Installing nginx after LuCI

Hi,

I am currently running OpenWrt 19.07.6 on a TP-Link Archer C7 v1 witch LuCI installed.
Since I want to be able to access some of my internal addresses from outside the network I wanted to install and configure nginx as my reverse proxy.

The official documentation states that there will be issues installing nginx besides LuCI because of port conflicts (https://openwrt.org/docs/guide-user/services/webserver/nginx#install).

So what is the best practice to install nginx after an already set up system including LuCI without losing all configurations like DCHP, Hostnames, Dynamic DNS and so on.

Please keep in mind, that I have no experience regarding setting up a reverse proxy like nginx.

From my understanding the access to LuCI must also be part of the nginx configuration, but only internally, no external access. Am I right?

Thanks in advance!

One possible way to reduce conflict is to bind uhttpd to specific ports on internal IP addresses and bind nginx to specific ports on external IP addresses. The default configuration is usually to bind to all IP addresses, which is usually what causes conflicts.

1 Like

What do you mean by binding nginx to specific ports on external IP addresses? I thought the only ports it should use are ports 80 and 443? At least that's what I want to accomplish, otherwise I would need to enter the different port every time I want to connect from outside like sub.mydomain.duckdns.org:9876, am I right?

The default behaviour is to bind to 0.0.0.0, which means to listen on that port on all of the device's IP addresses. This then prevents any other process from using the same port.

A more advanced configuration is to bind to a single IP address, so that the same port can be used more than once.

For example:
Let's say your router has a simple two-zone configuration, for just WAN and LAN. Its external IP address is 20.30.40.50, and its internal IP address is 192.168.1.1. Luci (uhttpd) already takes up port 80 on 0.0.0.0 (i.e. all IP addresses/interfaces).

You want to introduce nginx into the mix. That also listens on port 80, but uhttpd got there first. So they'll fight each other. In most cases, whoever got the port first wins and the challenger loses.

If you configure nginx to listen on port 80 and IP address 20.30.40.50, and you configure uhttpd to listen on port 80 and IP address 192.168.1.1, they will then happily coexist.

Nice explanation, thank you.
Where would I need to configure these ports exactly?
Does all the magic happen in the nginx configuration? And what do I need to configure If my external ip address changes, since I have a dynamic ip in combination with DDNS.

I don't remember if 19.x supports Luci on ningx...
Anyway about your concern of configuration problem... Web interface are not related to configuration so you won't cause any change on that part. The worst it can happen is losing access to Luci.
If Luci on nginx is supported, you can consider to use nginx as your web server and disable uhttpd

I would start by looking at the configuration files held in /etc/config. Most configuration is stored there. However, some packages/services might store their configuration elsewhere; if so, the associated documentation should let you know.

It seems: https://openwrt.org/docs/guide-user/luci/luci.essentials#luci_on_nginx

For routers without significant space constraints running on snapshots/master or v19 or later, it is possible to install using nginx

But there would be my next problem. I have an already running LuCI. When I install luci-ssl-nginx, will this replace my existing configuration or will it just conflict due to port issues?

uhttp config is stored in /etc/config/uhttpd

you can set everything up, but you'll only be able to start one of the processes, as long as they bind to the same IPs/interfaces and/or ports.

in uhttpd you can easily change the ports or interfaces/IPs.

        # HTTP listen addresses, multiple allowed
        list listen_http        0.0.0.0:80
        list listen_http        [::]:80

        # HTTPS listen addresses, multiple allowed
        list listen_https       0.0.0.0:443
        list listen_https       [::]:443

0.0.0.0 would mean all interfaces.

Thanks to all so far!
Just one additional question: Is there any big advantange for installing nginx on my router?

The reason why I'am asking: I have a raspberry pi running docker in my network that hosts all the services I want to connect to from outside and I just saw a video on how to setup Nginx Proxy Manager on docker which seems really easy. And since it has a nice web interface for configuring and build-in let's encrypt support I am not really sure whether to install nginx on my router or my docker. Any ideas?

up! 'm interested too