Using NGINX as reverse proxy to webmin on a remote server

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Using NGINX as reverse proxy to webmin on a remote server

Carsten Laun-De Lellis

Hi all

 

I am new to Nginx and I don’t get a setup running with one central web server and several webin servers.

 

The webin servers are setup according the following scheme:

 

WebminX runs on https://hostX.local.domain:10000.

 

My goal is to setup a central Nginx server and reverse proxy to the different webmin servers.

 

Therefor I created the following conf:

 

server {

        listen 443 ssl;

        server_name nginxhost.local.domain;

        ssl_certificate /certs/ nginxhost.delellis.net.cert.pem;

        ssl_certificate_key /certs/ nginxhost.delellis.net.privkey.pem;

 

 

        # NGINX usually only allows 1M per request. Increase this to JIRA's maximum attachment size (10M by default)

        client_max_body_size 10M;

 

        location /host1 {

                proxy_pass https://host1.local.domain:10000/;

                proxy_set_header X-Forwarded-Host $host;

                proxy_set_header X-Forwarded-Server $host;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_buffering off;

                sub_filter_once off;

        }

 

        location /host2 {

                proxy_pass https://host2.local.domain:10000/;

                proxy_set_header X-Forwarded-Host $host;

                proxy_set_header X-Forwarded-Server $host;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_buffering off;

                sub_filter_once off;

        }

 

}

 

Unfortunately this is not working. I have checked the internet but found only how-tos where Nginx and webmin server running on the same host. Also these how-tos don’t work for me.

 

I would appreciate any help on this.

 

Mit freundlichem Gruß / Best regards

 

Carsten Laun-De Lellis

 

Hauptstrasse 13

D - 67705 Trippstadt

 

Phone: +49 6306 5269850

Mobile: +49 151 275 30865

Fax:     +49 6306 992142

email: [hidden email]

 

http://www.linkedin.com/in/carstenlaundelellis

 

USt.-ID.: DE257421372

 

---------------------------------------------------

Diese E-Mail könnte vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

 


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Using NGINX as reverse proxy to webmin on a remote server

Francis Daly
On Fri, Apr 24, 2020 at 09:01:36AM +0000, Carsten Laun-De Lellis wrote:

Hi there,

> The webin servers are setup according the following scheme:
>
> WebminX runs on https://hostX.local.domain:10000.
>
> My goal is to setup a central Nginx server and reverse proxy to the different webmin servers.

>         location /host1 {
>                 proxy_pass https://host1.local.domain:10000/;

For this, you probably want "location /host1/" (with the trailing /).

> Unfortunately this is not working. I have checked the internet but found only how-tos where Nginx and webmin server running on the same host. Also these how-tos don't work for me.
>

What does "not working" mean here?

You make one specific request; you want to get one specific response;
but you get a different response instead?


I suspect that things will be simpler if you are happy to reconfigure
all of the "webmin" instances so that they believe they are installed
at the same place in the url hierarchy as the external users see. That is:

* add the line webprefix=/host1 to /etc/webmin/config on host1
* add the line webprefix=/host2 to /etc/webmin/config on host2

and then change your config to only use one trailing slash like so:

  location /host1/ {
    proxy_pass <a href="https://host1.local.domain:10000;">https://host1.local.domain:10000;


And if there is still a problem, if you can show the request/response that
does not do what you expect, it may be simpler for others to understand
and help.

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

AW: Using NGINX as reverse proxy to webmin on a remote server

Carsten Laun-De Lellis
Hi Francis

First of all. Thank you very much for your quick reply.

As I said I am new to Nginx and not 100% sure, what information you need to help me here.

I tried your config, but it doesn't work. This means I am forwarded to the webmin login page, but can see the basic html only (login form, headline). I cannot see any graphical elements, like colors, gifs ....

I have attached screenshots from the login page, and after login. I have also attached a simple network drawing how the servers are connected.

If you need some more information please let me know what to look for in the logs.

