TurnKey Linux Virtual Appliance Library

How to ask for a new appliance

I would like a Zabbix appliance. Where do I request that?

Zabbix 1.8: The Ultimate Open Source Monitoring Solution

http://www.zabbix.com/

Alon Swartz's picture

Blueprints

The best place would be on blueprints. That way others interested could track the proposal, as well as update the spec if they create a tklpatch, which would drastically push the idea forward.

Thanks! I

This looks very impressive.

This looks very impressive.  It has my vote.  Thanks for the info.

New turnkey requests

I'd like to see a couple generic turnkeys. The first proxies DNS, pointing to a DNS server of choice. The second is a reverse proxy server, probably Nginx, configured to point to another server for a chosen protocol. Hopefully they can have simple web administration interfaces with firewall setups. The key features would be to have simple, secure appliance-like VMs that require little to no support. Read-only filesystems would be a plus, even if it has to reboot in between read-only and read-write mode. Thanks for your consideration.

Jeremy's picture

A DNS server is quite easy

Although I'm not 100% sure if I get your point. A DNS server can easily be installed and configured to forward DNS requests anywhere you like. Is that sort of what you were after?

And yes a reverse proxy would be nice. The simplest one I have found following my searching is Pound (and here is more info and instructions for setting it up - should work, except leave the 'sudo' command out). I have tried to configure Nginx and ended up giving up... I couldn't manage to get it to work. Also problem with Nginx is that there doesn't seem to be a nice WebUI for configuring it, so I expect that it won't be a very newb friendly appliance, even with some initial config. So if the devs did a reverse proxy appliance, I suspect they'd use Apache instead. Although Pound doesn't seem to have a nice WebUI either, it also seems much easier to config than Nginx.

DNS Proxy

We have AD here, and rather than expose AD to the internet, I'd rather run a simple VM with some sort of linux DNS server that points to AD to expose to the internet, for security.

Jeremy's picture

Exposing AD is very bad idea IMO

Your best bet is a VPN tunnel I reckon, then the AD server doesn't have to be exposed at all.

VPN wouldn't allow the public

VPN wouldn't allow the public to access it, which misses the point of having a proxy server there. The AD would be on the internal network, with the DNS proxy exposed to the public to get select AD DNS zones out to the public.

Jeremy's picture

Not sure why you would want AD zones public?

Personally I think exposing AD in any way, shape or form seems like a bad idea. And TBH I'm not really sure what you would be trying to achieve doing that. I'm sure there would be a better, more secure way to achieve your ends whilst keeping AD safely locked away, preferably behind a hardware firewall! (With no incoming connections except via VPN)

Http/s proxy

I saw something about a web administration module for Nginx, served by Nginx itself, called mod_wsgi, and is based on python. It's not my language of choice, but encaptulated wouldn't be bad, I suppose. I also like the idea that nginx does imap/pop3 proxy, which might be a plus for helping to proxy Exchange. Personally, I prefer working with Linux, but management wants Windows; I'm sure it's because it's easier to hire Windows people.

Jeremy's picture

mod_wsgi is a module to serve Python

It is so you can use raw Python to create web apps. Have a look here. There may well be a Python web app that has been built to admin Nginx that requires mod_wsgi to work, but mod_wsgi doesn't do that on it's own. Besdies it's an Apache module (although perhaps someone ported it to Nginx too!?)

Squid may be another good proxy option. Squid can proxy pretty much any protocol AFAIK, and it can act as a caching proxy too (which Pound can't).

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)