Reverse-Proxy (old version): Difference between revisions
From FlowerHouseWiki
No edit summary Tag: visualeditor-switched |
No edit summary |
||
| Line 1: | Line 1: | ||
<p>The ReverseProxy is reachable under <syntaxhighlight inline>192.168.88.9</syntaxhighlight> which is located in the ServerVLAN. Every incoming packages from outside are forwarded to this IP.</p> | |||
* [[Install | <p>The ReverseProxy also forces outside connections to use HTTPS/SSL and will provide a WildCard-Certificate.</p> | ||
<p>Used software:</p> | |||
* [https://www.nginx.com/ NGINX] (ReverseProxy) | |||
* [https://certbot.eff.org/ certbot] (Certificates) | |||
* [https://www.authelia.com/ Authelia] (Login-Portal) | |||
== Basic Setup == | |||
=== NGINX === | |||
<p>Install NGINX and NGINX-Extra</p> | |||
<syntaxhighlight lang="Bash">apt install nginx nginx-extras</syntaxhighlight> | |||
<p>Deactivate Standard-Site (no Web-Server)</p> | |||
<syntaxhighlight lang="Bash">unlink /etc/nginx/sites-enabled/default</syntaxhighlight> | |||
<p>Create and paste [[reverse-proxy.conf]]</p> | |||
<syntaxhighlight lang="Bash" line>cd /etc/nginx/sites-available | |||
nano reverse-proxy.conf</syntaxhighlight> | |||
<p>Activate configuration</p> | |||
<syntaxhighlight lang="Bash">ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf</syntaxhighlight> | |||
<p>Check if configuration is legit</p> | |||
<syntaxhighlight lang="Bash">nginx -t</syntaxhighlight> | |||
<p>Reload configuration</p> | |||
<syntaxhighlight lang="Bash">nginx -s reload</syntaxhighlight> | |||
=== certbot === | |||
For the automatic generation of SSL-Certificates, certbot will be installed. | For the automatic generation of SSL-Certificates, certbot will be installed. | ||
* [[Install Certbot]] | * [[Install Certbot]] | ||
Revision as of 22:00, 19 February 2021
The ReverseProxy is reachable under 192.168.88.9 which is located in the ServerVLAN. Every incoming packages from outside are forwarded to this IP.
The ReverseProxy also forces outside connections to use HTTPS/SSL and will provide a WildCard-Certificate.
Used software:
Basic Setup
NGINX
Install NGINX and NGINX-Extra
apt install nginx nginx-extras
Deactivate Standard-Site (no Web-Server)
unlink /etc/nginx/sites-enabled/default
Create and paste reverse-proxy.conf
cd /etc/nginx/sites-available
nano reverse-proxy.conf
Activate configuration
ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
Check if configuration is legit
nginx -t
Reload configuration
nginx -s reload
certbot
For the automatic generation of SSL-Certificates, certbot will be installed.
For securty reasons, the captive portal Authelia wil be installed.
