Pfsense to nginx routing

Hi all, I have pfsense 2.5 and a separate Nginx server as a reverse proxy, only for the intranet.

What would be the right way to forward requests to the nginx from the pfsense?

What I did is:

  1. DnsResolver host overrides:
    plex.home.lan to nginx server IP.
  2. Nginx:
    plex.home.lan to plex server IP + port.

This setup is working, but I think there should be a better way with fewer steps involved.

By adding host overrides it will work when you are on your local network.

What you need to do is called Port Forwarding, and the way that I do that is I create an alias for the host that will be hosting the service being forwarded and also an alias for the ports that will be used, for example:

Web_Server →
Web_Server_ Ports → 80, 443

Then I create as rule under Port forwarding saying that any source using the Web_Server ports on TCP/UDP needs to be sent to my Web_Sever using the Web_Server_Ports.

Yep, but i’m not going to expose my internal services to the world, it is only for internal(intranet) use

Sorry I missed you wanted internal only and thought you had written internet, then yes using host overrides is the way to go.

1 Like

Instead of using nginx as a proxy for your internal Plex server, you could instead used HAProxy on pfsense directly and remove a machine from the equation. Since you are only routing your intranet traffic, it shouldn’t taxe pfsense much even on a small appliance.
ref: Packages — HAProxy package | pfSense Documentation

I tried to configure it a couple of times, unfortunately I could not make it work :frowning:

Have you checked Tom’s video on it?

Also this one:

1 Like

Thank you for tutorials, finally managed to do it, there was one tiny issue i made every time i tried to configure HAProxy, videos helped. :slight_smile:

Only one thing I couldn’t solve. I have supermicro server with IPMI port.
so when I want to use remote control → iKVM/HTML5 it upgrades to websocket, but it can’t connect via websocket to the server. I tried different things that I found on the internet, but unfortunately, I could not make it work.