Jonathan Struebel's picture

I had a need to setup a reverse proxy over the last few weeks, so I went ahead and hacked together an appliance as I went based on the whiteboard. It's based on the nginx-php-fastcgi appliance with mysql removed and some additional proxy settings configured in nginx. I've only built it with tkl v13.0 since I already had that build environment setup.

I know you're in the middle of releasing tkl v14.0 right now, but once that is out the door I'd appreciate some feedback on it. I'll also work on upgrading it to Jessie as I have time.

Forum: 
Jonathan Struebel's picture

Just realized I forgot to link the GitHub repo for you all. The source for the appliance can be found at https://github.com/jstruebel/reverse-proxy

Jeremy Davis's picture

I have added a "new appliance" issue on the tracker too. I have pinned it to the v14.0 milestone for now; but in all honesty I'm not sure if it will make it in... We'll see.

Regardless, thanks for taking the time. :)

jcconnell's picture

I would like to express interest in a reverse proxy appliance as well.

owen's picture

I'm also interested in a reverse proxy appliance! :)
 

Jeremy Davis's picture

Seeing as there is a fair bit of support for this, we really need to push it forward. Especially considering that Jonathan has kindly done all the heavy lifting!
Jeremy Davis's picture

Thanks for the nudge. We should add this appliance to the library!

In the meantime, you could build it yourself as an ISO. I suggest that you follow the instructions and start by building Core. That way you can double check that everything is working as it should.

When you have done that, then you can build the reserve proxy in this step. You'll need to clone Jonathon's repo instead of LAMP.

Jeremy Davis's picture

Unfortunately not... But thanks for adding your voice. We should look to include it in the library ASAP!

Jeremy Davis's picture

Unfortunately as we didn't add it last release, it will almost certainly need some updating to build successfully as a v15.0 appliance.

So one thing that would help would be if you could try building it on TKLDev v15.0 (the RC1 build should work ok, but hopefully we'll have the v15.0 proper released this week - although no promises).

It will possibly fail to build and require some updating to build successfully. Even after that's been done, then it may require some further tweaking to be fully operational.

If you've never used TKLDev before, then the "How to build ISOs on TKLDev" tutorial may be of use. The full docs (on GitHub) may also be worth a read. All these links and more TKLDev resources can be found on the appliance doc page (in the website docs).

If you have any further questions related to TKLDev, it might be best to open a new forum thread. Although it may be relevant to post a v15.0 Reverse-Proxy appliance related build issues here.

John Carver's picture

Funny that this topic suddenly got renewed interest just as I was thinking about how to create one.  FWIW I have a home brewed rev proxy based on turnkey-core with nginx, etal added manually.  I never got around to turning it into a TKLdev appliance.  It is currently using Bind9 for split-dns, but I don't believe that would be appropriate for an appliance.  Lately I've been thinking of using the work done on the nginx reverse proxy in  the LXC appliance along with dnsmasq as a starting point.

Also, instead of just implementing a reverse proxy using nginx, I was thinking of including a squid proxy for transparently handling forward (outbound) proxy, and apt-cacher-ng for caching apt packages.  The catch is figuring out how to cache HTTPS using some kind of MITM approach ala eBlocker.

And last, of course I'd like it to run on a Raspberry Pi.

I'd be interested in hearing what features are most important in a proxy appliance.

Information is free, knowledge is acquired, but wisdom is earned.

Jeremy Davis's picture

I really like what Jonathan did with the Reverse Proxy appliance, although I'm not 100% sure that it deserves it's own appliance as is.

Don't get me wrong, it's pretty awesome with some great example conf, but by default (i.e. without further configuration) it's really just the Nginx appliance with some (disabled) example proxy config. But perhaps I'm missing something? (I haven't actually built it and tested it out, just looking over the buildcode).

Perhaps if it also included some super easy way to configure it (e.g. interactive inithook(s) and/or confconsole plugin) then it would warrant it's inclusion as a stand alone appliance?

TBH , I'm actually inclined to include his proxy conf example code back into the default Nginx appliance itself (disabled by default). Then we could document how to enable and configure it (although TBH the conf does quite well at speaking for itself IMO). Any thoughts on that?

@John - If you wanted to take it a step further and include squid and apt-cacher-ng, then that too perhaps would make it worthy of it's own standalone appliance? It might even be worth downloading and including that within the LXC appliance by default, or as a first boot option?

I'm not really sure TBH, just thinking aloud really...! :)

Jonathan Struebel's picture

This is pretty much just the NGINX appliance with the proxy config setup. I don't recall off-hand but there might be an additional config file or two that I added in support of a proxy setup that isn't in the default NGINX appliance. Also, I don't install MySQL or PHP I think since the idea was it would just pass requests through. But all-in-all that's not much different from the NGINX appliance. I don't have a problem with just including the proxy config with the NGINX appliance as an example.

 

I've actually toyed around with the idea of just making use of the LXC appliance and hosting the apps that I want accessible as containers. That way it's all relatively contained and you also get DNS with the dnsmasq. I'm really interested in the potential of TKLX for this since those docker containers would be lighter weight than the LXC containers from what I understand. Also if you had multiple apps that use a database you could install it once in one container and link the others to it.

 

If you added squid and apt-cacher-ng, possible also dnsmasq, would this new appliance work well for a home router? I've gone back and forth a little on my own setup whether it was a good idea to do the caching and proxying on the router itself or on a separate machine. The biggest advantage I see to putting it on the router is that it would be much easier to do a transparent proxying and caching. But then you're adding load to the router which you want to be able to move packets as fast as possible since it is the primary point of connection to the internet. I don't have much experience with network design and what works best or not, thus the question.

Jeremy Davis's picture

Apologies on the ridiculously delayed response. I only just noticed this post and thought that I better respond... I suspect that it's not longer relevant, but just in case; and for the benefit of others...

It would be good to publish this. I do hope to revisit this, but I'm not sure when it will be...

In the meantime though, Jonathan's TurnKey buildcode repo includes the Nginx config. It's here; within the overlay section. I haven't looked closely and it's now a little dated, but I suspect that it would still work...

It's also worth noting that TurnKey is based on Debian. v15.x = Debian 9/Stretch. So any docs you find online that refer to Stretch (or likely even 8/Jessie) should do the trick. Unbuntu is also based on TurnKey, so Ubuntu instructions will also likely work too. Although be aware that Ubuntu and Debian are NOT binary compatible (TurnKey is binary compatible with Debian) so avoid adding Ubuntu PPAs to TurnKey (unless upstream explicitly says it's ok; and even then be a little careful).

Good luck and please feel free to share your experience and any issues you may hit.

Please post back if you have issues.

Jeremy Davis's picture

Jonathan developed the build code, but we never built it. The build code that Jonathon developed is on GitHub. It's a bit dated, but it will likely build ok I suspect. So if you download yourself a copy of TKLDev you can try building it and see how it goes.

If you hit any issues, please let me know and I'll help you bring it up to date. And with it up to date along with your feedback, let's look at adding it to the library?!

Jeremy Davis's picture

I have looked at "nginx proxy manager" and I'd love to leverage it. However, as it requires Docker, it's currently not an option for us to include it within an appliance.

Pre-packaging docker containers within TurnKey is not currently supported. It may be at some point, although as the LXC builds of our appliances are incredibly popular and getting docker running within an LXC container requires specific user end config (that we can't pre-package - so it won't "just work"). As such, I'm not really sure whether it's something that we'll support.

If/when "nginx proxy manager" supports a direct install to Debian then we'd definitely look to include it in an appliance.

Add new comment