Looking for Configuration Suggestions

I am going to use an OpenWrt device as a network edge device. It will be public-facing. I have a server running Nginx behind it, as well as a bitwarden server. There will be other infrastructure type servers in the future.

The Nginx server will host a WP and front-end on port 80/443, the bitwarden server uses 80/443 as well. I, ideally, will be able to access these based on the FQDN.

Suggestions on how to accomplish this? Squid on the OpenWrt box? Some other solution?

A nginx reverse proxy may help to host few servers based on FQDN.
I have done this with a LXC container with Debian system and Nginx inside…
Never tried to use directly nginx on OpenWrt, but will do soon for’testing…

1 Like

Would I need to host an nginx instance on the router itself for front-end/back-end support? Or something like squid? I've very much the novice when it comes to the options

You can, but you may also redirect port in the OpenWrt firewall (80/443) to another system which will host nginx and will do the final redirection based on the FQDN…

2 Likes

I've got multiple physical servers (so multiple private IPs), so..

Is there a way to forward reverse-proxy so that www.xxxx.com goes to 192.168.50.100 and the subdomain.xxxx.com goes to 192.168.50.101? They'd all use 80/443 for HTTP/HTTPS. Perhaps in the future, I may need to do this for other than http/https traffic, if that helps plan.

Edit.. Instead of doing the Proxy at the edge on device, would it be better to put a stand-alone proxy server in the middle between the edge device and the other servers for this purpose?

Yes.
You have to configure your router (OpenWrt) to port-forward (redirect) all the HTTP(S) (80/443) traffic to a system with NGINX…
Then you configure the FQDN to private IPs in NGINX. It is the reverse proxy mode of NGINX, one config file for each redirection…
You may also use let’s ençrypt to protect your web service if wanted.
Your internal web service will be available from Internet with its fqdn.

It’s one of the possible method.
It may be exist another, but this one is tested and working fine !
:wink:

1 Like

Fantastic! Thank you so much!

Time to dig out another machine from the bonepile then :smiley:

And…
If you router has a good CPU, you may use LXC and host the system inside OpenWrt…
Look for LXC howto at https://forum.openwrt.org/t/openwrt-arm64-quick-lxc-howto-guide-lms-in-debian-system-in-lxc-container

My edge device is an Itus Shield (Dual MIPS64 2000Bogomips, 1 GB Ram, and about 750mb of storage for the image). I know it'll run nginx, but I've no idea at what quality it would run.

1 Like

Right. Do you think the device described has enough behind it to work effectively or would it be a bottleneck? I've got no experience with nginx resource needs

You might give a try !?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.