Reverse-Proxy (old version): Difference between revisions

From FlowerHouseWiki
No edit summary
No edit summary
Line 9: Line 9:
=== NGINX ===
=== NGINX ===
<p>Install NGINX and NGINX-Extra</p>
<p>Install NGINX and NGINX-Extra</p>
<syntaxhighlight lang="console">[root@ReverseProxy]$apt install nginx nginx-extras</syntaxhighlight>
<syntaxhighlight lang="console">apt install nginx nginx-extras</syntaxhighlight>
<p>Deactivate Standard-Site (no Web-Server)</p>
<p>Deactivate Standard-Site (no Web-Server)</p>
<syntaxhighlight lang="console">unlink /etc/nginx/sites-enabled/default</syntaxhighlight>
<syntaxhighlight lang="console">unlink /etc/nginx/sites-enabled/default</syntaxhighlight>
<p>Create and paste [[reverse-proxy.conf]]</p>
<p>Create and paste [[reverse-proxy.conf]]</p>
<syntaxhighlight lang="shell-session" line>cd /etc/nginx/sites-available
<syntaxhighlight lang="console" line>cd /etc/nginx/sites-available
nano reverse-proxy.conf</syntaxhighlight>
nano reverse-proxy.conf</syntaxhighlight>
<p>Activate configuration</p>
<p>Activate configuration</p>
<syntaxhighlight lang="Bash">ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf</syntaxhighlight>
<syntaxhighlight lang="console">ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf</syntaxhighlight>
<p>Check if configuration is legit</p>
<p>Check if configuration is legit</p>
<syntaxhighlight lang="Bash">nginx -t</syntaxhighlight>
<syntaxhighlight lang="console">nginx -t</syntaxhighlight>
<p>Reload configuration</p>
<p>Reload configuration</p>
<syntaxhighlight lang="Bash">nginx -s reload</syntaxhighlight>
<syntaxhighlight lang="console">nginx -s reload</syntaxhighlight>


=== certbot ===
=== certbot ===

Revision as of 22:09, 19 February 2021

The ReverseProxy is reachable under 192.168.88.9 which is located in the ServerVLAN. Every incoming packages from outside are forwarded to this IP.

The ReverseProxy also forces outside connections to use HTTPS/SSL and will provide a WildCard-Certificate.

Used software:

Basic Setup

NGINX

Install NGINX and NGINX-Extra

apt install nginx nginx-extras

Deactivate Standard-Site (no Web-Server)

unlink /etc/nginx/sites-enabled/default

Create and paste reverse-proxy.conf

cd /etc/nginx/sites-available
nano reverse-proxy.conf

Activate configuration

ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

Check if configuration is legit

nginx -t

Reload configuration

nginx -s reload

certbot

For the automatic generation of SSL-Certificates, certbot will be installed.

For securty reasons, the captive portal Authelia wil be installed.

Retrieved from "https://wiki.flowerhouse.at/index.php?title=Reverse-Proxy_(old_version)&oldid=49"