SSL VPN behind Nginx Proxy Manager

sanderl · ‎06-09-2020

Is it possible to. Open 443 on an ip adress through a fortigate (yes :-)) to an nginx server. To then have that nginx server serving several urls and lets encrypt to a webserver(s). And then the magic: to have a url eg. vpn.domain.com serving back to (the internal?) interface of the fortigate. The is only 1 internet ip adress avaliable on the fortigate. And ofcourse port 80 is also forwarded to the nginx in order to renew letsencrypt. Any tips welcome. Thanks.

emnoc · ‎07-07-2020

If KPN is blocking you , you need to ask them why? I never heard of a mobile operator filtering traffic but this is the ducth so who really knows ;)

Did you happen to test from another device that was not attached to KPN?

Ken Felix

PCNSE

NSE

StrongSwan

emnoc · ‎07-07-2020

(because honestly, blocking ports is so 1990's)

This is so true, but these smaller ISP in smaller countries try to filter traffic. You mainly see it in many Asian & African developing countries to control access to news outlets or media sites.

Ken Felix

PCNSE

NSE

StrongSwan

sanderl · ‎02-15-2024

Long time back I created this topic. At that time it did not succeed. Now for a long time it works like I wanted and I thought to share some back with the community.

So what I have:

A ubuntu machine with nginx (npm).
A Fortigate with a loopback interface (internal) presenting ssl vpn.
A VIP port forwarding (443) to the nginx machine.
A public dns name resolving back to the external IP of the FG.
Configuration on the nginx catching that traffic (for thát dns name) and forwarding to the loopback.

Some screenshots:

This way the client (browser / vpn client / android app) connect fine and without certificate warning as that is presented by nginx.

Next to that the external IP can be used with multiple dns names that are all forwarded to different backend services all over 1 IP address.