Traefik for both intranet and internet - traefik

I run a home server with a couple of dockerized services and traefik as a reverse proxy. Some of these services (e.g. a blog) should be available to the outside while others (e.g. my file server) should not. However I would like to be able to access both of them them with blog.mydomain.com and files.mydomain.com, respectively (where the latter of course should only be reachable from within the network).
Is this possible with traefik?

Related

Nginx reverse proxy works only outside lan

I have a server which has multiple "app pages" running on it. (for example: Home Assitant, Cockpit etc.).
On the local network I can access them using like http://192.168.1.200:8123.
I used to use port forwarding but I didn't wanted to remember ports so I'm using Nginx Proxy Manager and a DuckDNS domain.
So now outside of the local network I can type https://ha.mydomain.duckdns.org, which works fine, but if I'm connected to the local network my browser throw a PR_END_OF_FILE_ERROR message.
I tried it with multiple devices, different applications, even on the home assistant app, and got the same result.
I'm using SSL certificates created in Nginx Proxy Manager, but when using http I get an 404 error.
After long searches I found that I probably need a custom local DNS (like pihole) running, and my router DNS has to point to it. I'm not sure if this would even solve my problem, but I would like to avoid this method, cause if my server shuts down or has any problem, it would cause problem on all the devices in my network.

Can I access a full list of cloudflare tunnels through their dashboard?

I have some tunnels created through CLI on several servers locally.
Their domain names are shown in Cloudflare DNS settings as "managed by a cloudflare tunnel".
However, in Access -> Tunnels I do not see their domain names listed.
Are CLI-created tunnels accessible anywhere in their Web GUI?
When created using the CLI, you will see the tunnels on the GUI but not the ingress hosts listed on the config of the tunnel.
If you want to get them on the GUI, you will need to migrate the config so that it is hosted on CF.
Bear in mind, the migration process is one way only (once hosted, you cannot reverse the process).
This shouldn't be a problem unless you're using free TLDs (like .tk .ga .ml ... and the likes) cause all these TLDs are excluded from the CF API and consequently you will not be able to manage them from within the GUI.

what is proxy server and how it helps in server architecture

I am very confused with proxy server, and proxy and this word proxy. I saw everywhere people are using proxy program, proxy server. Some of them using the proxy websites to unblock the websites. There are lot of things like reverse-proxy like that..
When I read one article about nginx I ran into one pic it says proxy cache. So what's proxy cache?
And how can I write a proxy program? What does that mean ? Why we need to use a proxy program?
Anybody can answer my question as simple as possible, I am not much in to this area.
A proxy server is used to facilitate security, administrative control or caching service, among other possibilities. In a personal computing context, proxy servers are used to enable user privacy and anonymous surfing. Proxy servers are used for both legal and illegal purposes.
On corporate networks, a proxy server is associated with -- or is part of -- a gateway server that separates the network from external networks (typically the Internet) and a firewall that protects the network from outside intrusion. A proxy server may exist in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall. Proxy servers are used for both legal and illegal purposes.
When a proxy server receives a request for an Internet service (such as a Web page request), it looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.
To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)
An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. A proxy can also log its interactions, which can be helpful for troubleshooting.

Microsoft Azure Apache Web Server Not Accessible

I've created literally dozens and dozens of web servers in my day, but this is my first attempt with Windows Azure and I'm running into some problems. I just started migrating from AWS recently.
First of all, I'm running Ubuntu 13.04. Firewall disabled (for debugging), Apache2 installed correctly (using apt). SSH works fine as do many other services with both the DNS hostname and public IP. Virtual host is set up correctly and validated. However, I cannot access the HTTP website either through the Azure provided subdomain or the virtual IP. It just times out.
This is also my first time using Ubuntu 13.04 as well. So, through the powers of deduction, I'm assuming there is something I'm missing either with this new version of Ubuntu or some quirk in Azure. Does anyone have any suggestions?
SOLUTION
These steps to create "endpoint" works fine for all VPS:
open "virtual machine > endpoint > add endpoint"
choose "next"
set "name:http, protocol:tcp, public port:80, private port:80"
choose "complete"
and then must wait for activation and then for some time.
If you are using Azure Resource Groups along with your VMs (which is available on the new portal) you cannot use endpoints because it's not available there, so you should follow the following to open up the HTTP port or ANY other port:
1- Select the VM that you want to manage ports on.
2- In settings, click on Network Interfaces and select your network.
3- Go to Network Security Group and select your group.
4- Add Inbound or Outbound security rules depending on what you need.

Proxy / ServiceBus / Reverse SSH

Trying to figure out the best way to easily connect a bunch of client machines running WCF service to a LAMP server on a wide area network....
Currently just set up set up each client with DynDNS, and port forwarding at the router... Absolutely not the best situation for deployment.
Ideally would like to have a simple program they run which automatically connects them to the LAMP server....
Can anyone point me in the right direction?
Should I be looking at Reverse SSH, Windows Azure AppFabric ServiceBus?
This is one the scenarios that Service Bus relay was created for. With the relay, a sort of tunnel is established via ServiceBus between your WCF services and your clients, independently of where each party is deployed (as long as both have internet access, that is).
This article has a tutorial on an scenario that's very similar to what you describe:
http://www.windowsazure.com/en-us/develop/net/tutorials/hybrid-solution/
A reverse proxy would certainly be relevant here.
There are a number of ways to provide this. You mention using a LAMP stack so I'm assuming that you are using Apache as a web server.
You need a couple of optional Apache modules. Proxy and Reverse Proxy.
Typically you would assign a virtual "folder" to each actual app:
https://server/app1
https://server/app2
The reverse proxy would forward requests through to the actual, internal server/port:
https://server/app1 -> http://localhost:8000/
https://server/app2 -> http://localhost:8001/
(or whatever configuration you want)