Jonathan Struebel's picture

I had a need to setup a reverse proxy over the last few weeks, so I went ahead and hacked together an appliance as I went based on the whiteboard. It's based on the nginx-php-fastcgi appliance with mysql removed and some additional proxy settings configured in nginx. I've only built it with tkl v13.0 since I already had that build environment setup.

I know you're in the middle of releasing tkl v14.0 right now, but once that is out the door I'd appreciate some feedback on it. I'll also work on upgrading it to Jessie as I have time.

Jonathan Struebel's picture

Just realized I forgot to link the GitHub repo for you all. The source for the appliance can be found at

Jeremy Davis's picture

I have added a "new appliance" issue on the tracker too. I have pinned it to the v14.0 milestone for now; but in all honesty I'm not sure if it will make it in... We'll see.

Regardless, thanks for taking the time. :)

jcconnell's picture

I would like to express interest in a reverse proxy appliance as well.

owen's picture

I'm also interested in a reverse proxy appliance! :)

Jeremy Davis's picture

Seeing as there is a fair bit of support for this, we really need to push it forward. Especially considering that Jonathan has kindly done all the heavy lifting!
Edward's picture

Hi Guys, im not familiar with linux os it just know some basic command. Can you guy provide the step to let me able to birng up this reverse proxy?




Jeremy Davis's picture

Thanks for the nudge. We should add this appliance to the library!

In the meantime, you could build it yourself as an ISO. I suggest that you follow the instructions and start by building Core. That way you can double check that everything is working as it should.

When you have done that, then you can build the reserve proxy in this step. You'll need to clone Jonathon's repo instead of LAMP.

Nelson Hoover's picture

I would find this quite useful as well.


Nelson Hoover

Guest's picture

any news on this?
Jeremy Davis's picture

Unfortunately not... But thanks for adding your voice. We should look to include it in the library ASAP!

Stephan's picture

It's a pity that this project got stucked since years. Everybody need sooner or later a reverse proxy, it's going now to be more important than ever before. I really can't find any working NGINX project, which is comparable in its quality with TKL. Thanks guys for your much appreciated work! So what to do to push this project?
Jeremy Davis's picture

Unfortunately as we didn't add it last release, it will almost certainly need some updating to build successfully as a v15.0 appliance.

So one thing that would help would be if you could try building it on TKLDev v15.0 (the RC1 build should work ok, but hopefully we'll have the v15.0 proper released this week - although no promises).

It will possibly fail to build and require some updating to build successfully. Even after that's been done, then it may require some further tweaking to be fully operational.

If you've never used TKLDev before, then the "How to build ISOs on TKLDev" tutorial may be of use. The full docs (on GitHub) may also be worth a read. All these links and more TKLDev resources can be found on the appliance doc page (in the website docs).

If you have any further questions related to TKLDev, it might be best to open a new forum thread. Although it may be relevant to post a v15.0 Reverse-Proxy appliance related build issues here.

John Carver's picture

Funny that this topic suddenly got renewed interest just as I was thinking about how to create one.  FWIW I have a home brewed rev proxy based on turnkey-core with nginx, etal added manually.  I never got around to turning it into a TKLdev appliance.  It is currently using Bind9 for split-dns, but I don't believe that would be appropriate for an appliance.  Lately I've been thinking of using the work done on the nginx reverse proxy in  the LXC appliance along with dnsmasq as a starting point.

Also, instead of just implementing a reverse proxy using nginx, I was thinking of including a squid proxy for transparently handling forward (outbound) proxy, and apt-cacher-ng for caching apt packages.  The catch is figuring out how to cache HTTPS using some kind of MITM approach ala eBlocker.

And last, of course I'd like it to run on a Raspberry Pi.

I'd be interested in hearing what features are most important in a proxy appliance.

Information is free, knowledge is acquired, but wisdom is earned.

Jeremy Davis's picture

I really like what Jonathan did with the Reverse Proxy appliance, although I'm not 100% sure that it deserves it's own appliance as is.

Don't get me wrong, it's pretty awesome with some great example conf, but by default (i.e. without further configuration) it's really just the Nginx appliance with some (disabled) example proxy config. But perhaps I'm missing something? (I haven't actually built it and tested it out, just looking over the buildcode).

Perhaps if it also included some super easy way to configure it (e.g. interactive inithook(s) and/or confconsole plugin) then it would warrant it's inclusion as a stand alone appliance?

TBH , I'm actually inclined to include his proxy conf example code back into the default Nginx appliance itself (disabled by default). Then we could document how to enable and configure it (although TBH the conf does quite well at speaking for itself IMO). Any thoughts on that?

@John - If you wanted to take it a step further and include squid and apt-cacher-ng, then that too perhaps would make it worthy of it's own standalone appliance? It might even be worth downloading and including that within the LXC appliance by default, or as a first boot option?

I'm not really sure TBH, just thinking aloud really...! :)

Jonathan Struebel's picture

This is pretty much just the NGINX appliance with the proxy config setup. I don't recall off-hand but there might be an additional config file or two that I added in support of a proxy setup that isn't in the default NGINX appliance. Also, I don't install MySQL or PHP I think since the idea was it would just pass requests through. But all-in-all that's not much different from the NGINX appliance. I don't have a problem with just including the proxy config with the NGINX appliance as an example.


I've actually toyed around with the idea of just making use of the LXC appliance and hosting the apps that I want accessible as containers. That way it's all relatively contained and you also get DNS with the dnsmasq. I'm really interested in the potential of TKLX for this since those docker containers would be lighter weight than the LXC containers from what I understand. Also if you had multiple apps that use a database you could install it once in one container and link the others to it.


If you added squid and apt-cacher-ng, possible also dnsmasq, would this new appliance work well for a home router? I've gone back and forth a little on my own setup whether it was a good idea to do the caching and proxying on the router itself or on a separate machine. The biggest advantage I see to putting it on the router is that it would be much easier to do a transparent proxying and caching. But then you're adding load to the router which you want to be able to move packets as fast as possible since it is the primary point of connection to the internet. I don't have much experience with network design and what works best or not, thus the question.

Add new comment