diff --git a/src/content/unix/reverse-proxy.md b/src/content/unix/reverse-proxy.md index e9bda0c..54df59a 100644 --- a/src/content/unix/reverse-proxy.md +++ b/src/content/unix/reverse-proxy.md @@ -4,8 +4,6 @@ description: 'Reverse Proxies and SDWAN' updateDate: 'Apr 21 2024' --- -# Bypassing Network Lockdowns - I manage the network infrastructure for a [robotics club](https://arvp.org) on campus. Unfortunately, the campus network has been heavily locked down for security. It takes years to get Information Services and Technology (IST) to @@ -336,3 +334,56 @@ and update the `remote_addr`: [client] remote_addr = "mycomputer.example.com:9001" ``` + +## Multiple Services + +Unless you have a lot of funds, you'll likely only have one server running. +However, you may want several "services" running on this one server. This is +especially an issue when it comes to websites, as browsers request to port 80 or +443 (http**s**) on the given IP. + +Luckily, when a website is requested, he header of that request includes the +domain name that request is going to. For example, I might have `example1.com` +and `example2.com` pointing to the exact same IP address. However, the server +will be able to see if the request is coming for `example1.com` or +`example2.com` and choose to serve different content. + +Nginx is the typical way to do this, but +[Caddy](https://github.com/caddyserver/caddy) is much easier to get running. It +almost provides extremely simple Let's Encrypt integration for free https. + +Here's a very basic Caddyfile we use at arvp: + +```js +git.mami2.moe { + reverse_proxy localhost:9123 +} + +woodpecker.mami2.moe { + reverse_proxy localhost:9027 +} + +jupyter.mami2.moe { + reverse_proxy localhost:9025 +} + +# This one keeps a log of connections +cvat.mami2.moe { + reverse_proxy localhost:9026 + log { + output file /root/cvat.mami2.moe.caddy.log { + roll_size 1gb + roll_keep 5 + roll_keep_for 720h + } + } +} + +# This one uses basic password protection, provided by caddy +llama.mami2.moe { + basicauth * { + arvp $2y$03$BekY89f5/9s.oxtrGntlk23j4kl32jlk;23jl4j32l;23j4l32kY. + } + reverse_proxy localhost:9030 +} +```