Lighttpd reverse proxy - reverse-proxy

I have a reverse proxy setting in my Apache's httpd.conf:
ProxyPass "/endpoint" "https://someurl.com/endpoint"
ProxyPassReverse "/endpoint" "https://someurl.com/endpoint"
And I need to replicate this in Lighttpd. I'm running a JS app which calls localhost:8080/endpoint to retrieve some data. I'd like to set up a proxy to always redirect /endpoint to https://someurl.com/endpoint.
In my lighttpd.conf I have the following settings:
server.modules = ("mod_proxy")
$HTTP["url"] =~ "^.*endpoint" {
proxy.server = ( "" => (( "host" => "https://someurl.com/endpoint" ) ) )
}
based on this SO answer.
I have also tried:
server.modules = ("mod_proxy")
proxy.server = ( "/endpoint" => (( "host" => "https://someurl.com/endpoint" )))
based on the lighttpd docs.
In both cases, I'm still hitting localhost:8080/endpoint which results in a 404 error. How do I set up the proxy correctly?

In lighttpd 1.4.46 and later, you can use proxy.header. See
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModProxy
server.modules = ("mod_proxy")
$HTTP["url"] == "/endpoint" {
proxy.server = ( "" => (( "host" => "someurl.com" )))
proxy.header = ( "map-host-request" => ( "-" => "someurl.com"),
"map-host-response" => ("-" => "-"))
}

Related

Lighttpd Reverse Proxy with Pi-hole

Aware this question has being asked a few times and I've read a lot of the solutions but I still cannot get my reverse proxy to work.
I have a Raspberry Pi with Pi-hole.
Hostname: pi-hole.local
IP address: 192.168.1.254
Lighttpd port: 8080
I want to visit http://pi-hole.local in my browser without :8080 and view the Pi-hole admin page.
ATM, I have to type http://pi-hole.local:8080.
I have added mod_proxy to:
server.modules = (
...
mod_proxy
...
)
I have server.port = 8080 and I have this block:
$HTTP["url"] =~ "pi-hole.local" {
proxy.server = ( "" => ("" => ( "host" => "192.168.1.254", "port" => 8080 )))
}
pi-hole.local is the URI authority, not the url-path.
$HTTP["host"] =~ "pi-hole.local" {
proxy.server = ( "" => ("" => ( "host" => "192.168.1.254", "port" => 8080 )))
}
Separately, for http://pi-hole.local to work, lighttpd also needs to be listening on port 80. Is that the case on your system? Is something else listening on port 80? If not, then $SERVER["socket"] == "*:80" {} will have lighttpd additionally listening on port 80, in addition to server.port = 8080. However, I have not looked into how pi-hole uses this, so you should test that pi-hole still works the way you want it to.
Instead of mod_proxy, a better way might be mod_redirect.
server.modules += ("mod_redirect")
$HTTP["host"] =~ "pi-hole.local" {
url.redirect = ("" => "http://pi-hole.local:8080${url.path}${qsa}")
}

How to setup Lighttpd with ssl and proxy

I'm trying setup Lighttpd with ssl and proxy but I cannot make it work.
I've installed the certificate and private-key and they works, however when I try to enable the ssl, the port (443) doesn't respond.
My configuration file is (conf-enabled/10-proxy.conf):
$HTTP["host"] == "host.com.br" {
proxy.server = ( "" => ((
"host" => "200.1.1.1",
"port" => 9004
)))
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/private_key.pem"
ssl.ca-file = "/etc/lighttpd/ssl/certificate_file.crt"
}
My lighttpd.conf is:
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
# "mod_rewrite",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
" index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
include_shell "/usr/share/lighttpd/use-ipv6.pl"
dir-listing.encoding = "utf-8"
server.dir-listing = "enable"
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/x-javascript", "text/css", "text/html", "text/plain" )
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
According in the docs Lighttpd at 1.4.52 doesn´t support SSL/TLS with mod_proxy.
You need to tell lighttpd to listen on port 443:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/private_key.pem"
ssl.ca-file = "/etc/lighttpd/ssl/certificate_file.crt"
}

