2.4.13 Reverse Proxy Internet Only Client [domain.com:443 > localdomainIP:55415]

marinekev88 · September 10, 2020, 10:56pm

This may be a trivial issue as one can always port forward 55415 to a public domain for internet client access. For me I do not want to open more ports than I absolutely need to. I reverse proxy almost all my bare metal, from cockpit web-socket upgrade and also an on premise exchange server. Both use different methods to reverse proxy but it works and I like the protection offered.

I am using Apache [httpd on CentOs] and run all my SSL’s to my proxy handoff since my internal network is relatively calm (Just me and the wife). This also allows all my SSL’s to be installed on the single proxy server.

My question:
**Reverse Proxy to Server Backend port 55415 for client running on Internet domain and port 443?

Internet client is currently running with:
Internet Name: domainName.com
Internet Port: 55415
Https Proxy: off [as I dont proxy forward]
Router has port 55415 open to backup server

^^ This works as expected and its great, but I’m neurotic and that open ports bugs me since my router logs fill up with bot scans for open ports every day. Is it bad… No, just annoying.

What I have tested with only fails:
setting up Vhost on httpd and using proxypass to backend ip:port as follows:

<VirtualHost *:443>
ServerName backupname.domain.com
ErrorLog /dir/for/error/logs

ProxyPreserveHost On

ProxyPass / http://local-ip-to-srv:55415/
ProxyPassReverse / http://local-ip-to-srv:55415/

SSLEngine On
SSLProxyEngine On
SSLCert…File /path/to/cert/file (not actual syntax for ssl setup)
SSLKey…File /path/to/key/file (Again Not actual syntax for ssl setup)

Client Response: “Connected with backup server” (Not exact verbage but close)

How ever the web GUI shows client offline and no connection so its not jumping through the reverse proxy somehow.

Now this works beautifully to reverse proxy to the http server on 55414 but I get no love on internet client connection…

What Ive tried:
timeout to 900sec (no dice)
disable keep alive (no dice)
used allowCONNECT 55415 (no dice since that is for a forward proxy)

Possibility to try:
Reverse proxy upgrade to websocket (secured) for internet client.

Let me know if anyone has figured out a way to reverse proxy the internet client.

Thanks in advance,

Kevin

uroni · September 11, 2020, 11:08am

With 2.5.y one can also use websockets. See the testing threads for that.

marinekev88 · September 11, 2020, 3:55pm

@uroni
Thank you for the reply, I have tried the article you posted with several tweaks since my backup server runs behind a proxy and the public domain gets passed to the local ip of the server. That however doesn’t allow the internet client to actually connect, it does connect to the https proxy but it’s not passed to the internal ip on port 55415.

I looked at upgrading to 2.5 and would love to play around with this as a WebSocket connection should pass from 443 to 55415 easily… Currently messing with CSS to create a “dark mode” for you.

Dmitrius7 · September 22, 2020, 2:16am

May be my github code helps you.