Reverse proxy

From Wildsong
Revision as of 03:15, 20 July 2018 by Brian Wilson (talk | contribs)
Jump to navigationJump to search

Bellman runs a plain old web server with Let's Encrpyt certificates. I have not gotten the automated renewal to work but this works: 

sudo -s
certbot certonly --cert-name bellman.wildsong.biz
certbot certonly --cert-name owncloud.wildsong.biz
certbot certonly --cert-name maps.wildsong.biz

I used the option "1: Place files in webroot directory (webroot)". It prompts for webroot which of course is /var/www/hostname/html.

Dockerized!

For a plain old web server, I am using richarvey's nginx, see https://hub.docker.com/r/richarvey/nginx-php-fpm/ It supports PHP. If I start it up like this and go to the page at http://bellman.wildsong.biz I see its PHP info.

You can add all the environment settings to have it pull code from github 

docker run -d --dns=192.168.123.2 --name=web \
-e 'GIT_EMAIL=my email' -e 'GIT_NAME=my name' -e 'GIT_USERNAME=my username' -e 'GIT_REPO=my repo name' \
-e 'GIT_PERSONAL_TOKEN=<long_token_string_here>' \
richarvey/nginx-php-fpm:latest

Moving on to set up HTTPS with Let's Encrypt, I add more environment settings to the above, 

-e "WEBROOT=/var/www/htdocs" -v /home/web/htdocs:/var/www/htdocs -e "DOMAIN=bellman.wildsong.biz" \

Then I can tell it I want HTTPS, 

docker exec -t web /usr/bin/letsencrypt-setup

uWSGI

uWSGI lets me deploy flask applications without having to run the built in server.

This page helped me: http://markjberger.com/flask-with-virtualenv-uwsgi-nginx/

and this: http://uwsgi-docs.readthedocs.io 

apt-get install uwsgi uwsgi-plugin-python

In the virtualenv environment install uwsgi 

source venv/bin/activate
pip install uwsgi

You can run from command line to test it 

uwsgi -s 192.168.1.2:5001 --protocol=http --wsgi-file /var/lib/twilio-weatherman/pyweatherman/wsgi.py

and this should work: http://192.168.1.2:5001/home/

Right now I only need to deploy a single app, so I just hacked a shell script and set it to run at boot.

/var/lib/twilio-weatherman/pyweatherman/uwsgi.sh

I changed nginx to work with it.

Building Nginx for Owncloud and Windows

The reason is to get digest authentication, so that I can use Windows 7 as a WebDAV client.

So far this is a FAIL.

  1. I cannot convince Windows to store a self-signed certificate.
  2. I can't get digest authentication to work with owncloud.

If I did succeed then I would need a Docker container so that I can load it in the Synology server.

Windows is a pain.

See https://moblog.wiredwings.com/archives/20110406/webdav-windows-7-and-self-signed-certificates-howto.html

and https://www.nginx.com/resources/wiki/modules/auth_digest/ 

git clone https://github.com/samizdatco/nginx-http-auth-digest.git
cd nginx-1*
./configure --add-module=../nginx-http-auth-digest/ --with-http_ssl_module --with-cc-opt=-Wno-error
make
sudo make install
Retrieved from "https://wiki.wildsong.biz//index.php?title=Reverse_proxy&oldid=10990"