I’m struggling with setting up nginx as a reverse proxy on ipfire.
nginx is setup to listen on port 443, but all external access to RED/port 443 is blocked by the firewall and not forwarded to the nginx running on ipfire.
Is it necessary to create a firewall rule for this type of access ?
Surely you want www.ipfire.org - Creating an External Access Rule because nginx is running on IPF?
Nick, thanks a lot, this was the link I missed. I wasn’t aware that it’s necessary to create a firewall rule for any service running on ipfire with accessibility from the internet.
Also in all documentation about nginx on ipfire I couldn’t find any hint about this issue.
Thanks again for solving my issue.
Just a heads-up – it is absolutely not (!) recommended to install any Services on the IPFire that are accessible via WAN!
This can backfire very badly, even if Nginx as Reverse Proxy is properly secured…
Is it a more secure approach to run nginx on a separate machine inside the green network, and make a port fowarding from ipfire to this machine ?
Yes and then use the Orange DMZ from IPFire
I don’t know what you want to use a server for to access the internet, but it’s safer to use a VPN (OPENVPN or Wireguard).
If it is properly secured, why would it backfire?
Running nginx or HAProxy as a reverse proxy is a great task for IPFire because you can have to many different services running behind it, have the IPS scan all the traffic and what not.
I would not recommend to host your blog on IPFire.