You are here:Home»KB»Web Server»Forward Proxy, Reverse Proxy, TrueNAS, Virtualmin and Discourse
Wednesday, 01 May 2024 14:38

Forward Proxy, Reverse Proxy, TrueNAS, Virtualmin and Discourse

Written by

Suggested alternative Titles - might replace - current one

  • Run a TrueNAS Docker container through Virtualmin by using it as a Reverse Proxy
  • Run Discourse on the internet from a TrueNAS Docker container, through a Virtualmin Reverse Proxy
  • Run Discourse on the internet through a Virtualmin Reverse Proxy from a TrueNAS Docker container
  • Run Discourse on the internet through a Virtualmin Reverse Proxy using a TrueNAS Docker container
  • Run Discourse through a Virtualmin Reverse Proxy using a TrueNAS Docker container
  • Run Discourse through a Virtualmin Reverse Proxy using a TrueNAS Docker container as the source

 

Terms block

  • WebSocket
  • WebSocket Proxy
  • :80 --> ws://
  • :443 --> wss://
  • Reverse Proxy
  • Forward Proxy / Gateway Proxy
  • Unix Socket
  • ProxyPass
  • ProxyPassReverse

 

Setup instructions

  • Setup truenas
  • setup Discourse Docker
  • setup virtualmin
  • setup virtual server
  • setup proxying
  • bridge wordpress/Joomla with discourse using a SSO (single Sign On)

 

 

This article will explore Forward Proxies, Reverse Proxies with a practical example to set up Virtualmin to access a remote Discourse server. We will also use phpmyAdmin to show case a locally hosted App. I will be using Apache but nginx can act as a reverse proxy.

Technologies used in this tutorial

  • Ubuntu
  • Webmin/Virtualmin
  • Apache
  • ProxyPass / ProxyPassReverse
  • Discourse
  • Docker
  • TrueNAS

Proxying allows you to map a URL path in a virtual server's website to one or more destination URLs. It can be used to make other services available via a URL path on your website. For example, you might map the path /nodejs to the URL http://localhost:3000, an instance serving the application running on your Virtualmin system.

A proxy maps some URL on a virtual server to another webserver. This means that requests for any page under that URL path will be forwarded to the other site, which could be a separate machine or another webserver process on the same system.

  • General
    • A reverse proxy is a server that sits between a client and a web server, acting as an intermediary for requests. It retrieves resources on behalf of the client from the server, and then returns the response to the client.
    • Proxy Paths, 2 Ways
      • sockets = good when all sites are on the same site, a lot mor esecure and quicker (unix sockets?)
      • external ?? = when not on  same server, a little less secure and probably slower.
    • phpMyadmin App (local example)
      • install phpmyadmin on its own domain sub domain on your primary domain.
      • use proxypaths to redirect a clients domain here. also you can use unix sockets.
      • use the server templates to install this.
      • add this section when i have done proxypaths. I might be able to get www.example.com/phpmyadmin path (not whole domain) to work
    • Installation Discussions
      • Installing Discourse Forum on Virtualmin - #4 by Joe - Virtualmin - Virtualmin Community
        • I’ve discussed this in the past, as well. But, the most important thing is: 
          ProxyPass / unix:/var/discourse/shared/socket-only/nginx.http.sock|http://localhost/
ProxyPassReverse  / unix:/var/discourse/shared/socket-only/nginx.http.sock|http://localhost/
        • Note the socket can be wherever you put the Discourse directory, including in a domain owner home directory. This is just the path you’d use if installing Discourse exactly according to the docs, and then changed Docker to listen on a socket rather than directly on an IP and port 80/443 (which can’t happen on your Virtualmin system because Apache or nginx is already there).
        • And, as always, if you want to use Let’s Encrypt in Virtualmin or via certbot using web validation, you’d also need to exclude the .well-known path, and let it be served from the file system. Again, this is always true, nothing special about Discourse or Virtualmin being involved.
      • I want to install using a reverse proxy for Apache - installation - Discourse Meta
  • Different Types of Proxies
    • ? Forward Proxy = forwards requests to the new domain/target. The user is semi aware of the redirection. (i.e. the browser is aware, this fact is hidden from the user).
    • ? Reverse Proxy - web server requests the information for you and then supplies it to the user. the user never sees the secodn server.
    • Forward proxy vs. reverse proxy: What's the difference? | TheServerSide
      • Great article
      • Despite similarities, the use case for forward proxy vs. reverse proxy are vastly different. Here are key differences between a forward and reverse proxy.
      • A forward proxy accepts connections from computers on a private network and forwards those requests to the public internet. It is the single point of exit for subnet users who want to access resources outside of their private network.
      • As the name implies, a reverse proxy is the opposite of a forward proxy. The reverse proxy acts as a single point of entry for external systems to access resources on a private subnet.
    • Forward Proxy vs. Reverse Proxy: The Difference Explained - In this post we dissect the differences between proxy & reverse proxy and explain how admins can use a reverse proxy for easy access management control.
    • webserver - What's the difference between a proxy server and a reverse proxy server? - Stack Overflow
    • Proxy vs Reverse Proxy - What's the Difference? (Pros and Cons)
      • Proxy vs Reverse Proxy – What’s the Difference? (Pros and Cons).
      • A proxy server is one of the tools that help protect a network and the assets that are connected to it. They make sure users, data packets and computers are safe and can communicate effectively.
      • We will have a look at Proxy vs Reverse Proxy, make a comparison to distinguish which one should be used, their use cases and pros and cons for each proxy.
    • Proxy vs Reverse Proxy: Understand the Difference - Netnut - Proxy vs Reverse Proxy: An in-depth comparison detailing their unique roles, benefits, and usage in network security and performance enhancement.
    • Reverse Proxy Guide - Apache HTTP Server Version 2.4
      • In addition to being a "basic" web server, and providing static and dynamic content to end-users, Apache httpd (as well as most other web servers) can also act as a reverse proxy server, also-known-as a "gateway" server.
      • In such scenarios, httpd itself does not generate or host the data, but rather the content is obtained by one or several backend servers, which normally have no direct connection to the external network. As httpd receives a request from a client, the request itself is proxied to one of these backend servers, which then handles the request, generates the content and then sends this content back to httpd, which then generates the actual HTTP response back to the client.
      • There are numerous reasons for such an implementation, but generally the typical rationales are due to security, high-availability, load-balancing and centralized authentication/authorization. It is critical in these implementations that the layout, design and architecture of the backend infrastructure (those servers which actually handle the requests) are insulated and protected from the outside; as far as the client is concerned, the reverse proxy server is the sole source of all content.
  • Virtualmin (General)
    • Proxy Paths - Is this Pro - Virtualmin - Virtualmin Community
      • It is not a bug. It moved into GPL with the most recent version.
      • I wanted it to be more clear that you can use app servers and Docker/Podman in Virtualmin, and easier to explain how to do that. Since the way you use app servers or Docker/Podman is to proxy to it. So, there it is. Nobody can imagine it’s complicated anymore (but, they will anyway, as a lot of folks don’t know that the way you use Docker in any hosting deployment is to proxy to it).
      • Proxy Paths is what’s new in GPL. You could always do proxying in GPL, it just wasn’t obvious how for users unfamiliar with proxying in Apache. You could, at any point in the past, setup a Docker container, or whatever app server, and setup proxy rules to make the app available on a path, but we’ve had so many people yell at us about not being able to run whatever random crap they want to run, that I wanted it to be as simple as we could make it, so people would stop saying, “You can’t use Docker with Virtualmin”. (They won’t stop saying it, but at least I tried.)
      • You don’t need to delve into any of the other proxy-related stuff (unless you want to), you only need to setup Proxy Paths for your apps. None of those other forms are relevant to this new feature, and it shouldn’t require too much in the way of documentation to use it, though I think the naming of the options is weird…it should also have popup help, I’m not sure why I missed that it didn’t.
      • Anyway, this is just about making a local app server or docker container visible to the world through a proxied path, in a very simple form. The Pro feature was always about making it simple, not about a thing that was impossible in GPL. I’ll try to make sure the next release has help files, though, so we’ve got some popup help for these options.
      • Q: should there not be a one for http and one for https?
      • A: No. http is dead. Don’t treat them differently, or you’ll break your website for some browsers. The only thing you should ever do with http is redirect it to https (and some browsers are going to do that automatically anyway).
    • Basic Reverse Proxy? Virtualmin - Virtualmin Community
      • Ok, so there are actually two different proxy sections under server configuration, ‘Edit Proxy Website’ and ‘Proxy Paths’.
      • ‘Proxy Paths’ seems to invoke mod_proxy_balancer, which is actually something I would like to do in the future, but still can’t get it to do SSL.
      • However ‘Edit Proxy Website’ is very straightforward and is working as one would expect so that’s good enough for now.
    • Squid Proxy Server | Webmin
      • This article explains what an HTTP or FTP proxy server is, and then explains how Webmin can be used to configure the popular Squid proxy server.
      • An HTTP proxy server is basically a program that accepts requests from clients for URLs, fetches them on behalf of the client, and returns the results to the client. Proxies are used on networks where clients do not have direct access to the Internet but still need to be able to view web pages. A proxy is also used for caching commonly requested pages so that if more than one client wants to view the same page it only has to be downloaded once.
  • Proxy setting locations in Virtualmin
    • Virtualmin --> Web Configuration --> Edit Proxy Website
      • This form can be used to enable and configure the URL to which all requests to this virtual server's website are forwarded.
      • This will proxy the whole website/domain.
    • Virtualmin --> Web configuration --> Configure Website |Configure SSL Website --> Proxying
      • This will allow you to configure Proxying of the website with more control than the above option.
    • Virtualmin --> Web Configuration --> Proxy Paths
      • Proxying allows you to map a URL path in a virtual server's website to one or more destination URLs. This is typically used to make Ruby on Rails applications served by multiple Mongrel instances available under a URL path in the server's website. It can also be used to make other webservers such as Tomcat available via a URL path on your website.
      • For example, you might map the path /radiant to the URLs http://localhost:3001 and http://localhost:3002, which are the ports for two Mongrel instances serving the same application running on your Virtualmin system.
      • This is now the preferred method to setup proxying.
      • This has been moved from the Pro version.
      • You can proxy the whole website or just individual directories
  • Virtualmin errors people had
  • Virtualmin Reverse Proxy Tutorials
  • General Reverse Proxy Tutorials
  • Discourse General
    • WP Discourse – WordPress plugin | WordPress.org - This plugin allows you to use DiscThe WebSocket API (WebSockets) - Web APIs | MDN - The WebSocket API is an advanced technology that makes it possible to open a two-way interactive communication session between the user's browser and a server. With this API, you can send messages to a server and receive event-driven responses without having to poll the server for a reply.ourse as a community engine for your WordPress website.
    • What forum software used by Virtualmin? - #2 by Joe - Site Feedback - Virtualmin Community
      • It’s self-hosted Discourse 4. I’ve talked about it a bunch, including a couple/few News posts.
      • It has only minor customizations, mostly to styles. We use a couple of plugins, Solved for marking questions solved, and Akismet (with a paid account) for spam filtering.
      • As the admin/maintainer of it, I love it, and I think most users are pretty happy with it. It integrates relatively well with WordPress using an off-the-shelf plugin, Ilia added a bit of code so we can see people’s license information on their posts (since only Pro customers can request private support via PM, we like to be able to refer GPL users to the public forums without having to check their account in WordPress).
      • Akismet is only average at catching spam, but the basic Discourse auto-moderation tools work really well. The built-in stuff catches far more spam than Akismet does, actually, but combined they add up to a very effective system.
      • It’s also reasonably fast, though could always be faster.
      • Compared to the old Drupal forums we cycled through (and the forums before it on Joomla and OpenACS), Discourse is a dream. I have very few complaints. The way it deals with Tags is incompatible with my brain, and last I checked it still had a bug that meant I can’t let others create Tags. But, that’s so minor, and none of the previous forums even had tags (and I had to do a lot more customization and bugfixes to the features we were using). Discourse is so remarkably better than any forum I’ve ever used (which is a lot of them; five or six for Virtualmin alone) it feels petty to complain about anything.
  • Discourse Chat Overview
    • Discourse Chat is now available. - Chat is here! Enable conversations in your community to flow between faster-paced chat and slower-paced discussions.
    • An overview of features in Discourse Chat - users - Discourse Meta - You may have noticed Chat recently being added to your community, or here on Meta. In this topic we’ll take a look at the various features included in Chat, and how you can make the most of them!
    • Discourse Chat Integration Plugin - plugin - Discourse Meta
      • As this is an official plugin maintained by the Discourse team, support, bug, ux, and feature requests can be made in the respective categories here on Meta, and tagged with the appropriate plugin tag.
      • discourse-chat-integration allows sending notifications about new Discourse posts to ‘group chats’ on a number of instant messaging platforms.
      • Notifications can be triggered by new topics, new replies, messages to a group, or mentions of a group.
    • Official Discourse Chat Plugin - plugin - Discourse Meta
      • This plugin is bundled with Discourse core.
      • There is no need to install this plugin separately.
      • As mentioned in our initial announcement and most recent update, this plugin adds chat functionality to your Discourse so it can natively support both, long-form and short-form communication needs of your online community.
  • Discourse Install Tutorial
    • How Do I Install Discourse? | Discourse Docs - GitHub
      • The only officially supported installs of Discourse are Docker based.
      • You must have SSH access to a 64-bit Linux server with Docker support.
      • We regret that we cannot support any other methods of installation including cpanel, plesk, webmin, etc.
  • Discourse proxying setup errors
  • Docker vs Podman
    • Virtualmin app server plugin · Issue #626 · virtualmin/virtualmin-gpl · GitHub
      • Yeah, podman is generally considered recommended across the Linux distro landscape, because Docker hasn't been super friendly to Open Source. And, technically, podman is superior on several fronts (no daemon BS, not tied to any commercial cloud services, uses a bunch of more modern Linux security features). But, and this is a big but, nobody knows the name "podman", and everybody wants "Docker support". So, I guess we need to detect if the user has the docker tools installed (from third party sources, probably) and allow use of those instead. Because podman doesn't use a daemon, it isn't entirely compatible with Docker on the same system; so, even though they have almost identical command line options and use the same Dockerfile syntax, if you list containers with podman you won't see the ones Docker is managing and vice versa, AFAIK, and you can't stop/start/pull/push/etc. across the two. I prefer podman, and I hope most users who don't know the difference will just accept it.
  • WebSockets

 

 

 

Read 18 times Last modified on Friday, 03 May 2024 13:58
Published in Web Server
back to top