Koozali.org: home of the SME Server

Reverse proxy

Offline EdelingF

  • ****
  • 215
  • +0/-0
Reverse proxy
« on: August 05, 2011, 08:43:15 PM »
I'm finally building my new server by using a XPC Barebone Shuttle SH55J2 (Intel Core i3, 4 Gb int., 1Tb HDD) Works great!
First wanted to install SME8 with virtualisation in it, but I have now installed Proxmox with 4 virtual SME8b6 servers. Works also great!
Installed SME SiteMaker, no problems; installed Wordpress, no problems, installed phpMyAdmin, also no problems.

But the only problem is to get connect the servers to the internet. I mean, to make the servers 'visisble' from outside my network. I thought, no problem, just make some changes in the modem/router like I did with my old server by using port-forwarding. Wrong!

I found out I need something like a reverse proxy. So, my plan was to use one of the virtual servers as a (easy to manage) proxy server. But after a week looking in forums, wiki's and website I'm still no further on how I should do that.
Is there someone with experience using SME8 as a reverse proxy? I have read in the forum that some SME users use Proxmox for virtualisation, so they probably have had the same problems.

Also, is there a easy configuarable proxy server available for SME8, preferably to be anaged through a browser?
« Last Edit: August 05, 2011, 08:55:56 PM by EdelingF »
...

Offline larieu

  • ****
  • 214
  • +0/-0
Re: Reverse proxy
« Reply #1 on: August 06, 2011, 06:48:14 AM »
I use proxmox to one machine (mostly for testing purposes) with several sme virtual machines

But I have also one router which can handle fully routing needs and a separate connection for it
because is only for testing I set everything like this

           Internet
               |
router with internet access
               |
               |
Intermediate LAN With NAT provided by router (or if you can ask your ISP to provide several public IP's... - one class of 8 will be like charm)
               |
               |
Proxmox server also with virtual machines (various)
               |
               |
        -------------
       |     |     |     |
local LAN machines


for example you could set one environment like this
Intermediate LAN on router side
192.168.1.254/24
192.168.2.254/24
192.168.3.254/24
.....


proxmox has 192.168.66.254 on LAN side
all my virtual machines has "bridged Ethernet"
and I have one SME as full server gateway and other only in "server only mode" + other virtual things

the first one has  for example  WAN side 192.168.1.253/24 gw 192.168.1.254,
other ones
192.168.1.252/24 gw 1.254
192.168.1.251/24 gw 1.254
or in other class (how works for your logical separation)
192.168.2.253/24 gw 2.254,
192.168.3.253/24 gw 3.254,

you'll need to provide accurate routing table to your router
also you should make some "DNS" entries to suit you
for example
you'll have one server (the main one) and a second one which you'll prefer to name it as "backup.mydomain.org"
you will make an name entry even in your main sme even in your router and put your sme as DNS client  for this also

but I think all this are basics for networking and you could get from other places on internet (or ask separate)
if everybody's life around you is better, probably yours will be better
just try to improve their life

Offline purvis

  • ****
  • 567
  • +0/-0
Re: Reverse proxy
« Reply #2 on: August 06, 2011, 05:00:09 PM »
first, does the proxmox os have access to the internet. from the terminal,  can you ping www.yahoo.com.   
if that does not work, i do not see how your guest sme servers will work either.

i had no problems when i did my first install two weeks ago with proxmox
if i am not mistaken there is a check box to be set for the your sme virtual machine to auto connect to the ethernet.
that check box for the ethernet maybe off.

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #3 on: August 06, 2011, 06:02:29 PM »
Proxmox and the VM's can contact the internet, but websites inside the VM's are not visible.
The websites are also still on my old server, which are visible by portforwarding HTTP, etc. in the router to the old server. This can only be done once, so I was planning to portforward to the new server and reroute to the old server and the VM's in the new server by using a proxy in the new server. This way I can move the website (Wordpress installations) one by one from the old server to the VM's on the new server. I planned seperate virtual servers for each domain with a Wordpress website.
...

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Reverse proxy
« Reply #4 on: August 06, 2011, 06:31:55 PM »
I found out I need something like a reverse proxy. So, my plan was to use one of the virtual servers as a (easy to manage) proxy server. But after a week looking in forums, wiki's and website I'm still no further on how I should do that.

You can use the proxypass virtual domain feature of SME server:

http://bugs.contribs.org/show_bug.cgi?id=999
http://forums.contribs.org/index.php?topic=47160.0
http://forums.contribs.org/index.php?topic=46975.0

Offline purvis

  • ****
  • 567
  • +0/-0
Re: Reverse proxy
« Reply #5 on: August 07, 2011, 04:11:41 AM »
I had problems myself with proxypass. Maybe i did do it correctly.
I saw something poosibly worth mentioning.
I read where a program called Round for ubuntu could direct urls to the proper ip address.
If so and if proxmox and ubuntu are both debian linux based os then if Round does do redirection, it might load under Proxmox.
This would be great for what you are doing and my future doings also.
I would be interested, if you try this Round program, in any feed back you can provide.   

