I want to setup proxy for my netgear router. Everything works with ip: both with http and https. But when i try to enter the site through nginx proxy it returns 403. It doesnt make sense because login page shows up correctly. I tried to set Origin header like they advise here but it just doesnt work.

https://www.reddit.com/r/nginx/comments/g7a6da/comment/fogiil0/

log from nginx:

192.168.5.2 - - [19/Nov/2023:12:46:02 +0000] "GET /base/images/Registration_on.gif HTTP/1.1" 403 25 "https://netgear.mysite.com/base/cheetah_login.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
192.168.5.2 - - [19/Nov/2023:12:46:02 +0000] "GET /base/images/TurnOff_on.gif HTTP/1.1" 403 25 "https://netgear.mysite.com/base/cheetah_login.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
192.168.5.2 - - [19/Nov/2023:12:46:02 +0000] "GET /base/images/TurnOff_off.gif HTTP/1.1" 403 25 "https://netgear.mysite.com/base/cheetah_login.html" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"

my config. I use very similar one for other things like vaultwarden, proxmox, edgerouter and many other ones and it works ok.

server {
    server_name netgear.mysite.com;
    listen 80;
    return 301 https://netgear.mysite.com$request_uri;
}

server {
    set $DN netgear.mysite.com;
    server_name netgear.mysite.com;
    #listen 80;

    listen 443 ssl;
    ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;

    access_log /var/log/nginx/netgear.mysite.com.access;
    error_log  /var/log/nginx/netgear.mysite.com.error error;

    location / {
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off; 
        # proxy_set_header        Host $host:$server_port;
        # proxy_set_header        X-Real-IP $remote_addr;
        # proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        # proxy_set_header        X-Forwarded-Proto $scheme;
        
        proxy_pass https://192.168.5.10:443; # tried with http too

        proxy_set_header Origin https://192.168.5.10/; # tried with http too
    }
}

  • @tmat256
    link
    English
    11 year ago

    What is the “action” attribute for the login form? My guess is the url doesn’t match and that the form isn’t using the origin header properly.