Mit freundlichem Gruß / Best regards

Carsten Laun-De Lellis
 
Hauptstrasse 13
D - 67705 Trippstadt
 
Phone: +49 6306 5269850
Mobile: +49 151 275 30865
Fax:     +49 6306 992142
email: [hidden email]
 
http://www.linkedin.com/in/carstenlaundelellis
 
USt.-ID.: DE257421372
 
---------------------------------------------------

Diese E-Mail könnte vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

-----Ursprüngliche Nachricht-----
Von: Francis Daly <[hidden email]>
Gesendet: Saturday, April 25, 2020 7:45 PM
An: [hidden email]
Betreff: Re: Using NGINX as reverse proxy to webmin on a remote server

On Fri, Apr 24, 2020 at 09:01:36AM +0000, Carsten Laun-De Lellis wrote:

Hi there,

> The webin servers are setup according the following scheme:
>
> WebminX runs on https://hostX.local.domain:10000.
>
> My goal is to setup a central Nginx server and reverse proxy to the different webmin servers.

>         location /host1 {
>                 proxy_pass https://host1.local.domain:10000/;

For this, you probably want "location /host1/" (with the trailing /).

> Unfortunately this is not working. I have checked the internet but found only how-tos where Nginx and webmin server running on the same host. Also these how-tos don't work for me.
>

What does "not working" mean here?

You make one specific request; you want to get one specific response; but you get a different response instead?


I suspect that things will be simpler if you are happy to reconfigure all of the "webmin" instances so that they believe they are installed at the same place in the url hierarchy as the external users see. That is:

* add the line webprefix=/host1 to /etc/webmin/config on host1
* add the line webprefix=/host2 to /etc/webmin/config on host2

and then change your config to only use one trailing slash like so:

  location /host1/ {
    proxy_pass <a href="https://host1.local.domain:10000;">https://host1.local.domain:10000;


And if there is still a problem, if you can show the request/response that does not do what you expect, it may be simpler for others to understand and help.

Cheers,

        f
--
Francis Daly        [hidden email]


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

webmin.png (27K) Download Attachment
webmin_after_login.png (39K) Download Attachment
Nginx_Webmin.png (25K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: AW: Using NGINX as reverse proxy to webmin on a remote server

P.V.Anthony
On 27/4/20 2:19 pm, Carsten Laun-De Lellis wrote:

> As I said I am new to Nginx and not 100% sure, what information you need to help me here.
>
> I tried your config, but it doesn't work. This means I am forwarded to the webmin login page, but can see the basic html only (login form, headline). I cannot see any graphical elements, like colors, gifs ....

Checkout the following link.
https://serverfault.com/questions/443482/proxying-webmin-with-nginx

P.V.Anthony
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

AW: AW: Using NGINX as reverse proxy to webmin on a remote server

Carsten Laun-De Lellis
Hi Anthony

Thank you for your quick reply.

I've tried to configure my servers according to the link you sent, but it didn't work out.

The config on the Nginx server looks like:
server {
        server_name vml000036.delellis.net;
        listen 192.168.178.36:80;

        location /vml000032 {
                proxy_pass      <a href="http://192.168.1.32:10000;">http://192.168.1.32:10000;
                proxy_set_header        Host         $host;
        }
}

The webmin config on the upstream server looks like:
path=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
passwd_cindex=2
ld_env=LD_LIBRARY_PATH
tempdelete_days=7
by_view=0
find_pid_command=ps auwwwx | grep NAME | grep -v grep | awk '{ print $2 }'
passwd_pindex=1
passwd_file=/etc/shadow
passwd_mindex=4
passwd_uindex=0
os_type=debian-linux
os_version=9.0
real_os_type=Ubuntu Linux
real_os_version=18.04.4
lang=en.UTF-8
log=1
referers_none=1
md5pass=1
theme=authentic-theme
product=webmin
webprefix=/vml000032
webprefixnoredir=1
referer=vml000036.delellis.net

I have tried also as referer the IP Address of the Nginx server, but didn't work either.

When I open the page in my webbrowser I get the logon screen to the webmin sever on my Nginx hostsystem. Not on vml000032.

But even when I try to login the page refreshes and nothing else happens.

Mit freundlichem Gruß / Best regards

Carsten Laun-De Lellis
 
Hauptstrasse 13
D - 67705 Trippstadt
 
Phone: +49 6306 5269850
Mobile: +49 151 275 30865
Fax:     +49 6306 992142
email: [hidden email]
 
http://www.linkedin.com/in/carstenlaundelellis
 
USt.-ID.: DE257421372
 
---------------------------------------------------

Diese E-Mail könnte vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

-----Ursprüngliche Nachricht-----
Von: P.V.Anthony <[hidden email]>
Gesendet: Monday, April 27, 2020 11:51 AM
An: [hidden email]
Betreff: Re: AW: Using NGINX as reverse proxy to webmin on a remote server

On 27/4/20 2:19 pm, Carsten Laun-De Lellis wrote:

> As I said I am new to Nginx and not 100% sure, what information you need to help me here.
>
> I tried your config, but it doesn't work. This means I am forwarded to the webmin login page, but can see the basic html only (login form, headline). I cannot see any graphical elements, like colors, gifs ....

