-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Reverse Proxy
A reverse proxy, also known as an "inbound" proxy is a server that receives requests from the Internet and forwards (proxies) them to a small set of servers, usually located on an internal network and not directly accessible from outside.
A reverse proxy can be used to allow authenticated users access to an intranet even when they are located outside. Users on the internal network can access intranet servers directly (their IP address is their authentication), but users outside it must authenticate themselves to the proxy server (usually with a username and password) in order to be allowed in.
Visit this page for a good overview of why you should be using a reverse proxy: http://mikehadlow.blogspot.com/2013/05/the-benefits-of-reverse-proxy.html
Lets say you have SickBeard, SABnzbd, Headphones, and Couchpotato installed and working locally. To get to each of these you would navigate to their web server's ip:port. Depending on how you setup the apps (binding an IP to your network adapter) you may not be able to get to the sites outside your network. You can use your cellphone with WiFi turned off if you want an easy way to test access outside your network. Most likely they are all running on the same machine/within the same network. So each ip would be the same but the port would just be different, remembering which port belongs to which application is not very user friendly. Also what if an app uses HTTP while another is using HTTPS? what if one app has authentication enabled but another doesn't? Well using a reverse proxy can make all this a lot more manageable.
Using a reverse proxy you could just go to an IP (or hostname if you use dyndns or something similar) but use /sickbeard, /sabnzbd, /couchpotato, /whatever instead of a different port. Not only does this make accessing your multiple apps more user friendly, it allows flexibility of being a gatekeeper to all the sites (for access/security/data logging).
Before:
http://localhost:8081https://192.168.1.1:9090http://myname.no-ip.org:5000http://192.168.1.1:8181
After:
https://myname.no-ip.org/sickbeardhttps://myname.no-ip.org/sabnzbdhttps://myname.no-ip.org/couchhttps://myname.no-ip.org/music
You need to define what the reverse proxy entry point is, and make sure it matches when specified.
So in our example above, we are using /sickbeard. So with SickBeard shutdown, modify config.ini as noted below.
config.ini
web_root = /sickbeard
If you use the sabToSickBeard script, you will need to set the web_root variable here as well.
autoProcessTV\autoProcessTV.cfg
web_root = /sickbeard
Now when starting up SickBeard you will notice that if you try to access your old SB ip:port it is just a blank page but SB is running fine in the background. This is because now any page you go to in SB it is expecting the /sickbeard before it. So http://localhost:8081/history/ would now be reached at http://localhost:8081/sickbeard/history/ if you need to access it directly. The reason we give the unique entry point is so that incoming traffic is matched off the /sickbeard instead of the external port (since all the apps are sharing the same external port, as the internal port is not exposed anymore).
httpd.conf
<Location /sickbeard>
order deny,allow
deny from all
allow from all
ProxyPass http://localhost:8081/sickbeard/
ProxyPassReverse http://localhost:8081/sickbeard/
</Location>
For help or questions visit us at #sickbeard on irc.freenode.net