Web Request Issue to Web Admin utilizing Reverse Proxy

Post your questions about Web Server usage and Apache + PHP + MySQL/SQLite web applications.
Post Reply
smtim
New here
Posts: 9
Joined: Thu Nov 08, 2018 12:34 am

Web Request Issue to Web Admin utilizing Reverse Proxy

Post by smtim » Wed Jun 22, 2022 2:45 am

Hi everyone,

I will need some help to understand why https://qnapname.myqnapcloud.com request is being redirected to router login page login.php instead of going to QNAP WEB admin login page.
I could see QNAP login page for a second before redirection happens.

When I specify port number like
https://qnapname.myqnapcloud.com:2000 it works

Is the purpose of Reverse Proxy to handle connection and hide non standard port not being displayed on address bar?

1. Router Arris
2. Qnap TS251+ Firmware 5.0.0.1891
3. Web Server is disabled
4. Let's Encrypt Certificate installed

On Control Panel -> Network & File Services - Reverse Proxy Rule is enabled

Source: https://qnapname.myqnapcloud.com:443 Destination: https://qnapIP:2000

On Control Panel -> System -> System Administration port number for https is set to 2000

Router port forwarding has been set up.

When I leave port number as 443 On Control Panel -> System -> System Administration, forwarded on the router and not using Reverse Proxy everything works as expected.
I can get https://qnapname.myqnapcloud.com and get to QNAP WEB admin page.

But there is another issue is security. I am getting constant try to login as admin from different IP addresses. Yes, admin account is disabled.
Still want to get Reverse Proxy working.

I am not sure what I am missing.

Any help is greatly appreciated.

User avatar
dolbyman
Guru
Posts: 27330
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Web Request Issue to Web Admin utilizing Reverse Proxy

Post by dolbyman » Wed Jun 22, 2022 3:10 am

Before you get yourself hacked (check deadb0lt and Qlocker threads) , remove all port forwards and disable UPNP.

Then don't even bother with a reverse proxy (purpose is to translate/abstract all web requests through there to not expose exploits in your QNAP webserver directly) and go with a VPN (costs no subscription) running on your router or a dedicated device like a raspi

Disabling admin account or 2FA is smoke and mirrors and has not helped users that got ransomwared via exploits

FSC830
Been there, done that
Posts: 631
Joined: Thu Mar 03, 2016 1:11 am

Re: Web Request Issue to Web Admin utilizing Reverse Proxy

Post by FSC830 » Wed Jun 22, 2022 4:44 am

And 5.0.0.1891 is afaik not the latest firmware for this NAS. QNAP recommends in latest security advise to update to 5.0.0.2055.

https://www.qnap.com/en/security-advisory/QSA-22-19

Regards
A raid is never a substitute for backup! Never!

smtim
New here
Posts: 9
Joined: Thu Nov 08, 2018 12:34 am

Re: Web Request Issue to Web Admin utilizing Reverse Proxy

Post by smtim » Wed Jun 22, 2022 5:35 am

dolbyman wrote:
Wed Jun 22, 2022 3:10 am
Before you get yourself hacked (check deadb0lt and Qlocker threads) , remove all port forwards and disable UPNP.

Then don't even bother with a reverse proxy (purpose is to translate/abstract all web requests through there to not expose exploits in your QNAP webserver directly) and go with a VPN (costs no subscription) running on your router or a dedicated device like a raspi

Disabling admin account or 2FA is smoke and mirrors and has not helped users that got ransomwared via exploits
Basically if I need an access to my QNAP outside of my LAN, I connect through VPN and than access QNAP through LAN IP address.
Is it right approach?

Thank you.

User avatar
dolbyman
Guru
Posts: 27330
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Web Request Issue to Web Admin utilizing Reverse Proxy

Post by dolbyman » Wed Jun 22, 2022 5:40 am

That is corret

smtim
New here
Posts: 9
Joined: Thu Nov 08, 2018 12:34 am

Re: Web Request Issue to Web Admin utilizing Reverse Proxy

Post by smtim » Wed Jun 22, 2022 6:05 am

dolbyman wrote:
Wed Jun 22, 2022 5:40 am
That is corret
Thanks a lot for your help.

smtim
New here
Posts: 9
Joined: Thu Nov 08, 2018 12:34 am

Re: Web Request Issue to Web Admin utilizing Reverse Proxy

Post by smtim » Wed Jun 22, 2022 6:31 am

dolbyman wrote:
Wed Jun 22, 2022 5:40 am
That is corret
Last question.

Would be QVPN a good candidate for VPN approach?

User avatar
dolbyman
Guru
Posts: 27330
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Web Request Issue to Web Admin utilizing Reverse Proxy

Post by dolbyman » Wed Jun 22, 2022 7:11 am

No, don't make your NAS an edge device, QVPN had security issues and should not be exposed to WAN

https://www.qnap.com/en/security-advisory/qsa-21-61

Post Reply

Return to “Web Server & Applications (Apache + PHP + MySQL / SQLite)”