Reverse proxy

Tell us your most wanted new features, or recommendation.
User avatar
JayBlingham
Posts: 98
Joined: 04 Oct 2020, 10:34

Re: Reverse proxy

Post by JayBlingham »

There is a Reverse Proxy in Beta from TM. Has anyone had a chance to look at/play with it yet?
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
sports_wook
Posts: 74
Joined: 04 Feb 2020, 05:00

Re: Reverse proxy

Post by sports_wook »

JayBlingham wrote: 19 Nov 2020, 05:47 There is a Reverse Proxy in Beta from TM. Has anyone had a chance to look at/play with it yet?
I tinkered with it for a few minutes but couldn't figure out how to get it up and running. I'm a newb with proxy configs, so maybe I missed something, but it doesn't seem to be fully functional yet.
User avatar
JayBlingham
Posts: 98
Joined: 04 Oct 2020, 10:34

Re: Reverse proxy

Post by JayBlingham »

sports_wook wrote: 19 Nov 2020, 08:07 I tinkered with it for a few minutes but couldn't figure out how to get it up and running. I'm a newb with proxy configs, so maybe I missed something, but it doesn't seem to be fully functional yet.
Thanks. I'm not super familiar with them either, but plan to give it a go soon. I'll post back if I make any progress. Hoping someone that knows what they're doing gives it a try, and posts some feedback for TM to help improve it.
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
sports_wook
Posts: 74
Joined: 04 Feb 2020, 05:00

Re: Reverse proxy

Post by sports_wook »

Thanks. I'm not super familiar with them either, but plan to give it a go soon. I'll post back if I make any progress. Hoping someone that knows what they're doing gives it a try, and posts some feedback for TM to help improve it.
[/quote]

I haven't had any luck finding a way to get this to work at all. How about you, Jay? Any progress?

Would great if we could get some documentation from TM, a guide, or anything helpful besides just silently dumping a "beta" app on the store that is not easy to figure out.
User avatar
JayBlingham
Posts: 98
Joined: 04 Oct 2020, 10:34

Re: Reverse proxy

Post by JayBlingham »

sports_wook wrote: 11 Dec 2020, 21:54 I haven't had any luck finding a way to get this to work at all. How about you, Jay? Any progress?

Would great if we could get some documentation from TM, a guide, or anything helpful besides just silently dumping a "beta" app on the store that is not easy to figure out.
Unfortunately no. I haven't had any time to play with this lately. At first glance into the interface, it doesn't seem overly intuitive. The important bit seems to be the "Access" section, but this is confusing because, firstly, it contains pre-populated allow entries that you cannot edit which makes no sense. Why do I want allow statements for networks that I don't even have locally? Also, why 4.4.4.4? Beyond that, it's a mystery to me. I may not know enough about ProxyServers, which could be part of the problem. I just know (back when I was looking into this) that there was a requirement for one to deploy a specific password management tool (whose name I can't remember) in a container. I'll have to find the time to refresh myself on that research, and see if this actually contains the right functionality.
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
User avatar
brokenmass
Posts: 6
Joined: 11 Sep 2020, 17:28

Re: Reverse proxy

Post by brokenmass »

The beta proxy application in the app store is not a "reverse proxy". It's just an implementation of a proxy server.
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: Reverse proxy

Post by StephenM »

harveydobson wrote: 19 Nov 2020, 04:18 This should be achievable through https://nginxproxymanager.com/.

I have it setup on my TNAS. Including the Let's Encrypt issued SSL certs.
I can't get this to work on my TNAS - I don't think the ARM architecture is supported,

I'f I'm wrong, please point me in the correct direction.

Another vote for having this as an application please.
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: Reverse proxy

Post by StephenM »

brokenmass wrote: 17 Sep 2020, 23:06 At the moment I'm providing this functionality running Traefik (a simple reverse proxy) in docker.
I get Let's encrypt certificate by using a domain hosted in godaddy (so that Lego can use dns01 challenge) and by having a wildcard entry in my dns records in the form of *.mydomain.com -> 192.128.0.2 (static ip of the nas router). Then I can just edit a file configuration to add a new route in the shape of serviceA.mydomain.com -> localhost:service-port and Traefik creates the certificate and instantiate the reverse proxy route.
I've dropped you a PM to see if you can share some basic setup examples, but I think others would benefit from posting it on here.

Thanks in advance.
User avatar
StephenM
Posts: 69
Joined: 11 Jan 2021, 21:55

Re: Reverse proxy

Post by StephenM »

StephenM wrote: 13 Jan 2021, 07:55
harveydobson wrote: 19 Nov 2020, 04:18 This should be achievable through https://nginxproxymanager.com/.

I have it setup on my TNAS. Including the Let's Encrypt issued SSL certs.
I can't get this to work on my TNAS - I don't think the ARM architecture is supported,

I'f I'm wrong, please point me in the correct direction.

Another vote for having this as an application please.
I was talking rubbish.

I can get nginx proxy manager working - just not with nextcloud.
User avatar
brokenmass
Posts: 6
Joined: 11 Sep 2020, 17:28

Re: Reverse proxy

Post by brokenmass »

@StephenM and to whoever might be interested in my setup.

Docker config:
Install docker extension, open it, search for "traefik" click on the first entry and then click "Download"
Image

Select the "Image" tab , click on the "traefik" image and click "Launch"
Image

Configure it as following:
Image
Image
Image
Image
Image
Image

In the last tab, "Environment", configure all the environment variables required for your DNS provider (See: https://go-acme.github.io/lego/dns/). do not touch the PATH value.



Traefik Configuration

Create a folder named 'traefik' in your main disk 'appdata' folder:

Image

acme.json: this is an autogenerated file and contains the private and public key created by traefik using letsencrypt. do not create or edit this file.

traefik.yml: this file contains the main traefik configuration

Code: Select all

log:
  level: DEBUG

# enable traefik web dashboard
api:
  dashboard: true

# configure letsecrypt certificate resolver.
certificatesResolvers:
  myresolver:
    acme:
      email: <your email address>
      storage: /etc/traefik/acme.json
      dnsChallenge:
        provider: <your dns challenge provider> # see https://go-acme.github.io/lego/dns/ for a list of providers
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

# instruct traefik to look at the 'static' file services.yml for the services configuration and enable watch mode so that you can edit the file directly from the terramaster text editor and traefik will update the configuration
providers:
  file:
    filename: /etc/traefik/services.yml
    watch: true

# configure traefik to listen on port 80 and 443 and force redirection from http to https
entryPoints:
  web:
    # redirect all http traffic to https for security
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
  websecure:
    address: ":443"
services.yml: the services configuration. replace "mydomain.com" with your base domain and service1/2/X with the actual services you want to route.

Code: Select all

http:
  routers:
    # example: configure https://traefik.mydomain.com to traefik dashboard
    api:
      entryPoints:
        - "web"
        - "websecure"
      rule: "Host(`traefik.mydomain.com`)"
      service: "api@internal" # special internal traefik service 
      tls: 
        certResolver: "myresolver"
    
    # example: configure https://nas.mydomain.com to point to terramaster nas web interface
    nas:
      entryPoints:
        - "web"
        - "websecure"
      rule: "Host(`nas.mydomain.com`)"
      service: "nas" # service "nas" must be defined in the services section later in the file
      tls: 
        certResolver: "myresolver"

    service1:
      entryPoints:
        - "web"
        - "websecure"
      rule: "Host(`service1.mydomain.com`)"
      service: "service1" # service "service1" must be defined in the services section later in the file
      tls: 
        certResolver: "myresolver"
    service2:
      entryPoints:
        - "web"
        - "websecure"
      rule: "Host(`service2.mydomain.com`)"
      service: "service2" # service "service2" must be defined in the services section later in the file
      tls: 
        certResolver: "myresolver"

  services:
    nas:
      loadBalancer:
        servers:
          - url: "http://localhost:8181"
    service1:
      loadBalancer:
        servers:
          - url: "http://<server ip address>:<service1 port>"
    service2:
      loadBalancer:
        servers:
          - url: "http://<server ip address>:<service2 port>"
Final step:
Restart Traefik container from the docker panel.

If the container crashes imemdiatly after start, ensure that you have disabled the autoredirection (see viewtopic.php?f=12&t=825#p4017).
Locked