You are here
David Hall - Thu, 2013/08/15 - 01:42
I really like how all TKL appliances have the Webmin, Webshell, and PhpMyAdmin in some cases automatically deployed and listening on ports 12320, 12321, etc...
Trouble is, sometimes I am working at a site with Web Proxy that will only allow 80/443 through. So I can no longer access these tools.
Is there an options to configure these to be sub-directory or path, ie. mydomain.com/webmin rather than mydomain.com:12321?
Thanks
Forum:
Tags:
Webshell on 443 with lighttpd proxy
Hi Dave (btw, we have same last names)
Anyway, wanted to do as you inquired about. Namely accessing webshell via port 443 (https) such as: https://servername/webshell or something like that.
I initially followed this procedure with modification: http://blog.remibergsma.com/2013/03/15/always-available-linux-terminal-shell-in-a-box-on-raspberry-pi/
This is what I did to get webshell working over https on port 443.
Edited: /etc/lighttpd/lighttpd.conf by adding the following to the end of file:
proxy.server = (
"/console" =>
( (
"host" => "127.0.0.1",
"port" => 12320,
) )
)
I then edited the /etc/default/shellinabox by changing the _ARGS as follows:
SHELLINABOX_ARGS="--no-beep -s/console:LOGIN"
Note that 'console' matches the same location in the proxy server settings.
At this point, I followed the above link to set the mod_proxy, although adding just adding this directive to the lighttpd.conf is all I need to do.
reload/restart lighttpd and shellinabox
/etc/init.d/shellinabox restart
Finished Product:
I hope this helps. I'm just an advance n00b trying to make sense of stuff.
Intellectual curiosity drives innovation.
That's it..!
Although the choice of which webserver to use (LigHTTPd in the link and your example) would depend on the appliance...
As ports are exclusive to a service if you are using the LAMP appliance then configuring Apache to do the job would make much more sense (as that's the web server you're using already). Same would apply if you were using an appliance with NginX as the webserver.
Also I imagine that similar steps with Webmin would also apply (bind the Webmin miniserver to local host and route the traffic through webserver proxy)
Also if you are using phpMyAdmin that will be a little different. IIRC that already runs under Apache by default. So it would be a case of changing the virtual server and port that Apache normally listens on for that.
Just a reminder too (that no doubt you are already aware of...) I would not recommend accessing any of these services by plain HTTP. As they are powerful tools that allow serious access to your system, transmitting passwords unencryted over the internet is a really bad idea! I would only allow them on HTTPS! (But you may need to disable SSL/TLS in the app themselves and adjust the config on your webserver to use HTTPS only - at least for these services).
Another option (if you have multiple appliances all running on the same LAN behind a common proxy) would be to set up a reverse proxy to reroute traffic to the desired service on the desired server. If you have lots of different appliances then that may be a better alternative?
Add new comment