same port number simultaneously, as long as each one is bound to a separate IP address (e.g. LAN and WAN, or LAN and DMZ, etc.).
- You could configure either luci or nginx (or even both) to listen on different ports so that they don't overlap.
As for how to make the change, that shouldn't be too tricky. The relevant config files are - probably - all sitting in /etc/config. At least, the one for luci definitely is - it's /etc/config/uhttpd; I don't have nginx on my OpenWRT instance so can't guarantee that its config file is in the same place.