Jump to content
Swynol

Reverse Proxy VS hostname forwarding

Recommended Posts

Swynol

So currently i access my various application from externally by creating a forwarding rule with my domain registrar to point to my dynamic DNS service and port number,

 

example emby.mydomain.com forwards to mydomain.dyndns.info:8920 

 

I use a cert to give it HTTPS however i get the usual errors saying its unsecure because the cert is assigned to my domain name yet it forwards to a ddns. 

 

so what benefit would i have running something like apache and a reverse proxy? is it simple to setup? i have other applications running which i access on different ports would i be able to access these with reverse proxy aswell?

 

if i run apache on the same windows box as emby would it have an impact on emby? i.e resources, bandwidth, transcoding...

 

and anyone successfully running it with a domain name, DDNS etc?

Share this post


Link to post
Share on other sites
Night

Why run it with DDNS in the first place on a non owned domain? you have a domain why not use only that? 

Share this post


Link to post
Share on other sites
Swynol

my external IP isnt static so i need something that can resolve the IP if it changes.

Share this post


Link to post
Share on other sites
Night

Who is your registar, registars like namecheap and godaddy offers an update client much like ddns for their domains :)

Share this post


Link to post
Share on other sites
Swynol

well bloody hell..... i never knew namecheap had a ddns. that changes things.

 

although my orignal question stands. any reason to use a reverse proxy over a ddns 

Share this post


Link to post
Share on other sites
Night

reverse proxy you can hide my service under one port / domain thus only have one open port outside your network (443), so it does adds securtiy, 

 

Reverse proxy / ddns are not the same not made to solve the same problem. 

Share this post


Link to post
Share on other sites
Swynol

ok thanks. are you familiar with namecheap? 

 

i'm now using their DDNS. however i'm not sure how to set it up.

 

i have test.mydomain.com setup to update my ddns. how to i create a subdomain to point to the DDNS including a port number? previously i was using a URL redirect.

 

Will creating a URL redirect using emby.mydomain.com redirected to http://test.mydomain.com:8096? i would like to mask it or create a permanant redirect but they never worked in the past i had to use a unmasked redirect.

Share this post


Link to post
Share on other sites
pir8radio

Just adding my two cents...  I have a domain name that i own (a few actually) and my server is on a DHCP network as well...   I use the FREE https://www.dynu.com/  DDNS service here it supports ipv6 as well. It's a good service I have had zero issues, I even became a member for their domain email service and pay for that..   Redirects suck.   They often don't work with apps that are programmed to go to a specific path.     A reverse proxy will allow you to open one set of ports on your firewall   (say port 80 http and 443 https) and run many websites/different servers without having to open a million ports...

 

For example I have a webserver running for a few domain names, I also have Emby, PRTG, and a separate reporting server running... All funneled through a reverse proxy and  all that changes is my domain name prefix    serverone.mydomain.com or server2.mydomain.com etc..   that way all of the original paths work, no redirect trickery is needed, you don't have to worry about search engine caching redirects and what not either.   Your reverse proxy adds a little security as well, there is only that one application to secure and monitor.

 

To be clear a reverse proxy is kind of like a router for many (or one) web servers/services where as DDNS tells the public clients how to reach your server.   

Edited by pir8radio

Share this post


Link to post
Share on other sites
Night

I can help with namecheap, I would rather use a CNAME than url redirect. 

Edited by Night

Share this post


Link to post
Share on other sites
chenks

did anyone get reverse proxy working?

 

i have reverse proxy on my "server" and works fine with plex, couchpotato, sonarr etc (via blah.com/plex, blah.com/couchpotato etc etc).

all going thru port 80 on the router (means i don't need to open up numerous ports).

can i do the same with Emby?

Share this post


Link to post
Share on other sites
Night

did anyone get reverse proxy working?

 

i have reverse proxy on my "server" and works fine with plex, couchpotato, sonarr etc (via blah.com/plex, blah.com/couchpotato etc etc).

all going thru port 80 on the router (means i don't need to open up numerous ports).

can i do the same with Emby?

Yes, same syntax should work as with plex,

 

Can you post your vhost conf?

Share this post


Link to post
Share on other sites
chenks

this is my config file at the moment (without emby added).


