Project

General

Profile

[Solved] Reverse proxy a subdomain (v1.4.35)

Added by synapse77 2 months ago

I have a Ubiquity edgerouter with lighttpd/1.4.35 installed (can not upgrade without messing with firmware) and am attempting to use lighttpd to reverse proxy a domain to an internal application on another server. In the end i'm trying to accomplish:

https://photos.mydomain.com -> https://(internal_IP)/photo/

I want this to work only on domain requests to that 'photos' subdomain as I want to ultimately reverse-proxy other applications in a similar manner

I found this tutorial that I thought would solve my issue here: https://gist.github.com/ebouchut/1939752 but this plus looking around the documentation I was unable to figure out how to accomplish this task. Below is my configuration (most of which is ubiquity default). When i look in the log file (as you can see from the conf, i have debugging turned on) i see NO references to mydomain.com. I'm sure that the collective wisdom of the internet has solved this problem already but for the life of me I can not figure out what I am doing wrong and reverse proxies are not my forte.

TIA

server.modules = (
    "mod_access",
    "mod_alias",
     "mod_redirect",
     "mod_fastcgi",
    "mod_rewrite",
    "mod_websocket",
    "mod_proxy",
    "mod_accesslog",
)

server.document-root        = "/var/www/htdocs" 
server.upload-dirs          = ( "/tmp" )
server.errorlog             = "/var/log/lighttpd/error.log" 
server.pid-file             = "/var/run/lighttpd.pid" 
server.username             = "www-data" 
server.groupname            = "www-data" 
server.tag                  = "Server" 

debug.log-request-header   = "enable" 
debug.log-response-header  = "enable" 
debug.log-request-handling = "enable" 
debug.log-file-not-found   = "enable" 

index-file.names            = ( "index.php", "index.html",
                                "index.htm", "default.htm",
                               " index.lighttpd.html" )

url.access-deny             = ( "~", ".inc" )

static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

server.dir-listing          = "disable" 

include "mime.conf" 
include "conf-enabled/15-fastcgi-php.conf" 

url.rewrite-once = (
    "^(/(lib|media|ws|tests)/.*)" => "$0",
    "^/([^\?]+)(\?(.*))?$" => "/index.php/$1?$3" 
)

include "conf-enabled/10-ssl.conf" 

websocket.server = (
    "/ws/stats" => ( "host" => "/tmp/ubnt.socket.statsd",
                     "port" => "1" ),
    "/ws/cli" => ( "host" => "/tmp/ubnt.socket.cli",
                   "port" => "1",
                   "type" => "bin" )
)

# Reverse proxy for photos.mydomain.com based on https://gist.github.com/ebouchut/1939752

$HTTP["host"] =~ "photos.mydomain.com" {
  proxy.server  = ( "" => (
      "servername:80" => # name
            ( "host" => "127.0.0.1",
                    "port" => 82
            )
          )
    )
}

# URL Rewriting Proxy
#
$SERVER["socket"] == ":82" {
  url.rewrite-once = ( "^/photo/(.*)$" => "/$1" )
    proxy.server  = ( "" => (
        "servername:82" => # name
              ( "host" => "<internal_IP>" # Set the IP address of servername
                      "port" => 443
            )
        )
    )
}

Replies (3)

RE: Reverse proxy a subdomain (v1.4.35) - Added by gstrauss 2 months ago

If you're proxying to yourself, you probably do not want to loop, and you probably want to limit the rewrite to index.php to be anything that is not part of your config additions for proxying, assuming those rewrites are part of your ubiquity-provided config. You haven't provided your entire config, or detailed the sockets to which you expect your traffic to flow, so you will want to adapt the following to your needs, depending on which rewrites should occur to traffic on which ports and hosts. Below assumes that your host on port 443 is a separate server, not this instance of lighttpd. You should also be aware that lighttpd mod_proxy sends clear-text HTTP/1.0 requests to backends. Just because you specify port 443 does not indicate that magic will happen. The proxy connection from lighttpd to the backend "internal_IP" is not TLS.

# URL Rewriting Proxy
#
$SERVER["socket"] == ":82" {
  url.rewrite-once = ( "^/photo/(.*)$" => "/$1" )
    proxy.server  = ( "" => (
        "servername:82" => # name
              ( "host" => "<internal_IP>" # Set the IP address of servername
                      "port" => 443
            )
        )
    )
} else $HTTP["host"] == "photos.mydomain.com" {
  proxy.server  = ( "" => (
      "servername:80" => # name
            ( "host" => "127.0.0.1",
                    "port" => 82
            )
          )
    )
} else $HTTP["host"] != "photos.mydomain.com" {
  url.rewrite-once = (
      "^(/(lib|media|ws|tests)/.*)" => "$0",
      "^/([^\?]+)(\?(.*))?$" => "/index.php/$1?$3" 
  )
}

RE: Reverse proxy a subdomain (v1.4.35) - Added by synapse77 2 months ago

Thank you so much, I'll try this configuration. Do you know if it's possible to do SSL reverse proxying with lighttpd?

RE: Reverse proxy a subdomain (v1.4.35) - Added by gstrauss 2 months ago

You should also be aware that lighttpd mod_proxy sends clear-text HTTP/1.0 requests to backends.

Do you know if it's possible to do SSL reverse proxying with lighttpd?

Already answered in prior post. No, not at this time. I suggest taking a look at haproxy if that is a requirement for you.

    (1-3/3)