GS1200-8 Webinterface behind nginx reverse proxy

mietz Posts: 1

I'm running a local nginx reverse proxy as gateway between my home network and the management network. The switch webinterface is reachable from the management network, the Idea is to use nginx to have secure access to the switches webinterface from the home network.

This is my nginx config:

server {
    listen 80;
    listen [::]:80;
    server_name switch.lan;

    # Enforce HTTPS
    return 301 https://$server_name$request_uri;

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name switch.lan;

    include /etc/nginx/ssl.conf;
    auth_basic           	"Restricted Access!";
    auth_basic_user_file 	/etc/nginx/.htpasswd; 

    client_max_body_size 0;

    location / {
        include /etc/nginx/proxy.conf;

    ssl_certificate /etc/nginx/cert.pem;
    ssl_certificate_key /etc/nginx/key.pem; 

# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Proxy Connection Settings
proxy_buffers 32 4k;
proxy_connect_timeout 240;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
proxy_http_version 1.1;
proxy_read_timeout 240;
proxy_redirect  http://  $scheme://;
proxy_send_timeout 240;

# Proxy Cache and Cookie Settings
proxy_cache_bypass $cookie_session;
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
proxy_no_cache $cookie_session;

# Proxy Header Settings
proxy_set_header Connection $connection_upgrade;
#proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Real-IP $remote_addr;

I can get to the login screen, but after entering the password, I'm redircted to https://switch.lan/login.cgi which looks like this:

When entering the password again I'll get this message:
"If a user is logged in already, other users will not be able to access the webpage."

The nginx error.log is empty. I guess some redirect gets lost, perhabs you guys know what I'm missing.


All Replies

  • Zyxel_Nami
    Zyxel_Nami Posts: 65
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 5 Answers First Comment
     Ally Member

    Dear @mietz

    Thank you for reaching out to us regarding the issue you are experiencing with accessing the switch web interface through the nginx reverse proxy. 

    The webpage screenshot you provided above may appear due to cache problem. We recommend trying the following solutions to resolve the problem: 

    1. Since the GS1200-8 Switch does not allow multiple users to log in at the same time, it's possible that there is an issue with caching or the browser. Clearing the cache and trying a different browser may help to resolve the issue. 
    2. Please also check the caching settings on the nginx reverse proxy to see if it is configured properly. 

    Please contact us if you have any further concerns.

    Best Regards,


  • Caroll
    Caroll Posts: 3
    First Comment Friend Collector

    Although I am not familiar with nginx reverse proxy, I pasted your code to ChatGPT and here is the answer :), you may check if it works.

    Firstly, it looks like the redirect from http to https is working correctly, so that's a good sign. However, it's possible that there is an issue with the redirect after the login form is submitted.

    One thing to try is to add the following line to your nginx config, just before the proxy_pass line in the location / block:

    proxy_set_header Referer https://switch.lan;

    This sets the Referer header in the request to the same value as the current URL (https://switch.lan). This can sometimes help with redirect issues.