SOLVED Connecting to NAS...

[siconic]

I am not new to FreeNAS, and absolutely love it. I have been using it now going on 5ish years. Please don't give me a tongue lashing on this, as I have authentication in place, and often use VPN over HTTP access anyway. Sometimes, you just cant use VPN, so I want to be able to access the FreeNAS GUI from remote locations and I have the ability to enable and disable my subdomains without VPN. So here is a little back story:

In the old versions, I was able to create a subdomain for access to my FreeNAS GUI. It was very easy and straightforward. I used HTTP authentication if you managed to find the subdomain, of course I also used the FreeNAS authentication in case you made it past that, and both of these were in addition to disabling the subdomain when not doing things remotely. I would like to continue the practice of being able to access the web GUI, but I get the following message when accessing off network:

What am I missing? I can VPN in and use it just fine. I can access it directly from my network (obviously), but I cannot use Apache to access it through a subdomain! I have been waiting patiently hopping it would resolve in future releases, that maybe it was a bug, but now I am trying to find answers. I know its not best practice, but has anyone gotten remote access working?

As an aside, if the designers did this to prevent exactly my request, thats kind of low. Not everyone needs to be protected from themselves, since some people may have legitimate needs to access the GUI remotely.

Thanks!

 

[Plato]

I'm using NGINX and accessing it from outside of my network. So, there's no block AFAIK.

 

[siconic]

I'm using NGINX and accessing it from outside of my network. So, there's no block AFAIK.

Did you need to do anything special? I am just using basic Apache directives in a conf file. Here is what I got:

Code:

ServerName <subdomain>
ProxyPreserveHost ON

{Proxy Auth ommited}

ProxyPass / http://192.168.<ip>.<ip>/
ProxyPassReverse / http://192.168.<ip>.<ip>/

AllowConnect 80

 

[siconic]

Found some additional debug info, using F12 in Chrome:

The websocket keeps reloading with a 401 Unauthorized.

Requested URL: ws://<domain>/websocket

Any help would be greatly appreciated!

 

[Plato]

Here is my nginx config:

Code:

  

server {
        listen 80 default_server;
#       listen [::]:80 default_server;
        server_name _;
#       location ^~ /.well-known/acme-challenge {
#       alias /usr/local/www/dehydrated;
        return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name nas.xxxxxx.xxx;
    include ssl-params.conf;
    location / {
      proxy_pass http://192.168.1.XXX/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_read_timeout 43200000;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;
    }
                
  }

I configured SSL with letsencrypt and dehydrated.

 

[siconic]

@Plato - Thank you for your help! I noticed the upgrade header connection in your config, and started looking into that same idea for Apache. Searching for some Apache stuff related to NGINX, I found the answer. For those looking, and using Apache, the following worked for me:

Code:

    # Enable the rewrite engine
    # Requires: sudo a2enmod proxy rewrite proxy_http proxy_wstunnel
    # In the rules/conds, [NC] means case-insensitve, [P] means proxy
    RewriteEngine On

    # socket.io 1.0+ starts all connections with an HTTP polling request
    RewriteCond %{QUERY_STRING} transport=polling       [NC]
    RewriteRule /(.*)           http://{YourFreenasHost}/$1 [P]

    # When socket.io wants to initiate a WebSocket connection, it sends an
    # "upgrade: websocket" request that should be transferred to ws://
    RewriteCond %{HTTP:Upgrade} websocket               [NC]
    RewriteRule /(.*)           ws://{YourFreenasHost}/$1  [P]

    ProxyRequests Off
    ProxyPass           /   http://{YourFreenasHost}/
    ProxyPassReverse    /   http://{YourFreenasHost}/