Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
app-notes:webvpn-secure-https-portforwardings-for-unsecure-http-devices [2018/09/04 07:11] juraschek [Prerequisistes] |
app-notes:webvpn-secure-https-portforwardings-for-unsecure-http-devices [2022/01/28 14:00] (current) schmitt |
||
|---|---|---|---|
| Line 15: | Line 15: | ||
| * ARM based linux distribution of your flavor from [[https://jenkins.linuxcontainers.org/view/Images/|linuxcontainers.org]], to make it small the example is based on [[https://alpinelinux.org/|Alpine Linux]] | * ARM based linux distribution of your flavor from [[https://jenkins.linuxcontainers.org/view/Images/|linuxcontainers.org]], to make it small the example is based on [[https://alpinelinux.org/|Alpine Linux]] | ||
| * The [[https://traefik.io|traefik.io]] reverse proxy for the ARM Platform | * The [[https://traefik.io|traefik.io]] reverse proxy for the ARM Platform | ||
| - | * As an alternativ you can download a ready to use container [[ftp://share.netmodule.com/router/public/virt/alpine_3.7_traefik.tar.xz|HERE]] | + | * As an alternativ you can download a ready to use container [[https://share.netmodule.com/router/public/virt/alpine_3.7_traefik.tar.xz|HERE]] |
| * OpenVPN network setup (your container could also run on one of your openvpn clients) | * OpenVPN network setup (your container could also run on one of your openvpn clients) | ||
| * Clients need fix IP adresses so you can add them later to traefik | * Clients need fix IP adresses so you can add them later to traefik | ||
| Line 142: | Line 142: | ||
| Since the service runs as non-root user the default listening ports for http and https where changed to 65080 and 65443. So additionally on your router you'd need to create NAPT Rules, that rewrite the http & https ports accordingly. | Since the service runs as non-root user the default listening ports for http and https where changed to 65080 and 65443. So additionally on your router you'd need to create NAPT Rules, that rewrite the http & https ports accordingly. | ||
| - | {{:app-notes:traefik-napt-example2.jpg|}} | + | {{:app-notes:traeffik-napt-examoles2.png|}} |
| Line 151: | Line 151: | ||
| The Router (for example in Site1) would need a NAPT Rule translating the incoming Port 8080 from its tun interface to port 80 and the ip of your endpoint. So your NAPT rule on the router on site 1 might look like this (with a second endpoint to visualize the just mentioned). | The Router (for example in Site1) would need a NAPT Rule translating the incoming Port 8080 from its tun interface to port 80 and the ip of your endpoint. So your NAPT rule on the router on site 1 might look like this (with a second endpoint to visualize the just mentioned). | ||
| - | {{:app-notes:traefik-napt-example.jpg|}} | + | {{:app-notes:traefik-napt-ecample.png|}} |
| On the router that is running the container and serving the requests, don't forget to change the WebGui Ports 80 & 443 to some other ports,so that they can be re-written via NAPT rules to get to the container. | On the router that is running the container and serving the requests, don't forget to change the WebGui Ports 80 & 443 to some other ports,so that they can be re-written via NAPT rules to get to the container. | ||