1

Network info:
Home network, EdgerouterLite, EPB fiber, Mac mini with multiple linux/Windows VM’s.
I’m looking to host multiple websites- computer services, photo gallery, plex, etc.
I’ve only got a single public v4 IP and a /64 of IPv6 that’s not quite ready for production yet.

Cloudflare is doing the heavy lifting of DNS and protection from the bad actors across the web.

Right now, I’m forwarding port 80 to access the main site and it works wonderfully, but expansion to other sites are limited now.

I read that a reverse proxy will direct the web request to the correct server based on the header request it reads.

Is that still the best practice?
If so, which one and platform is the best to use for a small installation?
Or is there something else to do instead?

2 Spice ups
2

I personally use a reverse proxy to host a few sites from my home.
It’s a very simple/straightforward setup.
I use apache running on a tiny Ubuntu server vm. 1 vcpu 512Mb of ram, 15Gb thin provisioned drive. I don’t have much traffic, mostly friends and family, but it’s extremely reliable and easy to setup.
Additionally, using a reverse proxy reduces your total attack vector to a single machine and 1 or 2 ports.
A lot of people use either Apache or nginx for this, although there may be a better fit for whatever platform you wish to use.

1 Spice up
3

Cool, I do like ubuntu, and I’ll start testing out Apache mod_proxy soon.

Now to find a setup/configuration guide that uses good pictures…

Thank you for your help Dave! :slight_smile:

4

No pictures needed, my friend.
In order to keep the VM at a minimum, do the Ubuntu server install which is cli only. Since the VM is gonna be running unattended mostof the time, there no reason to waste resources on a GUI.

Here’s a decent guide to get you started:

The guide uses the aptitude package manager. I tend to just use apt . To do that just replace the aptitude command with
apt-get

everything else should be the same.

Do yourself a favor and use SSL on your sites!
Ubuntu works with the free cert authority, LetsEncrypt

5

SSL is a work in progress, will check that out soon. I ran into issues, I followed the DigitalOcean guide and I’m not sure it worked on my server.

Substituted aptitude for apt-get and it says libapache2-mod-proxy-html not found.
I made sure apache2 was installed and then ran all the a2enmods and it looks like they activated without issue.

Whenever I change out the main webserver for the proxy server, the browser lands on the Apache2 Testpage, so I’m not sure the reverse part of the proxy is working yet.

I can reset the VM and start over, but is there a better guide to use that has the right proxy package in apt-get?

6

You don’t have to start over! If your getting the Apache test page that means apache is working you just have some config work left.
It sounds like your missing something in the Apache site config file.
can you post the contents of this file. Assuming you used the default site config as the guide shows, it would be this file:
/etc/apache2/sites-enabled/000-default.conf

Feel free to ‘obfuscate’ your specific domain name unless you want some extra traffic to your sites, haha.

7

Haha! My sites aren’t ready for live access yet.

One is a photo gallery I have yet to build, and the other is plex, so redirecting that request on port 80 to 32400 may need to be done.

Here’s my config with changed IP and domains.

Listen 80

<VirtualHost 10.0.0.10:80>
ProxyPreserveHost On
ProxyPass / http://10.0.0.10:80/
ProxyPassReverse / http://10.0.0.10:80/
ServerName example.com

<VirtualHost 10.0.0.15:80>
ProxyPreserveHost On
ProxyPass / http://10.0.0.15:32400/
ProxyPassReverse / http://10.0.0.15:32400/
ServerName plex.example.com

<VirtualHost 10.0.0.20:80>
ProxyPreserveHost On
ProxyPass / http://10.0.0.10:80/
ProxyPassReverse / http://10.0.0.10:80/
ServerName example2.com

8

So the first thing that pops out to me is that you are defining your virtual hosts with internal IP addresses.

Try changing each virtual host to

VirtualHost *:80
Save, restart apache2, and test it again.

[edit]
Apparently the mobile site doesn’t like the brackets from the Apache config…

9

The *:80 worked!
I’ll be testing out the photo gallery sometime soon.

And with some command line magic I got plex to work, I no longer need plex:32400/web

Thank you!

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/web
RewriteCond %{HTTP:X-Plex-Device} ^$
RewriteRule ^/$ /web/$1 [R,L]
10

Just to follow up, I found some time and now working through the quirks of setting up SSL.
Getting the scp syntax correct to copy the crypto files was an adventure in itself.

Right now, direct HTTPS from Cloudflare to the server - works perfectly.HTTPS to the Proxy all falls apart with a descriptive error (on par with Windows 10 Something Happened)
Internal Server Error - This server encountered an internal error or misconfiguration.

Will research later, work in progress, learning much from this experience.

11

When you’re using a reverse proxy, you want your certs and private keys on the proxy server, not the webserver. It sounds like, from your description, the certs are on the webserver.

The 500 error most likely indicates an apache config error. Try this command on both the webserver and the proxy:
apachectl configtest