How to get reverse proxy working?

NethServer Version: 7.9.2009
**Module: reverse proxy

Here’s my setup, i have a nethserver thats acting as dhcp-server, file-server, nextcloud-server. I have a second server running with openproject.

My openproject-server is readable with it’s fixed ip-adres, when i ping the url i got every time answers. So i can concluded that the openproject-server is working and that the DNS also function.

I created a reverse proxy record with the correct url but it’s still not working. So i guess that i oversee something for the moment. It would be nice if someone put me on the right track to solved my issue.

Thanks,

Aphid

@Aphid

Hi

And welcome to the NethServer Community!

A reverse proxy record is very dependent on working DNS.
Yet you tell us nothing if and what server is running internal DNS.

Yet you “assume” DNS is working, without any tests whatsoever.
Dig or nslookup can query DNS, yes. But not really ping…

We need more information here, please!

My 2 cents
Andy

Hi Andy,

Hereby the missing info:

My first DNS-server is my nethserver, the second is google ( 8.8.8.8)

When i run the command dig url openproject-server i receive as answer the correct ip-address.

If you need more info please shout.

Thanks

Aphid

Hi Benedict

At home I probably have running what you’re trying to do…

One public IP Adress (dynamic). I’m using a hardware box (PCEngines) with OPNsense as firewall, but I have (for tests) also created the same environment just using NethServer.

Besides the NethServer, there are two other servers at home (A PI-Hole VM and a DMS System on Debian). Both are also available internally and externally using the same dns fqdn, so for example my iPhone works internally and externally using the same dns name…

One big tip:

NethServer does not (yet) support IPv6, only IPv4 is supported. I turn off ALL IPv6 sources, so my home LAN is completly IPv4 only. (Evades DNS Name conflicts, some not available on IPv6…).

This alone will NOT solve all your problems, but is one big step…
Win10 prefers to use IPv6 if available, meaning all DNS pointing to NethServer may be ignored, only the IPv6 DNS entries are used…


On my firewall, Port 80 and 443 both point to my NethServer. (192.168.31.20).
My PI-Hole, running on a VM, is available externally and internally, with a Letsncrypt SSL.
I’m using the Reverse Proxy to point the name for web usage to the NethServer Reverse Proxy.

Have a look yourself:

https://intranet.r7.anwi.ch/

This is basically a link collection, all work except for the Synology (Out of service).

The DNS concept behind the magic is called Split-Brain DNS…

My 2 cents
Andy

Hi @Aphid,

Have a look here.

Michel-André

1 Like

@Andy_Wismer

Hi Andy, i’m think we are running a very simular setup, except my nethserver is also running as a vm.
External IP-address nethserver is setup as dmz in the router. DHCP internal network completly done by nethserver, all IPv4.

On the local network i have no trouble to reach the project server with url or the local ip-address.

When i try to access the project server from an external network i get the welcome page from my nethserver. On the dashboard i created a reverse proxy but with no avail.

Don’t understand what you mean with “I’m using the Reverse Proxy to point the name for web usage to the NethServer Reverse Proxy”

Thanks,

Aphid

@Aphid

My PI-Hole (as an example) does not provide a https access and does not handle LetsEncrypt SSL certs.
My NethServer does that. So https://pi-hole.r7.anwi.ch points internally and externally to my NethServer.
If I access the PI-Hole directly, I have to use the IP or real FQDN: http://awr7-pi-hole.r7.anwi.ch. This bypasses the NethServer (and it’s reverse Proxy providing for the SSL https access).

The DNS side of things:

External DNS:

pi-hole.r7.anwi.ch exists, and is a CNAME pointing to gw.r7.anwi.ch, itself a CNAME pointing to my DynDNS IP Address.
awr7-pi-hole.r7.anwi.ch is normally NOT available externally.

Internal DNS (OPNsense & NethServer):

pi-hole.r7.anwi.ch exists, and is a CNAME pointing to awr7-nethserver.r7.anwi.ch, my NethServer with the IP 192.168.31.20.
awr7-pi-hole.r7.anwi.ch points directly to the IP of my PI-Hole, 192.168.31.29.

This is the configuration as shown in Cockpit → Applications → WebServer → Reverse Proxy:


For your specific problem:

I think the issue is how you access that project server externally.
What DNS name (fqdn) is used?
The same DNS fqdn should also exist on your Internal DNS Server (NethServer?), but pointing directly to it’s internal IP address.

Hope this helps clarify a few issues…

My 2 cents
Andy

PS:
My NethServer at home, along with all 30 of my clients NethServer are running as VM on Proxmox.
Just the best, nothing less! Including NethServer!

Hi @Andy_Wismer,

Sorry for the late responds, been pretty hectic weeks here. I’m running nethserver and the other servers on proxmox.

External DNS:

I use dynamic DNS on my Nethserver to update my public ip-address to dynu. I use dynu for my dynamic dns service.
On dynu i created a cname for project that points to the root of my domain.

Internal DNS
project-kaayman redirect to 192.168.1.25 (Reverse proxy)

On the DNS-page of the NethServer i have the following settings:

Still when i try to access project-kaayman-group.com from external as internal network i still got the webpage from my nethserver.

Thanks for helping,

Aphid

@Aphid

Hi Benedikt

You would need either:

A) A vhost entry for your domain project.kaayman-group.com (On your NethServer)
The Webpage for this would go under /var/lib/nethserver/vhosts/project.kaayman-group.com
(Or, if using cockpit a random number as folder).

B) Create a index.html (or PHP) under /var/www/html/

Otherwise your server will always show that “starter page”, if that folder is empty…

My 2 cents
Andy

1 Like

@Andy_Wismer

Hi Andy,

for option A is it a vhost.conf that be needed or a html webpage?

Option B gives my indeed the created index.html page but that’s not exactly what i want to archieve.

from internal or external network i want to get the index-page from the projectserver. Web -> Nethserver -> project-kaayman-group.org.

So I’m clearly missing something, so any help would be very very appreciated.

Thanks,

Aphid

@Aphid

Hi Benedikt

Option A needs a vhost, but without any html content, it would be empty…
So best also at least a cover page, with the name (fqdn) of the vhost as content, eg in an html file, so you know it’s working!

If you want to see your “projectserver”, you’ll need to use Reverse-Proxy.

Install that from Software Center if not already install. I’m not sure, but it could be together with webserver…

Create a reverse proxy as here, for my PI-Hole at home:

You will need an entry in your external DNS pointing to this NethServer, and also (better) an alias internally on your NethServer pointing to NethServer (instead of the projectserver)…

TIP:

With this setup, you can use NethServer’s LetsEncrypt SSL certs to provide SSL for your projectserver… (Like I’m doing for my PI-Hole, which doesn’t provide SSL here…).

PS: You’re welcome to test the link, and also verify the SSL cert… :slight_smile:

My 2 cents
Andy

Quick question let’s say I’ve got nextcloud on server 192.168.1.10 and my main public facing server with reverse proxy is setup to point cloud.domain.com to 192.168.1.10/nextcloud what would be causing it to redirect to 192.168.1.10/nextcloud/nextcloud/ we I go to cloud.domain.com

@Shane_Treweek

Hi

Nextcloud will, by itself, redirect to /nextcloud.
So if you use a redirect url including /nextcloud, thats why you get /nextcloud/nextcloud…

My 2 cents
Andy

1 Like

@Andy_Wismer

Hi Andy,

FIrst sorry for my late reply, your screenshot solved my problem. So thank you very much.

Aphid

1 Like

@Aphid

Hi

Please tick this as “Solved”, it may help someone with a same / similiar problem!

My 2 cents
Andy

1 Like