I have a working OpenWRT install on a router, with a VPN (NordVPN) configured.
I would now like to serve some simple websites from inside my LAN, without needing the client to be on the VPN.
I have already setup a domain that points to the fixed IP provided by my ISP, and I have tried the following to get HTTP/HTTP access working:
- Added firewall rules for TCP ports 80 and 443 for inputs to the router:
- Installed
nginxand added/etc/nginx/conf.d/reverse-proxy.conf:
root@OpenWrt:~# cat /etc/nginx/conf.d/reverse-proxy.conf
server {
listen 80;
server_name mydomain.net;
location / {
proxy_pass http://mylanhostname.lan:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
and I've confirmed that nginx is running (and I restarted it after adding the reverse proxy).
For now I'm just concerned with getting HTTP working and I will come back and add HTTPS, letsencrypt etc. once I have a basic setup going.
I've also confirmed that the web server at http://mylanhostname.lan:8080 is running and accessible from inside the LAN.
This is not currently working in two different ways:
- With the VPN turned on, attempting to access
mydomain.netfrom outside the LAN results in "this site can't be reached" errors. - With the VPN turned off, I get a 403 error from
nginx.
I'm at a loss for how to proceed here and while I could try making some semi-informed guesses around port forwarding or something, I'm afraid of just making things worse or opening up security holes.