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  servernamegoeshere, 192.168.1.50;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

	location /sabnzbd {		proxy_pass http://127.0.0.1:38080;		proxy_set_header Host $host;		

proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	}

	location /web {		proxy_pass http://127.0.0.1:32400/web;		proxy_set_header Host $host;		

proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	}

	location /sonar {		proxy_pass http://127.0.0.1:38082;		proxy_set_header Host $host;		

proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	}

	location /couchpotato {		proxy_pass http://127.0.0.1:38083;		proxy_set_header Host $host;		

proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	}

	location /transmission {		proxy_pass http://127.0.0.1:9091;		proxy_set_header Host 

$host;		proxy_set_header X-Real-IP $remote_addr;		proxy_set_header X-Forwarded-For 

$proxy_add_x_forwarded_for;	}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

Share this post


Link to post
Share on other sites
Night

ah nginx, I did mine in Apache. 

I'll do some testing to see if i can get a working proxy for nginx,

 

Do you want more than one proxy on one server? I have set up my proxy to have /emby /plex /other /other1 /other2 

Share this post


Link to post
Share on other sites
chenks

i already have the following (via nginx)

 

/couchpotato

/sonarr

/transmission

/sabnzbd 

 

and

/web which is plex, as we couldn't work out any other way to get it to work, would have preferred /plex obviously though.

Edited by chenks

Share this post


Link to post
Share on other sites
Night

Testing now, well report back, need to learn nginx again been awhile

Share this post


Link to post
Share on other sites
Night

This works to get only /emby/

location /web {
    proxy_pass http://127.0.0.1:8096;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

location /emby {
    proxy_pass http://127.0.0.1/web;
  }

Since both Plex and Emby use /web/ it is a challange to get them both working, but ill look in to it.

Share this post


Link to post
Share on other sites
chenks

yes that was the issue i had

both have the same base URL.

Share this post


Link to post
Share on other sites
pir8radio

This is why I suggest using  XXXXXX.domainname.com its painless in reverse proxies and doesn't piss off device apps, sub directories don't overlap either....    Try something like this:

 

location /emby {
rewrite /emby/(.*) /$1 break;
proxy_pass http://127.0.0.1:8096;
proxy_redirect off;
proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

 

location /plex {
rewrite /plex/(.*) /$1 break;
proxy_pass http://127.0.0.1:9999;   # whatever your plex port is
proxy_redirect off;
proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

 

these options will   take http://yourdomain.com /plex/whatever.html   and send it to the server as http://127.0.0.1/whatever.html     take the silly /web out of the equation.   I'm sure I forgot something so take that with a grain of salt... these are basic examples.   Don't forget you can use regex in nginx configs...

Edited by pir8radio

Share this post


Link to post
Share on other sites
chenks

the /web can't be taken out the equation though, as plex requires that.

Share this post


Link to post
Share on other sites
pir8radio

the /web can't be taken out the equation though, as plex requires that.

 

yea but plex should correct you...   so when you are on the local box and you go to http://127.0.0.1:9999 (or whatever plex port)  plex will respond take you to a page and you end up at http://127.0.0.1:9999/web/ automatically correct?  So with the reverse proxy as a client you should see  http://yourdomain.com/plex/web/   if you wrote your ngnix rules correctly.   I can test my example above, but did it work for you?

Share this post


Link to post
Share on other sites
Swynol

I can help with namecheap, I would rather use a CNAME than url redirect. 

that would be awesome. how would i use a cname?

 

so my ddns uses dns.mydomain.co.uk to update my IP on namecheap. i then want to access emby by going to emby.mydomain.co.uk so at the moment i have a url redirect using unmasked so that when i type emby.mydomain.co.uk it redirects to dns.mydomain.co.uk:8920

Share this post


Link to post
Share on other sites
Night

WHat is your end goal and we can go from that, cname is not needed since we can set up ddns directly on your domain 

Share this post


Link to post
Share on other sites
chenks

it works for emby, but not for plex, which i suspected would be the case.

 

401 unauthorised when using domain.com/plex

Edited by chenks

Share this post


Link to post
Share on other sites
Night

it works for emby, but not for plex, which i suspected would be the case.

 

401 unauthorised when using domain.com/plex

Yeah, I have not found away around that, but you can set up a redirct from /plex/ to /web/,

 

I'll look abit more around, just started out with nginx used apache before so. (I have no idea why it took my so long to swtich after aday on nginx i love it)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...