Has anyone managed to setup a reverse proxy on the USG?
Archived post. New comments cannot be posted and votes cannot be cast.
I would personally stand up an Nginx webserver and port forward that out. You can do all the SSL encryption withing Nginx as well. Turns the webserver into reverse proxy
Why not just use port forwarding?
I will, but I want to point subdomains to some places on the network and that requires a reverse proxy. At the moment relying on port forwarding alone just gets you to the USG login page.
I have a port forward to a web proxy that then will route depending on the subdomain. Am currently using caddy with rocket.chat, mainly as it is the default
So I don’t do this on the USG but I do run it in my Synology since it’s already built-in.
I am using cloud flare to front end everything. This essentially provide me virtual unlimited IP addresses and they handle the OAuth authentication. It then forwards everything over 443 to my WAN IP on the USG. USG port forwards 443 to my Synology. Synology has a built-in “app” in the settings called application portal, but under the covers it’s just an NGInX reverse proxy that have given a UI. Here I configure each of my domains and the downstream target server. I import the cloud flare ssl cert into the syno so I get green lights all the way.
What setup on the USG do you use to point the domain from CF, via an A record?
I have an older diskstation that functions as network backup, I might use that.
In another comment you mentioned it's for a homelab. Is running A VM an option for you?
Yes, I've thought about it and that's the way I'll end up going if I can't find an alternative. The objective in my new unifi gear was to learn the ecosystem in greater depth, because I'm starting to set it up for clients more and more. I was hoping to figure out a unifi only method.
I would personally stand up an Nginx webserver and port forward that out. You can do all the SSL encryption withing Nginx as well. Turns the webserver into reverse proxy
Why not just use port forwarding?
I will, but I want to point subdomains to some places on the network and that requires a reverse proxy. At the moment relying on port forwarding alone just gets you to the USG login page.
More replies More replies
I have a port forward to a web proxy that then will route depending on the subdomain. Am currently using caddy with rocket.chat, mainly as it is the default
So I don’t do this on the USG but I do run it in my Synology since it’s already built-in.
I am using cloud flare to front end everything. This essentially provide me virtual unlimited IP addresses and they handle the OAuth authentication. It then forwards everything over 443 to my WAN IP on the USG. USG port forwards 443 to my Synology. Synology has a built-in “app” in the settings called application portal, but under the covers it’s just an NGInX reverse proxy that have given a UI. Here I configure each of my domains and the downstream target server. I import the cloud flare ssl cert into the syno so I get green lights all the way.
What setup on the USG do you use to point the domain from CF, via an A record?
I have an older diskstation that functions as network backup, I might use that.
More replies More replies
In another comment you mentioned it's for a homelab. Is running A VM an option for you?
Yes, I've thought about it and that's the way I'll end up going if I can't find an alternative. The objective in my new unifi gear was to learn the ecosystem in greater depth, because I'm starting to set it up for clients more and more. I was hoping to figure out a unifi only method.
More replies