Rever proxy based on "hostname"

Software SW tweaks
1

Hi,

I would like to setup a reverse proxy that proxies based on the hostname/servername.

I would normally do this with something like Nginx or Apache.

I have looked around in this forum and only seen a couple of questions that where related but non appeared relevant to me scenario.

I have noticed I could install tinyproxy which but it seams to me that it doesn’t do hostname based.

In the tinyproxy documentation I noticed the ReverseBaseURL parameter but it seams to me from the description of it and from the examples that I have managed to find around the can only be one ReverseBaseURL.

Does this mean that I cannot do what I want with tiny proxy or rather that I must have each proxy rule for each host on separate .conf files? - if so how would I go about doing this? do I just add the path to the other config on the main config? or do I need to run something on the command line to add the other configs to the tinyproxy process?

In the case of not being able to use tinyproxy could I use nginx on the router itself? I am concerned if it might be an issue in terms of performance and such.

This is my scenario
DNS CNAME record for
URL1
URL2
URL3

Are pointing to my public IP.

Then
URL1 get proxied to IP1
URL2 get proxied to IP2
URL3 get proxied to IP3

Any advise would be appreciated.

Thanks,
\M

2

Side note: those two are among the installable packages (even without LXC). I can’t really help with http stuff though.

3

Thanks @vcunat That is great to know. Via UI or would I need to install them via command line?

In any case I was more interested on some advise. Is it advisable or rather any advise against running those services on the router itself?

I would have normally forwarded http/https to an IP where I have a proxy setup to do the above.

But given that I just got this new and supper powerful router I wanted to see what I can/should do.

\M

4

luci can be used to install packages, but I’m sure you can’t avoid ssh when setting up the server anyway. (and you might need to handle stuff around “collision” with the default lighttpd, too)

5

I am not sure how to install the packages from luci.
When I go to System > Software I cannot see any available packages.

I will have to look in to it.

and you might need to handle stuff around “collision” with the default lighttpd, too

Some more stuff that I will need to look in to

Does anyone know if tinyproxy cannot be used for what I am trying to do?

6

Many people don’t realize that they have to click some “refresh” button to make it useful (and I don’t blame them).

7

refresh button ??? no idea what that is…

hmmm ok so the turris front end is served by lighthttpd web server.
I wonder if I can use that same service to proxy my requests.

I also wonder I dont need the proxy to work internally just for request coming from the internet.

So in case I had to work with lighthttpd and nginx binded only to the wan interface so I can leave lighthttpd on port 80? remote access to turris front end its not on port 80 right?

8

“Update lists…” is printed on the button.

9

Well I gotta say. Now that you say it it makes complete sense.

For me being new to OpenWRT I am really scared to click anything although I know I can reset and restore.

But I am trying to have fun at the moment not stress cause I brought my whole network down

10

there’s the “rollback” hardware-button for those cases:

11

I had read something about it… but I am more interesting on other stuff at the moment once I got my setup like I want it then I will start looking in to backups, restore processes.

Thanks

12

You can use lighttpd as a simple reverse proxy. Put something like this into a file into /etc/lighttpd/conf.d/

$SERVER["socket"] == ":443" {
    $HTTP["host"] == "sub.example.com" {
        proxy.server  = ( "" =>
            ( "internal" =>
                (
                    "host" => "hostname or IP",
                    "port" => 80
                )
            )
        )
    }
}
13

Funny enough I just figured this out.

I have one more requirement that I am trying to figure out now.

for one of my server I have what I would call an uri re-write…

This is what I do on nginx if it helps

server {
listen 80;
listen [::]:80;

    server_name **URL1**;

    location / {
           proxy_pass    http://**IP1**:**PORT**/**somepath**$request_uri;

    }

}

I am trying this one lighttpd

HTTP["host"] =~ "URL1$" {
        url.rewrite-once = ("^/(.*)" => "$0/somepath/$1")
        # In lighttpd we alter the path manually using rewrite rule. %0
        # refers to the hostname and $1 is the path.
        proxy.server = ( "" =>
                ( (
                "host" => "IP1",
                "port" => "PORT"
                ) )
        )
}
14

That‘s beyond my knowledge :smile:, I just used this simple config…

15

That helped a lot! thanks

I will keep digging

16

My recomendation is to use something else as reverse proxy if possible… a LXC container, another dedicated host, a container somewhere… basically isolating services just in case something bad happens (security breach or whatever). If you are running a reverse proxy in the router itself and there is a vulnerability on that component, your entire network can be compromised.
My 2 cents.

17

I didn’t have much time to get this up and running so I went down the “standard” solution and have a dedicated host.

and LXC container in the router was an options I am just concerned who they could affect the performance of the router.

Thanks