Reverse Proxy Foward Domain instead of path?

reverseproxy

(André Wismer) #1

NethServer Version: NethServer release 7.4.1708 (Final)
Module: Reverse Proxy

Hi

I need to forward a whole domain, instead of only a path.
eg:
cam01.domain.com/
instead of
nethserver.domain.com/cam01/

The reason is there’s several cameras, and the URLs involved are the same. NethServer can’t separate them correctly.
On the old SME-Server I used the old Proxy-Path Module, which enabled forwarding paths (like NethServer) or whole domains.

How could this be done correctly (CMD-Line)? I tried a few things, but that shut down apache… ;-(

Thx
Andy


(Michael Träumner) #2

Hi @Andy_Wismer,
can you explain a little bit more exactly what you want to do?
The cameras are at one network, but where schould they be redirected? Has every camera it’s own webserver or is there one webserver who shows every camera?
Couldn’t you do it with an .htaccess file?

RewriteEngine on
RewriteRule (.*) http://www.newdomain.com/page.html [R=301,L]

found at:

https://www.makeuseof.com/answers/redirect-entire-domain-webpage-htaccess/


(André Wismer) #3

Hi
The cameras are all in the LAN or another trusted Network, routed and accessible from the NethServer, but not from the outside.
There IS a camera server available (Axis), but I need the individual image from each camera available extern, as cam01.domain.com, cam02.domain.com and so on.
Upon access with IP or domainname, the cameras will jump to something like
http://192.168.175.52/view/viewer_index.shtml?id=117357

For this to work, I’d also have to additionally map next to /cam01/ also map a path /view/ which is why it will only work for one camera using /path/.

NethServer has a template system, I do understand how this works, but how do I get this to work?

The NethServer Docs are quite complete using /paths/, but not domains…

The DNS entries are all correct, internally and externally - this WAS working using SME Server…
I even extracted the SME template files and tried to adapt them for NethServer, that blew Apache and had to revert…

Thanks
Andy


(Michael Träumner) #4

For understanding, camera 1 has always the same id and it is an other then camera 2 and so on?

I ask because if not so I don’t understand how to seperate them in the internal network and if so, you have seperate url for each camera.


(André Wismer) #5

Hi
Each camera has it’s own internal IP / FQDN (Only internally accessible).
Each Camera is individual and mounted in a different spot, usually with a corresponding name, eg

SHZG-CAM-Garage -> That one monitors the entrance to the underground parking…
It’s IP is 192.168.176.51
SHZG-CAM-Extern -> This one monitors the main entrance, especially for Night Security.
It’s IP is 192.168.175.51

As you can see, they can be in different Subnets, all Subnets are routed and trusted in NethServer.
The actual routing is done by a hardware firewall…

There are about 5 subnets all in all.

What I’s like:

Externally, user can enter in:

https://cam01.domain.com/ -> forwarded to http://192.168.175.51
or
https://cam02.domain.com/ -> forwarded to http://192.168.176.52
or
https://camga.domain.com/ -> forwarded to http://172.16.0.53
and so on

SSL would be done using NethServers LetsEncrypt SSL…

Hope that helps understanding the scenario.
Thx
Andy


(Michael Träumner) #6

I don’t have an idea at the moment.
Perhaps @mrmarkuz has an idea?

Can you tell me how you have done it with SME?


Can i access cameras from my private network?
(Markus Neuberger) #7

It works with http, I couldn’t make it work with https:

I created the file /etc/httpd/conf.d/proxypassdomain.conf with following content:

<VirtualHost *:80>
  ServerName test1.example.com
  ProxyPass / http://192.168.1.1/
  ProxyPassReverse / http://192.168.1.1/
</VirtualHost>

<VirtualHost *:80>
  ServerName test2.example.com
  ProxyPass / http://192.168.1.100:980
  ProxyPassReverse / http://192.168.1.100:980
</VirtualHost>

Restart httpd:

systemctl restart httpd

EDIT:

But this destroys port 80 completely and won’t go to Nethserver homepage anymore on port 80.


(André Wismer) #8

Hi
In SME-Server I used the old Proxy-Pass Module. It’s still working, if “repaired” according to the Forum/Wiki.


(André Wismer) #9

For SSL, the hosts test1.example.com / test2.example.com would need to be LetsEncrypt enabled… Or self-cert at least…

Maybe the hostname needs to be here too:
<VirtualHost *:80>
If using *:80 it’s clear that no other Wepsite on Port 80 will work anymore…

Other Domains most likely also need to be DNS enabled, at least on the NethServer and External DNS, if external availability is required…

My NethServer wouldn’t display any other page either… ;-(

Thx


(André Wismer) #10

For those dabbling in Zabbix and Camera-Monitoring, here is a further use:

Live Image of an AXIS Camera in a Hotel
Zabbix on NethServer, also AD on NethServer here!

Andy


(Markus Neuberger) #11

When I include the hostnames it doesn’t work anymore. I just get to Nethserver default page.


(André Wismer) #12

At least you got it to work at all, I just killed apache… ;-(


(Markus Neuberger) #13

I could make it work with nginx but had to use port 444 instead of https default port 443.

I created an nginx module for onlyoffice but it’s usable here too, it eases installation as it doesn’t use a port by default so there’s no conflict with apache:

yum -y install https://smart-ict.services/mirror/mrmarkuz/7/noarch/nethserver-nginx-0.0.1-1.ns7.noarch.rpm

Then I created /etc/nginx/conf.d/rproxy.conf:

server {
    listen 444;
    server_name test1.example.com;
    ssl_certificate           /etc/pki/tls/certs/localhost.crt;
    ssl_certificate_key       /etc/pki/tls/private/localhost.key;
    ssl on;
    location / {
        proxy_pass http://192.168.0.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 444;
    server_name test2.example.com;
    ssl_certificate           /etc/pki/tls/certs/localhost.crt;
    ssl_certificate_key       /etc/pki/tls/private/localhost.key;
    ssl on;
    location / {
        proxy_pass https://192.168.0.3/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Setup firewall:

config setprop nginx TCPPort 444 access green,red
signal-event firewall-adjust

Restart nginx:

systemctl restart nginx

Now I can browse to https://test1.example.com:444 using Nethserver cert.


Reverse proxy NGINX
(André Wismer) #14

Hi

Just wanted to say I got it working using your nginx how-to.
Working well for 10 Cameras with https!

Thx, and keep up the excellent work!

Andy


(Davide Principi) #15

Hi @Andy_Wismer, we’re working on a Reverse proxy UI for an entire virtual host based on Apache. The package is in testing and will be released soon. Please have a look at this thread: