Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Website bzw. NginxProxyManager hinter Firewall hosten und freigeben

Hey,

Ich bin noch komplett neu in der ganzen Sophos Thematik also bitte Nachsicht. Mein aktueller Aufbau ist wie folgt:

Fritzbox --- Sophos Home FW(neuste Version) --- DMZ( Webserver auf VM auf Proxmox)

Bis jetzt hatte ich den 0815 Aufbau mit einem Nginx Proxy Manager. Via DDNS meine public IP in Cloudflare eingetragen, den Port 80, 443 bei der Fritzbox freigegeben und meine SSL Zertifikate darüber bekommen. Nach stundenlangen googeln und durch Forum lesen, komme ich nicht weiter, vlt haben mir bestimmte Fachbegriffe gefehlt.

Ich würde gerne wissen, wie ich grundsätzlich eine Website hinter der FW mit hilfe von WAF glaube ich heißt das, hoste. Am liebsten würde ich meinen Proxy Manager weiter verwenden, da ich gelesen habe, dass die Sophos FW nicht sowas wie Lets Encrypt nativ unterstützt.

Wenn ihr jedoch bessere "best practice" Empfehlungen habt, könnt ihr mir die gerne auch mitteilen.

Ich hoffe auf eure Hilfe,

LG Yannick



Added TAGs
[edited by: Raphael Alganes at 12:18 AM (GMT -7) on 2 Sep 2024]
Parents
  • Sorry for English reply. Latest version (v21) which is now in Early Access does support Let's Encrypt.

    However you mention you are already using Cloudflare; if you already have a domain which you manage at Cloudflare, you may also be able to use cloudflare tunnel from the host with NPM. With cloudflare tunnel you don't need any port forwarding but your system will build the tunnel and cloudflare sends traffic to the tunnel.

    Otherwise, you could first try to setup DNAT using the DNAT wizard in Sophos Firewall to forward ports 80 and 443 to the NPM. It's a bit easier to implement than Web server protection (WAF).


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • Sorry for English reply. Latest version (v21) which is now in Early Access does support Let's Encrypt.

    However you mention you are already using Cloudflare; if you already have a domain which you manage at Cloudflare, you may also be able to use cloudflare tunnel from the host with NPM. With cloudflare tunnel you don't need any port forwarding but your system will build the tunnel and cloudflare sends traffic to the tunnel.

    Otherwise, you could first try to setup DNAT using the DNAT wizard in Sophos Firewall to forward ports 80 and 443 to the NPM. It's a bit easier to implement than Web server protection (WAF).


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children