I am only startint to use OpenWrt, Nginx, DDNS, SSL, etc...
For now when I connect to my duckdns address I can correctly connect to my OpenWrt interface.
Now what I would like to manage is to redirect xxx.duckdns.org/omv/ to my OpenMediaVault server interface. If I am using the port number that I configured into OpenWrt, I can access it but I would like to get something cleaner to navigate and also avoid to expose the port I am using.
I already made some trials using proxy_bind, proxy_pass and some other tests but nothing seems to work and always receive that message " Not Found The requested URL /omv/ was not found on this server."
If someone has an idea to help, I am listening to learn
Connecting directly to the router is not advised. Instead use a vpn server, like wireguard or openvpn, or use SSH and enable Gateway ports in Dropbear.
Then you can use the internal name of the server and browse directly to its web interface.
I know that it is not advised and I can use a VPN but my connection is not really great and sometimes it is just not possible to use VPN or some services doesn't work when using a VPN (ex: DisneyPlus for the kid). But for now I would like to be able to redirect the connection to my server but using link like I suggested but I cannot make it work.
Up. Nobody to help me. The purpose of my question is not to connect to my OpenWrt interface.
I explain my situation. I am using DDNS with DuckDNS.
When I connect directly to my domain, it redirects me to OpenWrt interface.
What I would like the most is to be able to connect on other devices on LAN such as my OpenMediaVault server and its plugins by using kind of app name instead of port number.
For example, to connect onto my CouchPotato, I would like to type ******.duckdns.org/couchpotato or something similar to this instead of *****.duckdns.org:5050
I tried using nginx following the guide of reverse proxy but I cannot manage anything to work.
I would suggest to leave the OpenWrt as it is.
Forward ports 80 and 443 from the wan to some internal server, more capable of mitigating attacks. From there do the reverse proxy to the servers you like, or direct the port forward to the actual server if you feel it can handle an attack.
I've done yesterday a sort of hybrid solution between what you need and what Trendy suggests.
Note: I have a cheap (like 10$/y) VPS with public ip.
Note2: I have unbuilt it soon after, too risky for me.
Fast list:
install e config a wireguard tunnel between VPS and a wireguard interface over the router. Note: the tunnel side on the VPS should route both wireguard ip addresses that you lan ip addresses;
install docker and docker-compose on the VPS;
install NPM https://nginxproxymanager.com/ on docker via docker-compose file... NPM is nginx proxy manager, a collection of tool for doing what you need easily with all services installed together;
add a proxed host in NPM: doing this, you can create subdomains related to you duckdns domain and at the same time you can obtain a specified letsEncrypt certificate... for each subdomains. Look at the link
Of course in this way the wireguard tunnel allow you connect your lan with a "secure" spot on the web, you VPS... but also your risk that people can easily attack your host because of this approach reduce the security (using just wireguard you use private ips of the VPN, no other IPs are accepted: I think this is what was saying @trendy too).
Eventually I will try a different thread, but for an internal (on my lan) reverse proxy... how can i proceed?
Because I'm using dns (of openWrt) to use hostname such as "nas.lan" that points to, for example, 172.16.1.10: but if I have more services on different ports on that host, what is the best practise? I installed a reverse proxy on nas.lan, create the entry samba.nas.lan... but it seems not to work and I think because openWrt'DNS doesn't know what to do... or not? Maybe is the reverse proxy bad configured...
From another point of view: openWrt already manages - via dns - my hosts, based only on ip adresses... may it mapping and manage also something like 172.16.10.10:8000 mapped to myservice.nas.lan?
