[HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post your questions about Web Server usage and Apache + PHP + MySQL/SQLite web applications.
Post Reply
charliebgood
New here
Posts: 5
Joined: Mon Jan 01, 2018 2:25 am

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by charliebgood »

Ah, this is interesting.
19. I put http:my-router-IP:8081 into Chrome (no VPN) and it shows my Wordpress site.
20. I put http:my-router-IP:8081 into Opera (with VPN) and it shows my Wordpress site, too.
21. I went into Wordpress settings and changed 'Wordpress Address (URL)' to my domain name http://www.example.ca and the same for 'Site Address (URL)'

Ok, that killed it.

22. Interestingly, I checked again and it is https://www.example.ca is still going to my QTS login.
But http://example.ca results in "This site can’t be reached www.example.ca took too long to respond."

23. Let's try my domain name but with the port... http://www.example.ca:8081 ... nope that did not work. Hrumph :-(

I did look at my router again, and I did have a port forwarding rule in place which should not have been there: router:8081 to NAS:8081. Perhaps that explains #19 and #20 above.
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

It depends on what you mean by "my-router-IP"? Is it your WAN-IP or your LAN-IP?
Remember that a router has at least two endpoints, each with its own IP.

And as I said; You should never forward port 8081.
ImageImageImage
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

I have completely rewritten this guide [March 2021]
ImageImageImage
nasnoob
Getting the hang of things
Posts: 74
Joined: Sun Jun 21, 2009 4:31 pm

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by nasnoob »

Hi, the new guide is great, I've managed to get the reverse proxy up and running. What i'm not trying to do is make it as secure as possible

I've scrambled each servicename so they are better hidden. Also I want to have a Location "Catch All" which returns a 404 error unless the exact service url is used (See first location entry below)

This code seems to work temporarily then fails after a while and I'm not sure why, does anyone know what i've done wrong or is there a better way to do this?



<Location /*>

Redirect 404 /

</Location>

<Location /abcd1234>

Order deny,allow

ProxyPass http://127.0.0.1:8989/abcd1234

ProxyPassReverse http://127.0.0.1:8989/abcd1234

</Location>

<Location /zxcv4321>

Order deny,allow

ProxyPass http://127.0.0.1:7878/zxcv4321

ProxyPassReverse http://127.0.0.1:7878/zxcv4321

</Location>
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

If you choose a "404" type message, you are signalling to a potential fraudulent visitor (web-crawlers) that they have come to the right place, but that "something" went wrong.
If you instead just pass "catch all" along to www.google.com, such crawlers will never understand that a "gold mine" just slipped by.
ImageImageImage
nasnoob
Getting the hang of things
Posts: 74
Joined: Sun Jun 21, 2009 4:31 pm

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by nasnoob »

Ah was wondering why you redirected to another site, but it makes sense, will update it thanks!

But Is the catch all syntax correct?

<Location /*>

Is there a better way to write a catch all redirect for all 'other urls' including servername:port as im not sure the above is very stable?
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

Code: Select all

#The section below is a "Catch-All" feature to get rid of suspicious connection attempts
<VirtualHost *:nn>
	ServerAlias *
	Redirect / https://www.google.com/
</VirtualHost>
nn is the port number you have chosen to use for your RP.
ImageImageImage
Davidson
Starting out
Posts: 12
Joined: Fri Feb 14, 2020 8:29 am

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by Davidson »

Ok so im a noob when it comes to writing these type of configs, in fact this is my first one, but im hoping someone will be able to help me out. The below config isn't doing anything and just getting a "page isnt working" in Chrome.

Code: Select all

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule  proxy_ftp_module     modules/mod_proxy_ftp.so
LoadModule  proxy_connect_module modules/mod_proxy_connect.so
<VirtualHost *:443>
       ServerName "My public IP Address"
	ProxyPass / https://"My NAS's LAN IP Address":8080/
	ProxyPassReverse / https://"My NAS's LAN IP Address":8080/
	SSLEngine On
	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia Off
	SSLCertificateKeyFile /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/key
	SSLCertificateFile /mnt/HDA_ROOT/.config/QcloudSSLCertificate/cert/cert
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

<Location /radarr>
	Order deny,allow
	ProxyPass http://10.1.1.213:7878/radarr/;
	ProxyPassReverse http://10.1.1.213:7878/radarr/;
</Location>

<Location /sonarr>
	Order deny,allow
	ProxyPass http://10.1.1.214:8989/sonarr/;
	ProxyPassReverse http://10.1.1.214:8989/sonarr/;
</Location>

<Location /ombi>
	Order deny,allow
	ProxyPass http://10.1.1.215:3579/;
	ProxyPassReverse http://10.1.1.215:3579/;
</Location>


<Location /overseerr>
	Order deny,allow
	ProxyPass http://10.1.1.225:5055/;
	ProxyPassReverse http://10.1.1.225:5055/;
</Location>

<Location /lidarr>
	Order deny,allow
	ProxyPass http://10.1.1.217:8686/;
	ProxyPassReverse http://10.1.1.217:8686/;
</Location>

<Location /bazarr>
	Order deny,allow
	ProxyPass http://10.1.1.220:6767/;
	ProxyPassReverse http://10.1.1.220:6767/;
</Location>

<Location /bobarr>
	Order deny,allow
	ProxyPass http://10.1.1.212:3000/;
	ProxyPassReverse http://10.1.1.212:3000/;
</Location>

<Location /gaps>
	Order deny,allow
	ProxyPass http://10.1.1.211:8484/;
	ProxyPassReverse http://10.1.1.211:8484/;
</Location>

<Location /grocy>
	Order deny,allow
	ProxyPass http://10.1.1.221:80/;
	ProxyPassReverse http://10.1.1.221:80/;
</Location>

