Reverse-Proxy (old version)

From FlowerHouseWiki
Reverse-Proxy-LXC
Reverse proxy.png

Network


IP: 192.168.88.3
MAC: 56:59:71:B1:85:BC

System


OS: Debian Buster
Files: reverse-proxy.conf
RAM: 1024MB
Cores: 1
Privileged: No

The ReverseProxy is reachable under 192.168.88.3 which is located in the ServerVLAN.

Every incoming packages from outside are forwarded to this IP.

The ReverseProxy also forces outside connections to use HTTPS/SSL and will provide a SSL-Certificate.

Basic Setup

Nginx Proxy Manager

Download installation script and run it

cd ~
wget https://raw.githubusercontent.com/Tropaion/proxmox-scripts/main/lxc/nginx-proxy-manager/setup.sh
./setup.sh

After installation, the webinterface should be reachable, standard login is

Email:    admin@example.com
Password: changeme

Authelia

For security reasons and convenience, the login portal Authelia will be installed.

Redis-Server

Install Redis with the following command:

apt install redis-server

After installing Redis, start redis service and enable it to start after system reboot with the following command:

systemctl start redis-server
systemctl enable redis-server

Verify the status of the redis server:

systemctl status redis-server

By default, Redis listening on the localhost on port 6379. You can check it with the following command:

ps -ef | grep redis

Open Redis CLI and set passphrase for redis server, which is needed in the authelia configuration file

redis-cli
CONFIG SET requirepass "yourpassword"

Test if passphrase is working correctly and exit CLI

AUTH yourpassword
exit

Installation

Download and untar latest Authelia archive:

cd ~
wget https://github.com/authelia/authelia/releases/download/v4.29.4/authelia-v4.29.4-linux-amd64.tar.gz
tar -zxvf authelia-v4.29.4-linux-amd64.tar.gz
rm authelia-v4.29.4-linux-amd64.tar.gz

Create authelia folder

mkdir /etc/authelia

Move files

mv authelia-linux-amd64 /usr/bin/authelia
mv config.template.yml /etc/authelia/config.template.yml
mv authelia.service /etc/systemd/system/

Set permissions

chmod 775 /usr/bin/authelia
chown root:root /usr/bin/authelia

Create configuration file, modify and paste [configuration.yml]

cd /etc/authelia/
nano configuration.yml

configuration.yml

Create configuration file, modify and paste [configuration.yml]

cd /etc/authelia/
nano configuration.yml

users_database.yml

Create users_database.yml in the folder /etc/authelia/:

nano users_database.yml

An user entry looks like this:

john:
    displayname: "John Doe"
    password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
    email: john.doe@authelia.com
    groups:
      - admins
      - dev

The password is encrypted so we have to get the hash value with:

authelia hash-password 'yourpassword'

Start authelia and check status:

systemctl start authelia
systemctl status authelia


LATEST STATE:

Sources