Business Community > WiFi > Omada Controller 3.1.4 nginx reverse proxy
< WiFi

Omada Controller 3.1.4 nginx reverse proxy

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Omada Controller 3.1.4 nginx reverse proxy

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12 Reply
Re:Omada Controller 3.1.4 nginx reverse proxy
2021-08-13 20:02:23

@returntrip 

Here's my setup, I had posted this in a different thread a few months ago but that conversation went a different direction. I'm using the HAProxy package on pfsense, but I included the text config for native HA proxy that pfsense generated at the end.

 

HTTPS/443 front-end:

 

 

HTTP/port 80 front-end:

 

HAProxy config:

 

frontend EAP-Controller-https-443
        bind                    10.0.0.50:443 name 10.0.0.50:443   ssl crt-list /var/etc/haproxy/EAP-Controller-https-443.crt_list
        mode                    http
        log                     global
        option                  http-keep-alive
        timeout client          30000
        acl                     eap-short       var(txn.txnhost) -m str -i eap
        acl                     eap-fqdn        var(txn.txnhost) -m str -i eap.localdomain
        acl                     aclcrt_EAP-Controller-https-443 var(txn.txnhost) -m reg -i ^eap(:([0-9]){1,5})?$
        acl                     aclcrt_EAP-Controller-https-443 var(txn.txnhost) -m reg -i ^eap\.localdomain(:([0-9]){1,5})?$
        http-request set-var(txn.txnhost) hdr(host)
        http-request set-header host eap:8043  if  eap-short aclcrt_EAP-Controller-https-443
        http-request set-header host eap.localdomain:8043  if  eap-fqdn aclcrt_EAP-Controller-https-443
        http-response replace-value location 8043 %[hdr(location),regsub(8043,443)]  if   aclcrt_EAP-Controller-https-443
        use_backend server-8043_ipvANY  if   aclcrt_EAP-Controller-https-443

frontend EAP-Controller-http
        bind                    10.0.0.50:80 name 10.0.0.50:80
        mode                    http
        log                     global
        option                  http-keep-alive
        timeout client          30000
        acl                     eap-short       var(txn.txnhost) -m str -i eap
        acl                     eap-fqdn        var(txn.txnhost) -m str -i eap.localdomain
        http-request set-var(txn.txnhost) hdr(host)
        http-request set-header host eap:8088  if  eap-short
        http-request set-header host eap.localdomain:8088  if  eap-fqdn
        http-response replace-value location 8088 %[hdr(location),regsub(8088,80)]
        http-response replace-value location 8043 %[hdr(location),regsub(8043,443)]
        default_backend server-http_ipvANY

backend server-8043_ipvANY
        mode                    http
        id                      100
        log                     global
        timeout connect         30000
        timeout server          30000
        retries                 3
        option                  httpchk OPTIONS /
        server                  server 10.0.0.151:8043 id 101 ssl check-ssl check inter 10000  verify none
        
backend server-http_ipvANY
        mode                    http
        id                      102
        log                     global
        timeout connect         30000
        timeout server          30000
        retries                 3
        option                  httpchk OPTIONS /
        server                  server 10.0.0.151:8088 id 101 check inter 10000

  0  
  0  
#13
Options
Re:Omada Controller 3.1.4 nginx reverse proxy
2021-08-15 09:27:26

@matt25 many thanks! I could manage to get it working, one additional point I was missing was to select the "Encrypt(SSL)" on the backend (not visible in your screenshots but visible on the text config)

  0  
  0  
#14
Options
12
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.