Checkout the following link.
https://serverfault.com/questions/443482/proxying-webmin-with-nginx

P.V.Anthony


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

webminlogin36.png (35K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: AW: AW: Using NGINX as reverse proxy to webmin on a remote server

P.V.Anthony
On 27/4/20 8:49 pm, Carsten Laun-De Lellis wrote:

> I've tried to configure my servers according to the link you sent, but it didn't work out.

I tried on my server and got it to work. Not exactly the way you may
want. This is a start for further research. It seems that there are
webmin settings that need to be done and not nginx.

Here is my config for nginx.

server {
         listen *:80;


         server_name webmin.example.com ;

         root   /var/www/webmin.example.com/web/;


         location / {
             proxy_pass http://127.0.0.1:10000/;

         }

Added the line to the bottom of /etc/webmin/config
referer=1

The above is not a good idea but a start for more research.

Next disable ssl in webmin. For me I had to change the file
/etc/webmin/miniserv.conf with ssl=0

The above works for me.

Having said all that, I do not like the idea of webmin facing the
internet. To scary for me.

I would just use ssh -D 8080 user@server then with firefox set to proxy
on 8080 and use webmin. I feel that is much more safer.

It is like a vpn connection.

P.V.Anthony





_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: AW: AW: Using NGINX as reverse proxy to webmin on a remote server

P.V.Anthony
In reply to this post by Carsten Laun-De Lellis
On 27/4/20 8:49 pm, Carsten Laun-De Lellis wrote:

> I've tried to configure my servers according to the link you sent, but it didn't work out.

Here is more information found in the internet.

https://serverfault.com/questions/740818/webmin-and-reverse-proxy

https://github.com/webmin/webmin/issues/420

Here is some documentation for using ssh like a vpn.
https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/

read this section, "Dynamic Port Forwarding: Use Your SSH Server as a
Proxy" from the above link.

P.V.Anthony
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: AW: Using NGINX as reverse proxy to webmin on a remote server

Francis Daly
In reply to this post by Carsten Laun-De Lellis
On Mon, Apr 27, 2020 at 12:49:16PM +0000, Carsten Laun-De Lellis wrote:

Hi there,

Thanks for the pictures in your previous reply; they do give a bit of
a hint as to what is going on.

The "after-login" picture shows that /session_login.cgi does not exist
on nginx -- that is to be expected, because you want that link to go to
/vml000032/session_login.cgi instead. (Otherwise, you would not be able
to have two separate webmin instances in different places.)

> I've tried to configure my servers according to the link you sent, but it didn't work out.

It appears to be the case that webmin is not especially straightforward
to reverse-proxy at a non-root url.

From the various web pages listed, it looks like there may be different
versions of webmin that do different things.

So if you are happy to keep testing and trying, there are perhaps a few
more things that you can try.

> The config on the Nginx server looks like:
> server {
>         server_name vml000036.delellis.net;
>         listen 192.168.178.36:80;
>
>         location /vml000032 {
>                 proxy_pass      <a href="http://192.168.1.32:10000;">http://192.168.1.32:10000;
>                 proxy_set_header        Host         $host;

The linked web page seems to suggest that you want

  location /vml000032/ { # with the trailing /
    proxy_pass http://192.168.1.32:10000/; # with the trailing /
    proxy_set_header Host $host;
    proxy_redirect http://$host:10000/ /vml000032/;
  }

I suspect that you either want both of the last two lines, or neither
of them. You may be better of with neither; only testing will show.

> The webmin config on the upstream server looks like:

> webprefix=/vml000032
> webprefixnoredir=1
> referer=vml000036.delellis.net

That looks like it has a chance of working, so long as webmin is not
running with ssl.

Maybe webmin config also can use

  relative_redir=1

And it may be useful to edit miniserv.conf so that it includes

  cookiepath=/vml000032

> When I open the page in my webbrowser I get the logon screen to the webmin sever on my Nginx hostsystem. Not on vml000032.
>

I suspect that that is because you used the line

  proxy_set_header Host $host;

When the rest is working, you can perhaps try to log in using credentials
that are different on the two servers, and see which lets you in.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx