From owner-freebsd-questions@freebsd.org Sun Jul 7 16:27:38 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E619915E7EB5 for ; Sun, 7 Jul 2019 16:27:37 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from smtpq1.mnd.mail.iss.as9143.net (smtpq1.mnd.mail.iss.as9143.net [212.54.34.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7B2918D07A for ; Sun, 7 Jul 2019 16:27:36 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from [212.54.34.118] (helo=smtp10.mnd.mail.iss.as9143.net) by smtpq1.mnd.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1hkA0e-0007R2-LH; Sun, 07 Jul 2019 18:27:28 +0200 Received: from 84-25-247-31.cable.dynamic.v4.ziggo.nl ([84.25.247.31] helo=ra.boosten.org) by smtp10.mnd.mail.iss.as9143.net with esmtp (Exim 4.90_1) (envelope-from ) id 1hkA0e-00052G-FI; Sun, 07 Jul 2019 18:27:28 +0200 Received: from amon.boosten.org (Amon.boosten.org [192.168.13.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ra.boosten.org (Postfix) with ESMTPSA id ED0C23432FFB; Sun, 7 Jul 2019 18:27:27 +0200 (CEST) From: freebsd@boosten.org Message-Id: <9F380DB8-DC9C-4580-B70D-09D2FF03EC9B@boosten.org> Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: reverse proxy? Date: Sun, 7 Jul 2019 18:27:26 +0200 In-Reply-To: Cc: freebsd-questions To: David Mehler References: X-Mailer: Apple Mail (2.3445.104.11) X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=PdKBeRpd c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=0o9FgrsRnhwA:10 a=pGLkceISAAAA:8 a=BlHD3JdOAAAA:8 a=iv-aT2DbAAAA:8 a=377LoqYnAAAA:8 a=Jhho34DRyGgIwCiXbakA:9 a=QEXdDO2ut3YA:10 a=Ux0uRmgUHvIA:10 a=IPcZcscSuAkA:10 a=QQnJyKQmEvJXG2weLqYA:9 a=yslFVvcoz8celkY9:21 a=_W_S_7VecoQA:10 a=6nWL3GJvWMI2u3sg87Rv:22 a=b1rbqsF-R-Sd_AdGSfz6:22 a=3eFgLbQigKzPVxkzdRgB:22 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Rspamd-Queue-Id: 7B2918D07A X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.70 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.54.32.0/19]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[boosten.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[boosten.org,quarantine]; MX_GOOD(-0.01)[boosten.dyndns.org]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[164.34.54.212.list.dnswl.org : 127.0.5.1]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; MIME_TRACE(0.00)[0:+,1:+]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[31.247.25.84.zen.spamhaus.org : 127.0.0.11]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[boosten.org:s=ra]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_SHORT(-0.84)[-0.843,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_NO_DN(0.00)[]; IP_SCORE(-1.25)[ipnet: 212.54.32.0/20(-3.96), asn: 33915(-2.31), country: NL(0.01)] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Jul 2019 16:27:38 -0000 > Op 7 jul. 2019, om 18:15 heeft David Mehler = het volgende geschreven: >=20 > Hello, >=20 > Is anyone got a http/https reverse proxy going in a setup similar to > the below, either haproxy, squid, or nginx, nginx preferred? >=20 > I've got a host system that well it will have several jails on it each > running a web server, all jails are on the lo1 interface, each has > their own ip and each web server is running on port 80 at least, and > some also are on port 443. >=20 > If a request comes in for www.domain1.com it should be sent to server > 1, https://www.domain2.com should go to server 2 and ssl. >=20 > Currently i've got pf rules and rdrs accomplishing this but I think it > would be cleaner for a reverse proxy to handle this. >=20 Hi, I was the one suggesting a reverse proxy for your previous problem. I = tried nginx, and was surprised by its simplicity. I created a jail, installed nginx via =E2=80=98pkg install nginx=E2=80=99,= modified nginx.conf and added this: server { listen 192.168.13.21:81; server_name sickbeard.boosten.org; =20 location / { proxy_pass http://ra.boosten.org:8082/; proxy_set_header X-Real-IP $remote_addr; } } server { listen 192.168.13.21:81; server_name sabnzbd.boosten.org; =20 location / { proxy_pass http://ra.boosten.org:8080/; proxy_set_header X-Real-IP $remote_addr; } } (FQDNs are any reachable from my internal net, so is the nginx jail, so = you don=E2=80=99t have to try :)) Whenever the host in the http 1.1 request is sickbeard.boosten.org, it = redirects to another machine on port 8082. Same applies to sabnzbd.boosten.org . Of = course, where you connect to is entirely up to you. Peter