Reverse proxy for internal applications

luvablemarmot · Sep 18, 2016, 1:21 PM

Hey guys,

I've read a lot of posts about using a reverse proxy for 1 external IP to inside applications via Squid/HAproxy. What I'd like to do is use a reverse proxy for internal applications on my network for my own needs. Have a VIP which uses some name via unbound that allows me to hit NAME/blah instead of SERVER:PORT over multiple different applications inside my network.

Is pfsense the right tool to use here. I thought it might be since its always on and I think it has the functionality to accomplish this (I'm just not sure the correct approach). I didn't want to install nginx on pfsense since its not a package managed via pfsense.

Just wondering if this is the right approach or if I should just run nginx on a VM and let it handle this.

johnpoz · Sep 18, 2016, 1:43 PM

Huh?? So you want to www.domain.tld and get redirect to priviateIP:port or go to other.domainl.tld and direct to otherprivateIP:port where port is not 80?

Why would you not just listen on 80 and resolve your different names to your different servers actual IPs on the lan? I am not understanding the use case here sorry.

luvablemarmot · Sep 18, 2016, 1:47 PM

This is all inside my network. So this is what I was thinking

Example:

Rather then http://server.example.com:2812/ and http://server.example.com:32400/

I could have monit.example.com and plex.example.com which would use a reverse proxy instead of by FQDN:PORT.

None of these names are reachable via outside network, just on my internal network.

Does that help clarify?

johnpoz · Sep 18, 2016, 1:55 PM

Ok.. Seems pretty pointless since you can just save the bookmark ;) hehehe

When is it you have to go to these sites on the fly and type in the name and can not just have a bookmark saved using the port? While sure you could run a reverse proxy I guess to allow you to drop the port on your url and use different name vs the url.. Seems pretty pointless to me sorry..

These are your systems, accessed by you and you clearly understand the ports the processes are listening on.. Is there anything on 80 or 443? If not you could run one on https and the other on http so you could then just use name ;)

luvablemarmot · Sep 18, 2016, 2:02 PM

I hear ya. I was just trying to make it easier to remember at times. I don't always go looking for Monit cause it works so well so I know I'll forget its running port.

Just thought it be a fun thing to try via pfsense. I thought about trying it via the Load Balancer method to have a VIP -> pool:80 -> nodes:whateverport but figured i'd see if there was a more acceptable way.

Anyway, thanks for the advice.

johnpoz · Sep 18, 2016, 2:12 PM

Well since these are on the same box it seems, why not just run nginx on it if you don't want to use ports? Just seems like wasted effort to me to be honest.. Good luck though if you set it them up under proxy.

luvablemarmot · Sep 18, 2016, 3:01 PM

Just tossed nginx on a virtual server and put a portal page up going to all the internal apps. Seemed the easiest approach minus the bookmark idea.

Cheers!

robi · Sep 18, 2016, 6:03 PM

pound - a great reverse proxy. On pfSense it needs to be installed manually, from freeBSD repos. It has no dependencies and the binary is also vers small.