How can I reverse proxy FBox?

#1

Hi

I am running FBox inside Virtualbox, it all works. Now I want to proxy web services via Apache running on the host.

I have setup a subdomain for it, obtained LE certs in the host machine and added the lines below to dedicated vhost.

I am also running it under NAT network in Virtualbox so I forwarded :80 as 30080 to the host therefor you see these lines

  ProxyPass / http://127.0.0.1:30080/
  ProxyPassReverse / http://127.0.0.1:30080/
  RequestHeader set X-Forwarded-Proto "https"

It does not work. I am wondering if such setup is possible? I alsready have a webserver running so my 443 and 80 are already taken. That is why I am trying to proxy it.

thanks

#2

Any recommendations?

#3

Looking at this setup, I understand why you want to use FreedomBox with HTTP only. My solution in the other thread should do that job.

So, I don’t see major issues with why this setup would not work. I tried this and it work as follows:

On Host machine:

$ apt install apache2
$ a2enmod http
$ a2enmod http_proxy
$ a2enmod headers
$ cat /etc/apache2/conf-available/proxy.conf
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost on
$ a2enconf proxy
$ systemctl restart apache2

On FreedomBox:

$ a2dissite plinth-ssl
$ systemctl apache2 restart
$ vi /etc/plinth/plinth.conf (Set use_x_forwarded_host = False)
$ systemctl restart plinth

On browser:

http://localhost/plinth/

(worked)

I haven’t evaluated the security implications of setting use_x_forwarded_host = False. So, do your own research on that.

#4

Hi

Thanks for the reply. Well I have some progress but hitting this issue when I try to login (which I was not even able to load the login page whatsoever before)


Forbidden (403)

CSRF verification failed. Request aborted.


#5

Would you please try setting ProxyPreserveHost yes in both Apache configurations? For FreedomBox it should be in /etc/apache2/sites-enabled/plinth.conf, I think.

#6

Hi

Thanks for the help, so far that works. I think this should be in the official wiki, I am pretty sure many people might want to proxy it.

#7

If you are interested to contribute this piece to the official wiki, please feel free to edit the page /FreedomBox/Hardware/VirtualBox. Someone can always review the changes.