I’m configuring a new installation of FreePBX 17.
FreePBX runs on a Debian Virtual Machine under an Hypervisor.
The VM is currently bridged to a dedicated “voice” VLAN: future hard phones are expected to be bridged to the same VLAN, but softphones running on PCs and Smartphones will be in a different VLAN.
So access to SIP/RTP ports from LAN will be managed and filtered by main gateway, as the access and NAT from WAN clients (if/when enabled).
On the other hand, access to our the http(s) services will be handled usually by a reverse proxy (caddy), which also take cares of TLS certs management
I notice that for FreePBX there are a lot of http(s) services (admin, ucp, …) and they are expected to be served on a lot of different ports. Managing this set of ports in gateway/nat/firewall and also reverse proxy seems a lot demanding.
It would be way simpler if all http(s) services could be served all on 80/443 ports maybe on differents paths or at least with different hostname.
But I can’t see an obvious way to do this.
There is a less-obvious way to do this?
How do you configure reverse proxy?
Do you expose FPBX directly on the LAN/Internet?