Configure Raspberry with lighttpd as reverse proxy - reverse-proxy

I am running two raspberry pis as a webserver (assume it is production and dev-env). Since I am running this on my private DSL line I am running all machines behind a FritzBox router. The router can route traffic for port 80 and 443 only to one server behind the router.
So I want all traffic to be routed to my productive environment.
The question is whether lighttpd (on the productive server) can be used to serve the productive content and also route all requests to the dev environment to the second web server.
I assume mod_proxy will do exactly that job but I want to make sure that I am on the right path...
Appreciate any advise on that.

If you want some requests, e.g. to /dev/ to go to the dev-env web server, then, yes, you can run mod_proxy on the production server to handle all requests, and to act as reverse proxy to backend dev-env web server for request to /dev/...

Related

Best practices for setting up a MERN application on AWS

I know this is subjective and opinionated, but I just need something to start off from knowing what the best practices may be.
I've got a MERN application running on localhost with the React script currently running on port 3000 and an Express.js application running on port 3001.
Now I'm about to set it up live on AWS and am wondering if I should create it like:
website.com for the frontend React stuff with nginx routing anything from port 80 to 3000 while it makes calls to api.website.com running on 3001 on the same instance with website.com and `api.website.com having the same IP address.
or
one separate instance for website.com on a different IP address and another instance for api.website.com on a different IP address for API calls? Both are being accessed without having to specify a port.
I'm curious because most of the time I've used APIs, they don't have a separate port, just a subdomain on what I assume was a different IP address and a different instance.
What would be the best way to set this up keeping in mind I want to use SSL?
Serving static applications via SSL is not necessary, but on the other hand, your server application has to be secured. Part of the stack which interacts directly with the database is very crucial and has to be secured against all sorts of vulnerabilities. Only SSL won't do any good unless you follow best practices to secure your node application.
You can use the subdomain for the node application and root domain for the actual site. Also, you can use the 80 port for the website and 443 for your node application by defining different server sections inside your nginx configuration file.
Below are some links where you can find the best practices to follow while deploying node applications on production.
https://www.moveoapps.com/blog/set-node-js-application-production-nginx-reverse-proxy/
https://blog.risingstack.com/node-hero-node-js-security-tutorial/
I would say Nginx exposed to the world, with an SSL certificate and all traffic redirected to port 443.
Everything else bound to 127.0.0.1 and proxied through Nginx. It's simple to set up Nginx to accept requests to api.website.com on port 443 and then proxy them over to 127.0.0.1:3000 or 3001 or whatever.
Then firewall all the other random ports and route absolutely all incoming traffic through Nginx.

Use Apache virtual hosts to access local servers?

I was wondering if it's possible to use Apache to request websites on a local network, with apache being the gateway so to speak? On my home network I currently have a Windows box running an ASP.NET site, it has to run under Windows/IIS, a server I'm not particularly fond of, but I can live with it... Alongside this I'm thinking about running an Apache server on a separate machine, for my PHP applications, as well as some other applications (e.g. Plex).o
Ideally I'd like to have Apache on port 80, listening for requests, and using the sort of functionality I have with a virtual hosts file to load content from another webserver on my network, that isn't directly accessible through it's own port. I know I could just run PHP under IIS, or move one server to another port, but there's no fun in that!

how to use IIS and website hosting

I am new website servers and hosting and just after some help clearing some stuff up.
Firstly if I use a website server on my computer ie. IIS is that the same as using a web host such as host puppa? and if so does that mean I don't need to use a web hosting company?
Secondly what hosting/ server do i need to use to run SQL and MySQL in my website?
Is there any good tutorials that run through all of this stuff for beginners as I am quite confused?
IIS is a web server such as apache or nginx. It's a Microsoft product and supports ASP.NET pages.
You can use it instead of a web host, but you have to make sure that your computer is reachable from the internet if you want global access. There is also some setting for what interface and port you want IIS to listen on, that should be set to your external IP address and port 80 for HTTP.
If you are behind a router with NAT, you have to use port forwarding to redirect port 80 requests to the router into your IIS.
As SQL server you can use Microsoft SQL Express or MySQL for example.
Personally, I use WAMP on Windows machines, which gives me everything I need: Apache, MySQL and PHP.
Furter reading: http://www.howtogeek.com/177129/beginner-geek-how-to-host-your-own-website-on-windows-wamp/ (wamp only, but I mentioned alternative applications above)
Edit 1: If your ISP gives you dynamic IP addresses (which is the common) you have to use some kind of dynamic DNS updating, you IP address might change.
Also, of course, if you shut your PC down, the site goes down as well.

How do I force users to access my Play application through SSL?

I have a Play application that I've deployed by running stage within SBT, and then running it from the command line using target/start. I've placed Nginx in front of it and, based on a sub-domain, I have two server blocks--one for port 80, and the other for port 443. The port 80 block just redirects to the https scheme on port 443. This all works great.
To recap:
http://play.mydomain.com/ redirects to
https://play.mydomain.com/ which is a proxy for http://localhost:9000
However, if I just go to http://mydomain.com:9000/, I get access to my Play application directly. There's no SSL, and there's no way I can figure out to keep anyone from accessing it.
What should I do? Should I use Nginx to redirect any access on port 9000 to the URL for the SSL version? Should I firewall port 9000 and only allow local requests on that port? (If so, how would I do that?) Is there some other way of dealing with this that I'm not thinking of?
And how long until the Servlet 3.1 spec is released and I can just deploy the whole thing as a WAR? :-)
You could make your Play application listen only on the local interface (127.0.0.1, for example). That way, nginx can still proxy requests to it but nobody from the outside can access your application directly. No additional firewall setup is necessary.
Looks like you can pass an additional argument to start:
$ start -Dhttp.port=9000 -Dhttp.address=127.0.0.1

Which port should I run WebSockets server on if 80 is already used by Apache?

I created a WebSockets app to provide communication between connected clients, but I'm concerned about corporate firewalls and ISP rules that might block the port 8080 it's using. But the usual HTTP port 80 (that really no one would block) is already used by Apache on that server to provide the functionality for the rest of the app (which is a clasic web app running on PHP).
What are my options there? Are my concerns misplaced?
One option is to set up an Apache reverse proxy to make your app available via port 80. See (for example) Running a Reverse Proxy in Apache.