MIAB, Pfsense 2.4.4, and second webserver on same LAN

virakocha · 2019-03-20 19:35:03 UTC

Hi to all,

Hope for some help. I have two problems.

My current setting is
ESXI 6.0

VM Pfsense 2.4.4 (192.168.10.1) Firewall
VM MIAB (192.168.10.90)
VM Ubuntu WEB server (apache+Mysql) (192.168.10.100)
VM FreeNas (192.168.10.80)
.
.
Problem 1
I have followed the setup, so MIAB is handling all DNS entries. Now I am having trouble accessing my domain via domain name from LAN. From outside all works great but from LAN network I need to use IP 192.168.10.90.

Problem 2.
How to set in MIAB that domainname.com will be used from WEBserver on 192.168.10.100 and domainname.com/mail will be used from 192.168.10.90

Tnx in advance.

murgero · 2019-03-20 20:01:41 UTC

Nameservers can take up to 48 hours to update globally. If you are still having trouble by this time tomorrow, @ me so I get a notification and I can help you further.

virakocha · 2019-03-20 20:21:14 UTC

Ok I will do. But just to be clear accessing MIAB via domainname.com from eg. my phone on mobile data or from work is OK. But when at home I need to use internal IP from MIAB to access the website.

The second issue that I have is I am running two servers behind Pfsense (one is MIAB and the other Ubuntu Webserver), as MIAB is currently running as main DNS as well I can’t reach website running on the second Web server from outside (mobile or work or any other network) of course I can access with in my LAN.

alento · 2019-03-20 20:37:37 UTC

This is really not my area … but is port forwarding enabled properly?

Does Pfsense know to forward based on the http headers? Is that even a thing? How does Pfsense know which machine to forward to? I assume that you are using a different port for http/https on the webserver…

You are running DNS on the webserver to handle the private requests?

I am just rambling … maybe some of it makes sense … cause I do not know what I am talking about in terms that make sense to techies.

virakocha · 2019-03-20 20:43:43 UTC

Yep problem 1 solved. The issue was with DNS Forwarder.

Still struggling with problem No.2.
Both MIAB and Ubuntu webserver are using port 80 for website. As I want to use MIAB webmail (https://mydomain.com/mail) and Web server https://mydomain.com on different server.

murgero · 2019-03-20 21:00:36 UTC

The web server is on a different host? internally?

You will need to use a maybe a 3rd server to do special filtered load balancing between the two. Apache can do this using a reverse proxy but currently I do not believe your setup is supported for MIAB at this point.

That said, do you have a secondary IP address you can use for MIAB instead?

alento · 2019-03-20 21:40:52 UTC

Your MiaB is not on its own subdomain (hostname)?

rwillett · 2019-03-25 14:44:06 UTC

Problem 1

You need to setup two DNS resolvers, one for external use and one for internal use. External clients will use the external one and internal ones, well I’ll leave that to you to work out.

DNSMasq will do what you want to do as that’s exactly how we use it. You need to setup your DHCP or whatever so that internally you point to the right IP address. I can’t recall if PFSense has DNSMasq built in or not. Smoothwall used to do this. I would assume that you have two network devices configured for your firewall.

On another note, FreeNAS in a VM is not a recommended way to run FreeNAS. It works perfectly until the moment it fails and you lose your ZFS pool and all your data is corrupt. Been there, done that and lost all the data,

Problem 2 can be handled by setting up an NGINX proxy and handle the routing. We do this to route traffic to monit which is on a different port. About 10 lines of NGINX.

Rob

virakocha · 2019-04-22 20:37:29 UTC

HI to all,

For some reason i am still struggling with getting proper WEB server up and running.

My setting is as follows.
Server that is running ESXI 6.0

VM - MIAB (ip 10.88.1.80)
VM - Ubuntu WEBSERVER (ip 10.88.1.17) running Apache on port 81 (https) and 8081 (https)
VM - FreeNAS
VM - Pfsense
…
…

I have created an index.html file in
/home/user-data/www/domainname.com/index.html

`server {
    server_name domainname.com;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass https://10.88.1.17:8081;
    }
}

So when I try to access the web page nothing happens. I have google several topics with NGINX proxy setting but all failed. Is some one using similar setting and if do can you please post instructions how to achieve that I can run a full apache / mysql site behind nginx proxy.

virakocha · 2019-05-14 19:46:32 UTC

So I have figure it out.

in

I have added in /etc/nginx/conf.d/local.conf

location / {
proxy_pass http://ip from second server:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

virakocha · 2019-05-21 04:17:14 UTC

Hi to all,

I am still fighting with this code. I have added the code above to /etc/nginx/conf.d/local.conf but than every night system check is performed and Error Provisioning TLS Certificate appears and the local.conf file is rewritten to original state.

Am I missing something?

xpczko · 2019-05-26 06:40:12 UTC

Problem 1:

Problem 2:
Set webserver to have 80/443 ports
Miab set to 444 for example.
Port forward it