<Location /jackett>
	Order deny,allow
	ProxyPass http://10.1.1.216:9117/;
	ProxyPassReverse http://10.1.1.216:9117/;
</Location>

<Location /tautulli>
	Order deny,allow
	ProxyPass http://10.1.1.21:8181/;
	ProxyPassReverse http://10.1.1.21:8181/;
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName "My public IP Address"
ServerAlias *."My public DNS name"
ServerAlias "My NAS's LAN IP Address"
	ProxyPass / http://"My NAS's LAN IP Address":8080/
	ProxyPassReverse / http://"My NAS's LAN IP Address":8080/
	ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia Off


<Location /radarr>
	Order deny,allow
	ProxyPass http://10.1.1.213:7878/radarr/;
	ProxyPassReverse http://10.1.1.213:7878/radarr/;
</Location>

<Location /sonarr>
	Order deny,allow
	ProxyPass http://10.1.1.214:8989/sonarr;
	ProxyPassReverse http://10.1.1.214:8989/sonarr;
</Location>

<Location /ombi>
	Order deny,allow
	ProxyPass http://10.1.1.215:3579/;
	ProxyPassReverse http://10.1.1.215:3579/;
</Location>


<Location /overseerr>
	Order deny,allow
	ProxyPass http://10.1.1.225:5055/;
	ProxyPassReverse http://10.1.1.225:5055/;
</Location>

<Location /lidarr>
	Order deny,allow
	ProxyPass http://10.1.1.217:8686/;
	ProxyPassReverse http://10.1.1.217:8686/;
</Location>

<Location /bazarr>
	Order deny,allow
	ProxyPass http://10.1.1.220:6767/;
	ProxyPassReverse http://10.1.1.220:6767/;
</Location>

<Location /bobarr>
	Order deny,allow
	ProxyPass http://10.1.1.212:3000/;
	ProxyPassReverse http://10.1.1.212:3000/;
</Location>

<Location /gaps>
	Order deny,allow
	ProxyPass http://10.1.1.211:8484/;
	ProxyPassReverse http://10.1.1.211:8484/;
</Location>

<Location /grocy>
	Order deny,allow
	ProxyPass http://10.1.1.221:80/;
	ProxyPassReverse http://10.1.1.221:80/;
</Location>

<Location /jackett>
	Order deny,allow
	ProxyPass http://10.1.1.216:9117/;
	ProxyPassReverse http://10.1.1.216:9117/;
</Location>

<Location /tautulli>
	Order deny,allow
	ProxyPass http://10.1.1.21:8181/;
	ProxyPassReverse http://10.1.1.21:8181/;
</Location>

</VirtualHost>
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

You need a public domain name:

Code: Select all

ServerName "My public IP Address"
The above will not work.
ImageImageImage
Davidson
Starting out
Posts: 12
Joined: Fri Feb 14, 2020 8:29 am

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by Davidson »

HI Oyvindo. I tried updating this to my public DNS domain mane however still has not worked. Can you please have a look and see if there is anything else ive done wrong?
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

I'm only a "hobbyist" myself when it comes to these things, so I may not be able to help you beyond what I myself deid and managed to get working - as described in the guide.
But I'll give it a try. First of all you must be very specific in explaining WHAT goes wrong. Just the fact that things doesn't work, isn't much to go by. Do you have any screens shots or error messages or log entries?
Secondly, I see that you use Location as you section placeholders, while I use VirtualHost in my config. I take it this is because your purpose is to allow a path to reach your internal services. That's not how I solved it. I used subdomains instead. So my solution would read: sonarr.mydomain.com and not www.mydomain.com/sonarr
ImageImageImage
alexkiddd
New here
Posts: 5
Joined: Wed Aug 04, 2021 5:21 am

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by alexkiddd »

Hi oyvindo! I have followed your guide to gain access to my jellyfin server from the internet and it works great! Thank you for your hard work!
I have a question about adding another app, if I want to do the same thing for qphoto so I can share photos with some people, I just have to add the lines to the custom.conf file but how do I get the let's encrypt certificate? I have used duckdns but on the nas interface you can only have one certificate at a time.

Thanks again!
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

Hi, good to hear that you made it work.
You can add as many "alias" as you like when you use QNAP's function to generate your Let's Encrypt certificates. But I think they have to share the same domain name. The subdomain name can be anything.

Sent fra min SM-G996B via Tapatalk

ImageImageImage
alexkiddd
New here
Posts: 5
Joined: Wed Aug 04, 2021 5:21 am

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by alexkiddd »

Thanks for the quick reply! I have created a dynamic dns with wildcard support, it redirects anything behind the main address to my ip, i have created again the lets encrypt certificate on the nas with multiple sub domains and it works! But now I wanted to use QPhoto, I have added to the reverse proxy the address and port but it doesn't work, it gives me ERR_HTTP2_PROTOCOL_ERROR. The android app also can't connect...

EDIT: From what I have gathered on this thread it's not possible to use qnap native apps through reverse proxy? I want to be able to share photos from qphoto to my friends, is there any safe way to achieve that? If I forward my https port directly on my router it defeats the purpose of the reverse proxy!
User avatar
oyvindo
Experience counts
Posts: 1399
Joined: Tue May 19, 2009 2:08 am
Location: Norway, Oslo

Re: [HOW-TO] Configure Reverse Proxy using the QNAP Apache with SSL support

Post by oyvindo »

I tried that myself, and it doesn't work. The self contained QNAP apps rely on Ajax to run web pages on port 8080 using a custom version of the built-in web deamon, and they just won't load. The only way to access these apps (some of them, not all) is to use the QNAPCloud or the QNAP mobile Apps.
ImageImageImage
Post Reply

Return to “Web Server & Applications (Apache + PHP + MySQL / SQLite)”