Reverse-Proxy (old version): Difference between revisions

From FlowerHouseWiki
No edit summary
No edit summary
Line 46: Line 46:
<syntaxhighlight lang="console">systemctl list-timers</syntaxhighlight>
<syntaxhighlight lang="console">systemctl list-timers</syntaxhighlight>


=== Authelia ===
== Authelia ==
For security reasons and convenience, the login portal Authelia will be installed.
For security reasons and convenience, the login portal Authelia will be installed.


==== Requirements ====
=== Requirements ===
* [https://docs.mongodb.com/manual/tutorial/install-mongodb-on-debian MongoDB]
* [https://docs.mongodb.com/manual/tutorial/install-mongodb-on-debian MongoDB]
* [https://linuxize.com/post/how-to-install-and-configure-redis-on-debian-10/ Redis-Server]
* [https://linuxize.com/post/how-to-install-and-configure-redis-on-debian-10/ Redis-Server]


===== Mongo-DB =====
==== Mongo-DB ====
<p>Add sources for MongoDB</p>
<p>Add sources for MongoDB</p>
<syntaxhighlight lang="console">apt-get install gnupg</syntaxhighlight>
<syntaxhighlight lang="console">apt-get install gnupg</syntaxhighlight>
Line 66: Line 66:
<p>Enable MongoDB&nbsp;</p>
<p>Enable MongoDB&nbsp;</p>
<syntaxhighlight lang="console">systemctl enable mongod</syntaxhighlight>
<syntaxhighlight lang="console">systemctl enable mongod</syntaxhighlight>
===== Redis-Server =====
==== Redis-Server ====
<syntaxhighlight lang="console">apt install redis-server</syntaxhighlight>
<syntaxhighlight lang="console">apt install redis-server</syntaxhighlight>
<>Check if server is running</p>
<>Check if server is running</p>
<syntaxhighlight lang="console">systemctl status redis-server</syntaxhighlight>
<syntaxhighlight lang="console">systemctl status redis-server</syntaxhighlight>


==== Installation ====
=== Installation ===
<syntaxhighlight lang="console">wget https://github.com/authelia/authelia/releases/download/v4.26.1/authelia-linux-amd64.tar.gz</syntaxhighlight>
<syntaxhighlight lang="console">wget https://github.com/authelia/authelia/releases/download/v4.26.1/authelia-linux-amd64.tar.gz</syntaxhighlight>
<syntaxhighlight lang="console">tar -xzf authelia-linux-amd64.tar.gz</syntaxhighlight>
<syntaxhighlight lang="console">tar -xzf authelia-linux-amd64.tar.gz</syntaxhighlight>

Revision as of 22:36, 19 February 2021

The ReverseProxy is reachable under 192.168.88.9 which is located in the ServerVLAN. Every incoming packages from outside are forwarded to this IP.

The ReverseProxy also forces outside connections to use HTTPS/SSL and will provide a WildCard-Certificate.

Used software:

Basic Setup

NGINX

Install NGINX and NGINX-Extra

apt install nginx nginx-extras

Deactivate Standard-Site (no Web-Server)

unlink /etc/nginx/sites-enabled/default

Create and paste reverse-proxy.conf

cd /etc/nginx/sites-available
nano reverse-proxy.conf

Activate configuration

ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

Check if configuration is legit

nginx -t

Reload configuration

nginx -s reload

certbot

Install Certbot

apt install certbot

Download acme-dns-auth.py-Script

wget https://github.com/joohoi/acme-dns-certbot-joohoi/raw/master/acme-dns-auth.py

Change first line of script from #!/usr/bin/env python to

#!/usr/bin/env python3

Move file to /etc/letsencrypt/

mv acme-dns-auth.py /etc/letsencrypt/

Set permissions to run script

chmod +x acme-dns-auth.py

Generate certificate manually

Wildcard-Certificate

certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \*.flowerhouse.at

Sub-Domain-Certificate

certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d subdomain.flowerhouse.at

Follow the questions of the script and create an cname-record.

Path to all certificates:

cd /etc/letsencrypt/live/

Test manually if certificate renewal works

certbot renew --dry-run

Check if auto-renewal ist activated

systemctl list-timers

Authelia

For security reasons and convenience, the login portal Authelia will be installed.

Requirements

Mongo-DB

Add sources for MongoDB

apt-get install gnupg

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add -

echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list

apt-get update

Install MongoDB

apt-get install -y mongodb-org

Start MongoDB

systemctl start mongod

systemctl status mongod

Enable MongoDB 

systemctl enable mongod

Redis-Server

apt install redis-server

<>Check if server is running

systemctl status redis-server

Installation

wget https://github.com/authelia/authelia/releases/download/v4.26.1/authelia-linux-amd64.tar.gz

tar -xzf authelia-linux-amd64.tar.gz

rm authelia-linux-amd64.tar.gz

Authelia-Paths:

  • Installation: /usr/bin/authelia
  • Config-Path: /etc/authelia/configuration.yml
  • Service-Path: /etc/systemd/system

Sources

Retrieved from "https://wiki.flowerhouse.at/index.php?title=Reverse-Proxy_(old_version)&oldid=57"