Puppetlabs-Apache: enable both 80 and 443 for virtualhost

I'm relatively new to puppet and currently working on 'puppetlabs-apache' module. I'm missing something while setting both ssl and non-ssl on a virtual-host.
Manifest applied:
include apache
include apache::mod::rewrite
#apache::vhost { 'site.mydomain.com':
# port => '80',
# docroot => '/var/www/site',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
#}
apache::vhost { 'site.mydomain.com':
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
The thing is I don't need the non-ssl (80 port), but all requests should redirect to 443.
If I comment out the first vhost definition of site.mydomain.com for port 80, it throws an error:
Error 400 on SERVER: Duplicate declaration: Apache::Vhost[site2.mydomain.com] is already declared in file..
Not sure what I'm missing here. What should I do to make this permanent redirect happen?
http://site2.mydomain.com/ => https://site2.mydomain.com/
To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate apache::vhost defined types and redirect unencrypted requests to the virtual host with SSL enabled:
apache::vhost { 'site.mydomain.com:80':
servername => 'site.mydomain.com',
port => '80',
docroot => '/var/www/site',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
redirect_status => 'permanent',
redirect_dest => 'https://site.mydomain.com'
}
apache::vhost { 'site.mydomain.com:443':
servername => 'site.mydomain.com',
port => '443',
ssl => true,
docroot => '/var/www/site',
docroot_owner => 'www-data',
docroot_group => 'www-data',
rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
}
You also needed those additional redirect attributes for the non-ssl virtualhost resource. Since apache::vhost is a defined resource type with no namevar, you can circumvent the multiple resource declaration issue by using two unique and purely cosmetic resource titles.
Working out Matt's answer and error while running it made me come at following answer.
apache::vhost { 'site.mydomain.com:80' ... }
apache::vhost { 'site.mydomain.com:443' : ...}
Thanks,

lighttpd: How to forward port (visible only to localhost) to WAN after authentication?

I have a webcam stream only accessible on the host machine via http://localhost:1234
This stream has no authentication.
I would like to setup a lightweight http server that listens on port 80 for outside connections, prompts for username and password, and then forwards the stream from localhost:1234
How do I do this?
Lighttpd can do this.
The following config files will forward requests to http://domain.com/ => http://localhost:1234/ requesting a http basic auth first.
lighttpd.conf
## Add auth and proxy mods to your existing modules list
server.modules = (
"mod_auth",
"mod_proxy"
)
$HTTP["host"] == "domain.com" {
auth.backend = "plain"
auth.backend.plain.userfile = "lighttpd-plain.user"
auth.require = (
"/" => (
"method" => "basic",
"realm" => "MyWebcam",
"require" => "valid-user"
)
)
proxy.server = (
"/" => (
(
"host" => "127.0.0.1",
"port" => 1234
)
)
)
}
lighttpd-plain.user
webcamuser:webcampassword
Make sure you load mod_auth before mod_proxy in server.modules, getting them in the wrong order can make lighty panic.

Lighttpd vhost setup

tl;dr - How do I reference the conditional regex matches?
I am looking for the simplest vhost setup, but what I am trying doesn't work.
I want:
http://example.dev` => /var/www/dev/example/
http://website.dev` => /var/www/dev/website/
I have tried:
server.document-root = "/var/www/"
$HTTP["host"] =~ "^(.+)\.(.+)$" {
server.document-root += "%2/%1/"
}
What my method resolves to:
Path: /var/www/%2/%1
I suspect that the %1 %2 syntax only works with mod_rewrite. I can't confirm that, but I've only ever used it with mod_rewrite.
A mod_rewrite solution would be the following:
server.document-root = "/var/www/"
$HTTP["host"] =~ "^(.+)\.(.+)$" {
url.rewrite-once = ( "(.*)" => "/%2/%1$1" )
}
Which should effectively act as if your document root has moved.
*This is untested