Reverse-Proxy-Server

Hi,
I have the following problem:

I run a webapp on my webserver in standalone mode over a specific port.

On of my customers has a very strong firewall, which blocks all the connections over ports, except of 80 and 443.

He told me, that with a “Reverse-Proxy-Server” I can solve this.

Has anyone an idea how to fix this? How can I redirect the communication from my ports to port 443?

Thanks Lars

There are several threads about this on the forum. Search for nginx and haproxy.

http://john-joyce.com/xojo-and-load-balancing-with-haproxy/

And if you need SSL, search for HAProxy SSL Termination :slight_smile:

If Windows is your target environment I’ll be demonstrating how to test & deploy standalone Web Apps with reverse proxy & SSL offloading using IIS. The process is trivial and largely point & click. Join us at http://vxug.org/ on the 30th. @Phillip Zedalis & @Geoff Perlman will be there too!

Yea, I need SSL :slight_smile:

I have a webserver running ubuntu 64 bit with nginx. Do you guys know a “how-to” for a reverse proxy using nginx?

ah, ok what read here: http://john-joyce.com/xojo-and-load-balancing-with-haproxy/

I cannot set up a reverse proxy using nginx where several users comes from the same IP (for example when they are in the same office).

So I need HAProxy right?

Sorry I am only familiar with apache2, where you need to enable mod_proxy and settings this in the config file. And no, basically nginx should do quite the same job if you are accessing your web with public URL. I see no need for an additional haproxy except when it comes to LB.

https://www.nginx.com/resources/admin-guide/reverse-proxy/

Thanks Tomas,

I configured it in this way, that if someone calls a subfolder “via” the traffic has to delivers to the app, whis is running on port 34001:

location /via/ {
	proxy_buffering off;
	proxy_read_timeout 5m;
	proxy_pass http://93.90.178.92:34001;
}

But if I call the url “http2://vms2-via-cloud.de/via”, the 404 Error occurs.

What do I wrong?

I have to pass this to somebody else with deeper knowledge of nginx… your stand alone server listens to this port? try to access it from the inside on http://93.90.178.92:34001

http://93.90.178.92:34001 works!

the reverse proxy not
:confused:

Hi Lars,

I think that the way your config is written, the /via/ gets passed to the proxy path. Try adding a slash to the end of proxy_pass:

proxy_pass http://93.90.178.92:34001/;

Have a look at
https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching#deconstructing-a-basic-http-proxy-pass

Having said that, I am struggling with trying to do the same as you (instead of connecting directly to a port other than 80 or 443).
I always get the Xojo “Server disconnected” text (but without any images). It’s like Xojo loads the framework but is then unable to talk to it.

The only method I have seen work so far (on these forums) is to use unique subdomains for your webapps (app1.example.com, app2.example.com) and have the config location set to / for each.

thanks, this helps a bit. Now I get the connection to the app.

But like you, the app isn’t able to establish a connection:
http://vms2.via-cloud.de/via/

It seems, that the ressources aren’t pass thru the proxy:

GET http://vms2.via-cloud.de/framework/framework.js 

→ the framework ist located under “http://vms2.via-cloud.de/…”, but under “http://vms2.via-cloud.de:34001/…”

How can I map this to right locaion?

Starting it from the root directory of the subdomain works well.

Except of some 504 Errors which I discuss on another threat here

Adding yet another location for “framework” gets the images, but Xojo then uses what looks like a UUID for the comms and that, of course, fails.

location /framework/ { proxy_buffering off; proxy_read_timeout 5m; proxy_pass http://93.90.178.92:34001/framework/; }

It would be good if someone from Xojo could explain how the webapp determines the URI, or if it can only use the domain name (in which case, this approach cannot work unless the webapp can somehow be forced to use a given subdirectory after the domain name. Feature request for a comman line option…?)

Is there a xojo staff member, which can help?

How can we map thru the UUIDS for the comms?

Sounds like you need to use “location /” in your settings. You don’t want to be trying to piece together every url, just forward everything to the xojo app.

I would recommend you set up a separate subdomain for the app instead of routing by a directory name - is that an option for you?

Yes, I brought it to live while using an own supdomain for the app. That works.

Plesk only supports the proxy-configuration for subfolders. So I had to change the nginx.conf file by my self, which is originally generated by Plesk. Unfortunately everytime I make some changes on the subdomain, I have manually reconfigure this file again because Plesk overwrites it.

But yea, subdomains working!

also with ssl!

Nice to hear this! congrats and yes in such cases plesk or other admin tools like webmin (my favorite) are at their limits. For direct editing I am using mc / mcedit instead of vi or other editors… hounting shadows of my past MSDOS and Norton Commander times :wink: