My setup: a raspberry pi which is part of 2 separate LAN's (192.168.1.* and 192.168.2.*), running nginx. I would like to setup nginx as a reverse proxy, so I can access the router of the first LAN from the second LAN. (Direct access to the router from outside its LAN is not possible)
So from a computer in the second LAN (let's say 192.168.2.10) I want to go to the address of the pi in the second LAN (let's say 192.168.2.2), and I want to get forwarded to the web interface of the router in the first LAN (192.168.1.1).
With the setup I did, this works partially: it forwards to the correct location but there are problems loading the site, as for every .js and .css file (which are reference inline in the html that gets loaded) I get a 403 error 'forbidden'.
Accessing the router website directly from the pi works without issues, so the problem is linked to the config of the reverse proxy.
Here's what I have setup and the error messages (what I don't specify means it's at default value/setting)
NGINX CONFIG:
location / {
proxy_bind 192.168.1.2;
include /etc/nginx/mime.types;
default_type application/octet-stream;
proxy_pass http://192.168.1.1/;
}
192.168.1.2 is the address of the pi in the first LAN. 192.168.1.1 is the address of the router (part of the first LAN) I want to access.
Example error I see in the developer console of web browser (this goes for all .js and .css files):
HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it. GET - http://192.168.2.2/css/main.css
Corresponding line in the access.log of nginx:
"GET /css/main.css HTTP/1.1" 403 100 "http://192.168.2.2/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
I'm not sure, but in the line above it shows 192.168.2.2 as the referrer. Since the router is in the 192.168.1.* LAN I'm thinking this might be causing the permission issue. Playing with the "proxy_set_header Referer" yields exactly the same results however, so I might be wrong there?
Corresponding html line in the source file (seen when using curl directly from the pi):
<link rel="stylesheet" href="../css/main.css">
I have already tried many different settings (I played with the header Host/Referer/X-Forwarded-For) but the result is always the same. Since it's the built-in management website of the router, I cannot change permissions on these files (I don't think it's necessary as it works fine without using the proxy). I also have no idea what the root folder would be (it's a TP-Link MR400).
Some additional information: if I open a webbrowser on the LAN of the router and manually navigate directly to http://192.168.1.1/css/main.css I also get the 403 Forbidden. Navigating to http://192.168.1.1/ however loads the inline stylesheet without any problems. Hope this helps to identify the permission issue?
What am I missing?
Thank you in advance, Wim
