hi, i got a domain that i would like to redirect to my CT 102 How do you do this ? is pveproxy can do this directly ? (i tried to do this with my CT 100 which has nginx listening on port 80 proxy_pass to my CT 102, but redmine don't start like this) I'm lost... How easy redirect a domain.tld to a CT, and anothe domain.tld to another CT ?
redirect domain to a specific CT ID
- Thread starter ibasaw
- Start date
this sounds like youre talking about webservers. in that case you need a CT that listens on port 80 of whatever IP all these domains point to. you'll need to route the traffic to that container via iptables. on this container you want a http proxy. both lighttpd and apache2 can do this. This proxy will then forward requests depending on the domain to a different IP. all you need to do then is have further containers with internal IP addresses (192.168.0.0/16 or whatever) and make the proxy forward requests to these internal addresses. The proxy container also needs an IP address in that range to be able to do that.
Please note that you WILL need a wildcard certificate on the proxy or else https connections WILL report invalid certificates since the proxy can only have 1 cert and it needs to match all the domains you intend to proxify.
Please note that you WILL need a wildcard certificate on the proxy or else https connections WILL report invalid certificates since the proxy can only have 1 cert and it needs to match all the domains you intend to proxify.
Last edited:
@mo_ in fact, this is what i did. But with proxy and nat with nginx, and my redmine appliance don't work at all. I use proxy_pass https://192.168.0.3:443/; like this. CT100 nginx proxy pass to CT102 redmine and got this error:
++
Code:
undefined method `level=' for nil:NilClass (NoMethodError)
I think you need this header in nginx.conf:
proxy_set_header X-Forwarded-Proto https;
Below an example from my nginx proxy:
proxy_set_header X-Forwarded-Proto https;
Below an example from my nginx proxy:
Code:
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/certs/datanom.net.pem;
ssl_certificate_key /etc/nginx/certs/datanom.net.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:ECDHE_RSA_WITH_AES_256_CBC_SHA:ECDHE_RSA_WITH_AES_128_CBC_SHA:ECDHE_RSA_WITH_RC4_128_SHA:ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:AES256-SHA256:HIGH:!RC4:!MEDIUM:!MD5:!aNULL:!EDH:!AESGCM:!kEDH;
ssl_prefer_server_ciphers on;
gzip on;
server_name owncloud.datanom.net;
access_log off;
error_log /dev/null crit;
location / {
proxy_pass https://172.16.1.6/;
#Proxy Settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}while we're at it, this is how my lighttpd proxy looks like:
well thats actually pretty much it. the only thing left then is to assign domains to IP addresses. I have implemented this construct mainly as a honeypot for some currently unused domains.
and so on...
Incidentally I also decided to use 172.16.0.0/16 for my internal network, ha.
Also, remember to disable RC4 in your allowed ciphers list as it is considered insecure post-Snowden. Dont wanna go too far offtopic, but you can disable insecure SSL ciphers in your browsers as well. for firefox youd go to about:config, use the search string "RC4" and set all the security.ssl3.<SOMETHING> entries that come up to FALSE (DISCLAIMER: may break some websites that only offer insecure ciphers. but you should avoid these websites anyhow).
For more details: https://bettercrypto.org/static/applied-crypto-hardening.pdf (includes configuration suggestions for various webservers)
Code:
server.modules += ( "mod_proxy" )
server.bind = "0.0.0.0"
$SERVER["socket"] == "[::]:443" { server.use-ipv6="enable" }
$SERVER["socket"] == "[::]:80" { server.use-ipv6="enable" }
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl.key/web1.pem"
ssl.ca-file = "/etc/lighttpd/ssl.crt/ca-web1.crt"
ssl.use-sslv2 = "disable"
ssl.cipher-list = "TLSv1+HIGH !SSLv2 !aNULL !eNULL !3DES @STRENGTH" # This is an old config and obviously needs tuning
}
Code:
$HTTP["host"] == "domain1.TLD" {
proxy.server = ( "" => ( ( "host" => "172.16.XXX.XXX" ) ) )
}Incidentally I also decided to use 172.16.0.0/16 for my internal network, ha.
Also, remember to disable RC4 in your allowed ciphers list as it is considered insecure post-Snowden. Dont wanna go too far offtopic, but you can disable insecure SSL ciphers in your browsers as well. for firefox youd go to about:config, use the search string "RC4" and set all the security.ssl3.<SOMETHING> entries that come up to FALSE (DISCLAIMER: may break some websites that only offer insecure ciphers. but you should avoid these websites anyhow).
For more details: https://bettercrypto.org/static/applied-crypto-hardening.pdf (includes configuration suggestions for various webservers)
Last edited:
this is not a SSL problem, because i try to access it on port 80 and got the same problem
Code:
undefined method `level=' for nil:NilClass (NoMethodError)
/var/www/redmine/config/environments/production.rb:17:in `block in <top (required)>'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/railtie/configurable.rb:24:in `class_eval'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/railtie/configurable.rb:24:in `configure'
/var/www/redmine/config/environments/production.rb:2:in `<top (required)>'
/var/lib/gems/1.9.1/gems/activesupport-3.2.12/lib/active_support/dependencies.rb:251:in `require'
/var/lib/gems/1.9.1/gems/activesupport-3.2.12/lib/active_support/dependencies.rb:251:in `block in require'
/var/lib/gems/1.9.1/gems/activesupport-3.2.12/lib/active_support/dependencies.rb:236:in `load_dependency'
/var/lib/gems/1.9.1/gems/activesupport-3.2.12/lib/active_support/dependencies.rb:251:in `require'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/engine.rb:571:in `block in <class:Engine>'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/initializable.rb:30:in `instance_exec'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/initializable.rb:30:in `run'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/initializable.rb:55:in `block in run_initializers'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/initializable.rb:54:in `each'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/initializable.rb:54:in `run_initializers'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/application.rb:136:in `initialize!'
/var/lib/gems/1.9.1/gems/railties-3.2.12/lib/rails/railtie/configurable.rb:30:in `method_missing'
/var/www/redmine/config/environment.rb:14:in `<top (required)>'
config.ru:3:in `require'
config.ru:3:in `block in <main>'
/var/lib/gems/1.9.1/gems/rack-1.4.5/lib/rack/builder.rb:51:in `instance_eval'
/var/lib/gems/1.9.1/gems/rack-1.4.5/lib/rack/builder.rb:51:in `initialize'
config.ru:1:in `new'
config.ru:1:in `<main>'
/var/lib/gems/1.9.1/gems/passenger-4.0.20/helper-scripts/rack-preloader.rb:105:in `eval'
/var/lib/gems/1.9.1/gems/passenger-4.0.20/helper-scripts/rack-preloader.rb:105:in `preload_app'
/var/lib/gems/1.9.1/gems/passenger-4.0.20/helper-scripts/rack-preloader.rb:150:in `<module:App>'
/var/lib/gems/1.9.1/gems/passenger-4.0.20/helper-scripts/rack-preloader.rb:29:in `<module:PhusionPassenger>'
/var/lib/gems/1.9.1/gems/passenger-4.0.20/helper-scripts/rack-preloader.rb:28:in `<main>'I guess you could find more experienced help on some nginx (or whatever you use) forum, perhaps...
Marco
Marco
I would even go so far as to say that this is probably a redmine problem. You would most likely have to take it up with them
also:
also:
via http://stackoverflow.com/questions/18645070/how-to-move-redmine-to-a-sub-uri-with-nginx-as-a-proxySee link below said: