Reverse Proxy?

[mattb75 15]

Not sure if anyone else has had any experience with reverse proxy devices on here, hoping someone can help!!

 

I’ve got a number of devices running on my network which run a https webservice including

 

- Windows Server Essentials

- UniFi SDN Controller

- Observium SNMP monitoring

 

I’ve recently loaded Let’s Encrypt certificates onto each of these applicances, but currently have to manually renew after amending the port forwarding rules on my UNiFi USG Gateway for ports 80 & 443 to each individual machine to allow the update validations to work.

 

Whilst looking for a more streamlined solution to allow auto-renewal across all my LE certs I came across Reverse Proxy applications. I’ve had a go at trying to configure nginx, caddy with no success - only the Observium appliance works and I suspect this is because of the http version of the web interface which neither Windows Server Essentials or UniFi have.

 

I believe there’s some method of automating LE renewals from multiple appliances behind a single IP address but now I’ve found out about reverse proxies I’m quite keen to try it out so I can access some of my devices over the standard port 80 & 443 as some locations (including my work!) don’t permit any other ports for external connections.

 

Has anyone else got a reverse Proxy up and running with https backend servers and if so which on are you using and how easy was it to configure?

 

Cheers in advance

Matt

[ShadowPeo 66]

Yes, been there done that, got the T-Shirt. Reasonably easy to configure if you have an understanding of how linux config's work and how to set it up. How are you planning on running the reverse proxy. if you have access to a docker install there are a number of great containers that automate the process for you

[mattb75 15]

Ah nice one!

Haven’t used docker before, but do use Hyper-V to run some virtual devices (mainly Observium and the UniFi SDN Controller on the server essentials box).

Pretty newbie to Linux - great at following line by line steps but not as good at figuring it out myself!

Always up for a project though! Which docker Proxy would you recommend?

[mattb75 15]

Hi again

Thought I’d map out my as-is and planned environment to help illustrate why I’m trying to achieve

[ShadowPeo 66]

Server 2016 can use containers however I do believe that the Linux support is not quite ready yet. As for the docker containers I tend to use the LinuxServer.io versions of the containers.

 

This is the container I would be using myself

 

https://hub.docker.com/r/linuxserver/letsencrypt

 

 

[mattb75 15]

Server 2016 can use containers however I do believe that the Linux support is not quite ready yet. As for the docker containers I tend to use the LinuxServer.io versions of the containers.
 
This is the container I would be using myself
 
https://hub.docker.com/r/linuxserver/letsencrypt
 
 

Will check it out - cheers!

[mattb75 15]

Ventured into the world of docker!

 

I found an alternative docker image with a nice GUI which seemed an easier route to get started

 

https://hub.docker.com/r/jc21/nginx-proxy-manager

 

Works perfectly for Server Essentials and Observium, having some issues still with the UniFi SDN Controller - I get a login prompt, but it then fails with an internal error 400 when it tries to draw the dashboard.  Seems to be a known issue with default proxy redirection settings so need to work this through now.

 

Thanks for introducing me to Docker ShadowPeo - think I'll find a few more tools to play with now!!

 

[ShadowPeo 66]

Docker is great, I am currently running about 18 containers on my NAS with barely any resources used.

 

I am currently trying to migrate some professional tools over to it for my use but M$ are not going to support the print server roll which causes one of them an issue, the others I am still working on.

 

Also thinking about creating my own YML files so I can simply pull them from Github and rebuild my entire system or deploy it for others. Something along the lines of pull IPAM, IPAM up, which contains the links to the MariaDB DB, the IPAM container or even combine it with Observium into something like a Network Management YML. Still a ways of this though.

Apparently the Traefik RPROXY is good but I have not tried this yet