C1 not dead yet: Reverse Proxy

Post Reply
Jojo
Posts: 527
Joined: Mon May 18, 2015 12:13 am
languages_spoken: english, german
ODROIDs: C1, C1+, C2, HC1, HC2, VU8C
Location: Germany
Has thanked: 0
Been thanked: 1 time
Contact:

C1 not dead yet: Reverse Proxy

Post by Jojo »

Hi!

After long time of "things kind of worked", I started to re-arrange my internet/domain/webserver stuff.

My old setup was:
- Home Assistant instance running on ODROID C2
- Nextcloud instance running on a HC2
- both servers were reachable over the internet over the same doman. But due to port forwarding and SSL certificates (and mainly due to lack of knowledge on my side ;) ), I used only one single domain, so that I needed to specify another port to make the second server reachable (HTTP/S ports where forwarded to the first server already).

So my desired setup was:
- make Home Assistant instance reachable over subdomain1.mydomain.de
- make Nextcloud instance reachable over subdomain2.mydomain.de

After a lot of reading I found that this could be done by a so called "reverse proxy". Me: "What the ...?!" This was totally new to me. But it didn't look too hard.

So I did the following:
- grabbed one of my old C1 that I had laying around, because it provides sufficient CPU power and Gigabit Ethernet
- flashed Armbian 21.02.3 Buster
- installed nginx
- followed this tutorial: https://indibit.de/reverse-proxy-mit-ng ... nsprechen/ (it is German, but it means "Connect to multiple servers behind one public IP with Nginx Reverse Proxy and subdomains")

Long story made short: it works perfectly! This is how my current nginx reverse-proxy.conf looks like:

Code: Select all

server {
        server_name subdomain1.mydomain.de;
        location / {
                proxy_pass      http://local_ip_address_to_my_homeassistant_server:8123;
                proxy_set_header Host $host;

                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }

        location /api/websocket {
        proxy_pass http://local_ip_address_to_my_homeassistant_server:8123/api/websocket;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/subdomain1.mydomain.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/subdomain1.mydomain.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
        server_name subdomain2.mydomain.de;
        location / {
                proxy_pass      http://local_ip_address_to_my_nextcloud_server;
                proxy_set_header Host $http_host;
        }
        client_max_body_size 0;


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/subdomain2.mydomain.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/subdomain2.mydomain.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = subdomain1.mydomain.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name subdomain1.mydomain.de;
    listen 80;
    return 404; # managed by Certbot
}


server {
    if ($host = subdomain2.mydomain.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name subdomain2.mydomain.de;
    listen 80;
    return 404; # managed by Certbot
}

It works as desired including SSL encryption. Also both mobile phone apps still work (after adjusting the domain names of course).
I am not a specialist in this. But feel free to ask. And feedback/concerns and so on is welcome ;) .

Greetings,
Jojo
These users thanked the author Jojo for the post:
odroid (Mon May 03, 2021 4:14 pm)
How to ask questions the smart way:
http://www.catb.org/esr/faqs/smart-questions.html

User avatar
mad_ady
Posts: 9402
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, C4, N1, N2, H2, Go, Go Advance
Location: Bucharest, Romania
Has thanked: 599 times
Been thanked: 664 times
Contact:

Re: C1 not dead yet: Reverse Proxy

Post by mad_ady »

Great job! I've planned to do something similar myself - not to expose services externally, but to have more use friendly names, but since I'm a network engineer, I tend to remember ips and ports. Lots and lots of ips and ports....

Post Reply

Return to “Projects”

Who is online

Users browsing this forum: No registered users and 1 guest