Does anyone have experience using nginx's reverse proxy to effectively take a FQDN and invisibly redirect web traffic to a different port/server? I heard rumors that eChicken might use nginx. I'm having some configuration issues that I'm trying to clear up.

I want users that go to shodanscore.com, or www.shodanscore.com in a web browser, for nginx to proxy_pass to localhost:9443.

This is just for the web service. My ssh/telnet/rlogin stuff is all default. I want to move the web service off ports 80/443 and make it so the user/internet doesn't notice. I have a couple other "things" running and nginx seems to be handling them fine. I just need to figure out sbbs.

The other "stuff" I have working is 2 Foundry VTT instances (foundry.shodanscore.com and w-foundry.shodanscore.com) and a Jitsi Server (voice.shodanscore.com).

I can provide the site config files upon request. I don't pop onto Dovenet too often these days, so forgive me if I don't respond right away.

Thanks much,
-A.
--
Android8675@ShodansCore
---
þ Synchronet þ Shodan's Core @ ShodansCore.com
--- SBBSecho 3.13-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: nginx, reverse proxy & sbbs
By: Android8675 to All on Tue Mar 09 2021 10:38:43

Does anyone have experience using nginx's reverse proxy to effectively take a FQDN and invisibly redirect web traffic to a different port/server? I heard rumors that eChicken might use nginx. I'm having some configuration issues that I'm trying to clear up.

I did this in the past, but I'm no longer using this configuration for my BBS. I still have a couple of nginx reverse proxies running elsewhere though.

What kind of issues are you having?

I want users that go to shodanscore.com, or www.shodanscore.com in a web browser, for nginx to proxy_pass to localhost:9443.

This is just for the web service. My ssh/telnet/rlogin stuff is all default. I want to move the web service off ports 80/443 and make it so the user/internet doesn't notice. I have a couple other "things" running and nginx seems to be handling them fine. I just need to figure out sbbs.

There's nothing special or Synchronet-specific that you need to do here.

This guide seems decent, but just follow Step One. Ignore Step Two and any Jenkins stuff. It's 6-ish years old but I think it's still valid:

https://tinyurl.com/ydae6kkv

You're mostly looking at adjusting the server name, address, port, and paths to key and cert. I imagine I followed that or something similar when I set it up way back when.

If you're hosting fTelnet you'll probably need to add a similar config to handle proxying websocket requests to your websocket service. There are a couple of other steps involved which I don't remember offhand, but we can try to figure that out if necessary.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
---
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

On 3/9/2021 11:38 AM, Android8675 wrote:

Does anyone have experience using nginx's reverse proxy to
effectively take a FQDN and invisibly redirect web traffic
to a different port/server? I heard rumors that eChicken
might use nginx. I'm having some configuration issues that
I'm trying to clear up.

I want users that go to shodanscore.com, or www.shodanscore.com
in a web browser, for nginx to proxy_pass to localhost:9443.

Should be easy enough to do.. though, depending on your server you may
or may not have issues with letsencrypt assuming you want an actual cert
for your public services.

I wound up putting my webhost on a different server, and have only a web/root/404.ssjs for the default web instance that will redirect all
traffic to the preferred web hostname. For the ecweb4 and runemaster
web UX, I have reverse proxy setup to those web instances on
non-standard ports.

Of course, this requires me to make a couple custom changes for the
ftelnet in the ecweb4 for the hostname to use for wss telnet/rlogin.

This is just for the web service. My ssh/telnet/rlogin stuff
is all default. I want to move the web service off ports 80/443
and make it so the user/internet doesn't notice. I have a couple
other "things" running and nginx seems to be handling them fine.
I just need to figure out sbbs.

Should just be able to change the web port for synchronet... would also
do a fallback handler for .well-known to your synchronet if you can.
I'm using caddy for my reverse-proxy, so that didn't work so well... may switch to nginx, but caddy seems to run lighter.

The other "stuff" I have working is 2 Foundry VTT instances (foundry.shodanscore.com and w-foundry.shodanscore.com) and a
Jitsi Server (voice.shodanscore.com).

I can provide the site config files upon request. I don't pop
onto Dovenet too often these days, so forgive me if I don't
respond right away.

If you're wanting more interactive help, irc.synchro.net may be your
best bet.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
ï¿­ Synchronet ï¿­ Roughneck BBS - roughneckbbs.com
--- SBBSecho 3.13-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: nginx, reverse proxy & sbbs
By: Tracker1 to Android8675 on Thu Mar 11 2021 06:08 pm

I'm using caddy for my reverse-proxy, so that didn't work so well... may switch to nginx, but caddy seems to run lighter.

After fiddling with a number of reverse-proxy options, I ended up using sniproxy.

github.com/dlundquist/sniproxy

It has a really simple configuration format, handles port redirection (i.e. connection to host.com:80 redirected to otherhost.com:90909), and seems to handle websockets as well, but I haven't tested that in depth. In my use-case, I have it running on Ubuntu in yet another VM on my network, and it seems to be extremely light-weight.

---
þ Synchronet þ RetroConnect.org - Yet Another Glorified Offline Message Reader
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

On 3/15/2021 9:44 AM, Prime wrote:

After fiddling with a number of reverse-proxy options, I ended up
using sniproxy.

github.com/dlundquist/sniproxy

It has a really simple configuration format, handles port redirection
(i.e. connection to host.com:80 redirected to otherhost.com:90909),
and seems to handle websockets as well, but I haven't tested that in
depth. In my use-case, I have it running on Ubuntu in yet another VM
on my network, and it seems to be extremely light-weight.

Glad that's working for you, as I mentioned, I'm using Caddy...

My own caddyfile is below.

---------------------
www.roughneckbbs.com {
file_server
}

ecweb.roughneckbbs.com {
reverse_proxy * http://INTERNAL_IP:51080
}

rmweb.roughneckbbs.com {
reverse_proxy * http://INTERNAL_IP:52080
}

roughneckbbs.com {
redir * https://www.roughneckbbs.com
}

...

:80 {
redir * https://www.roughneckbbs.com
}
---------------------


http(s)://host.roughneckbbs.com is the synchronet service(s), I did
comment out the INTERNAL_IP for the service directly as well as some
redirects of old/alternate domains I've used for the BBS, the firewall
is configured so that the internal ports are only accessible from the
shared private network.

www. is just running static content for now, and will likely continue,
with some routes relaying to sbbs directly in the future.

ecweb/rmweb redirecting to the host internal ip on different ports. with
other fallbacks redirecting to https://www. Including a fallback
redirect for anything else on port 80 that doesn't match a named entry.

For simple reverse-proxy + https termination, it's super easy... But can
still handle more complex application configurations, and the overhead
is really lightweight...

free >>
total used free shared buff/cache available
Mem: 1004896 235364 167028 1052 602504 615992

docker status --no-stream >>
CONTAINER NAME CPU % MEM USAGE / LIMIT MEM %
proxy 0.00% 20.96MiB / 981.3MiB 2.14%

It's supposed to support ws(s) proxy, but haven't really tested it,
it doesn't seem to like to work with the ws(s) terminal service in SynchronNet, but will probably try it with node's web-sockets before long.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
ï¿­ Synchronet ï¿­ Roughneck BBS - roughneckbbs.com
--- SBBSecho 3.13-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)