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Reverse proxy
« Reply #6 on: August 07, 2011, 04:32:24 AM »
I had problems myself with proxypass.

Did you report your problems to the bug tracker? If not, why not?

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #7 on: August 07, 2011, 09:49:31 AM »
I came over name 'Round' a few times, but the links to the download-site doesn't seem to work. I also can't find any info about it.
I'l get into proxypass to see if it fits my needs.
...

Offline Mike

  • *
  • 15
  • +0/-0
Re: Reverse proxy
« Reply #8 on: August 07, 2011, 10:32:11 AM »
I also would like to setup 4 or 5 SME servers on a proxmox but I have not found the right way (and time) to do so just yet.
Reverse proxy is nice but does not solve all problems (as far as I know). :?
Best would be to have more IP-addresses.
That does solve all your problems but costs money and some providers don't even provide it.
IPv6 would solve this problem also but is not yet supported on SME and not everyone can connect to IPv6 as many people only have a IPv4 connection from their provider or do not have IPv6 enabled on all clients as many simple computer users do not even know what IPv6 is.
The next 10 years you might want to run dual stack on all systems that provide webservices to the internet so you are reachable for all people.
If you use reverse proxy you should think of the following:
If you have 4 seperate SME VM's and one VM that does the reverse proxy thing, than you will get mail problems.
SPAM checking servers will use reverse DNS to check if mail really comes from the server it seemed to be send from.
The SPAM checking servers will come back to the reverse proxy VM box when they request the hostname of the host that has the IP-address that the mail came from.
They will get back the hostname of the reverse proxy VM box which is different from the mail servers name and your mailservers will be blacklisted before you know it.
If someone thinks me wrong or has a solution to this problem than I would really like to hear it!

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #9 on: August 08, 2011, 02:46:02 PM »
Quote
If you have 4 seperate SME VM's and one VM that does the reverse proxy thing, than you will get mail problems.
SPAM checking servers will use reverse DNS to check if mail really comes from the server it seemed to be send from.
The SPAM checking servers will come back to the reverse proxy VM box when they request the hostname of the host that has the IP-address that the mail came from.
They will get back the hostname of the reverse proxy VM box which is different from the mail servers name and your mailservers will be blacklisted before you know it.
If someone thinks me wrong or has a solution to this problem than I would really like to hear it!
Hmm, that's something I didn't think about....
I'll check this with my provider first.

Extra IP-addresses are only available for (expensive) business accounts. That's, in my case, not affordable. It's just hobby.
It would also be to easy by the way  ;) 
...

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Reverse proxy
« Reply #10 on: August 08, 2011, 05:31:34 PM »
Mike

Quote
If someone thinks me wrong or has a solution to this problem than I would really like to hear it!

I think the workaround is to configure each sme server to send mail via your ISP's mail server, which is done in the server manager Email panel.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Mike

  • *
  • 15
  • +0/-0
Re: Reverse proxy
« Reply #11 on: August 08, 2011, 11:29:41 PM »
Mike

I think the workaround is to configure each sme server to send mail via your ISP's mail server, which is done in the server manager Email panel.

Yes, that is a workarround alright but it is not the preferred solution I was hoping to hear.
I do not want to be dependent on my ISP's mailserver or filters they might put into place because they never tell anybody about it.
The idea of running your own mailserver is to be independent of anything but your internet connection.

Offline larieu

  • ****
  • 214
  • +0/-0
Re: Reverse proxy
« Reply #12 on: August 09, 2011, 12:57:21 PM »
I think you could set only one as mail server and other ones just send mails through this one

yes you'll be forced to use one account to be relayed by this first one but I think this is not the main issue

and if you really want to use other ones to receive mails just do appropriate settings to take the mails from the first one
if everybody's life around you is better, probably yours will be better
just try to improve their life

Offline EdelingF

  • ****
  • 215
  • +0/-0
Re: Reverse proxy
« Reply #13 on: August 09, 2011, 03:58:34 PM »
This is the answer from my provider:

Quote
In general it is a bit old-fashioned to look at the PTR RR of a email sender. A fuzzy solution is to add several of the RRS to records in DNS, but not all mail servers support it. The easiest solution is to let a single server handle mail for all domains or to use more IP addresses.


I hope this makes sense, because I had to translate it from Dutch......
...

Offline Mike

  • *
  • 15
  • +0/-0
Re: Reverse proxy
« Reply #14 on: August 09, 2011, 10:44:13 PM »
This is the answer from my provider:
 

I hope this makes sense, because I had to translate it from Dutch......

Kijk nou eens, die Nederlanders kom je ook overal tegen...
I will just go on in English so other people can understand it too.
Do you have a link to this solution because I'm Dutch too.
This sounds like something I would like to research to see if this is the solution to what I want to accomplish.