siconic
Explorer
- Joined
- Oct 12, 2016
- Messages
- 95
Ok, I know everyone freaks out every single time this is brought up. Yes, this is a home setup, and yes I have gone overboard with it, but I am a tech geek and love the challenge and automation all of this has brought me. I also know the risks, I have mitigated them by using several different layers of web authentication, and locking down anything that can be, I am using unpublished subdomains, and a redirect to a "Under Construction" page should someone not type in the subdomain EXACTLY, or just try to access anything through the IP directly. Additionally, I disable my FreeNAS Apache Proxy when I do not intend to use it, so it is NOT facing the internet at all times. FreeNAS is also behind a Firewall with an IDS, which I am alerted to any suspicious activity. I DO use VPN 99% of the time, but sometimes I find VPN does not work while working remotely. I would like to be able to access the GUI from the web if need be, since 100% of the time (unless the network admins are using Whitelist rules) I can access my web servers, and enable the FreeNAS Proxy on the fly.
So, with my preface out of the way, In the old version 11.1U6, I was able to access the GUI using my web proxy. I am using Apache, and here is part of my config, where 10.0.0.2 is my FreeNAS instance (IP's changed, and sensitive information hidden):
Please, no comments on how insecure AuthType Basic is, I know, its stateless, I am not using SSH, blah blah blah... Its not my first layer of security, and I am just looking for a solution to get to the new GUI in 11.2 to work with my proxy.
Here is my new config, but all I get is the error "Connecting to NAS... Make sure the NAS system is powered on and connected to the network.":
At this point, I understand if no one wants to post a solution publicly, since someone who is not careful will likely take this and run with it. If you do know what I am doing wrong, I would appreciate either a private message, or a post here.
Thanks guys! Love FreeNAS, and been using it for years now!
So, with my preface out of the way, In the old version 11.1U6, I was able to access the GUI using my web proxy. I am using Apache, and here is part of my config, where 10.0.0.2 is my FreeNAS instance (IP's changed, and sensitive information hidden):
Code:
ServerName example.test.com ProxyPreserveHost ON <Proxy *> AuthType Basic AuthName "Password Protected - All Attempts Logged" AuthUserFile "Hidden from post" AuthBasicProvider file require valid-user </Proxy> ProxyPass / http://10.0.0.2/ ProxyPassReverse / http://10.0.0.2/
Please, no comments on how insecure AuthType Basic is, I know, its stateless, I am not using SSH, blah blah blah... Its not my first layer of security, and I am just looking for a solution to get to the new GUI in 11.2 to work with my proxy.
Here is my new config, but all I get is the error "Connecting to NAS... Make sure the NAS system is powered on and connected to the network.":
Code:
ServerName example.test.com ProxyPreserveHost ON <Proxy *> AuthType Basic AuthName "Password Protected - All Attempts Logged" AuthUserFile "Hidden from post" AuthBasicProvider file require valid-user </Proxy> ProxyPass /api/docs http://10.0.0.2:6000/api/docs/ ProxyPassReverse /api/docs http://http://10.0.0.2:6000/api/docs/ ProxyPass /websocket http://10.0.0.2:6000/websocket/ ProxyPassReverse /websocket http://10.0.0.2:6000/websocket/ ProxyPass /websocket/shell http://10.0.0.2:6000/_shell/ ProxyPassReverse /websocket/shell http://10.0.0.2:6000/_shell/ ProxyPass /api/v2.0 http://10.0.0.2:6000/api/v2.0/ ProxyPassReverse /api/v2.0 http://10.0.0.2:6000/api/v2.0/ ProxyPass /_download http://10.0.0.2:6000/ ProxyPassReverse /_download http://10.0.0.2:6000/ ProxyPass /_upload http://10.0.0.2:6000/ ProxyPassReverse /_upload http://10.0.0.2:6000/ ProxyPass / http://10.0.0.2/ ProxyPassReverse / http://10.0.0.2/ AllowConnect 8084 AllowConnect 6000 AllowConnect 80 AllowConnect 9042
At this point, I understand if no one wants to post a solution publicly, since someone who is not careful will likely take this and run with it. If you do know what I am doing wrong, I would appreciate either a private message, or a post here.
Thanks guys! Love FreeNAS, and been using it for years now!
Last edited: