Reverse proxy - hosting web app locally

Discussion in 'Guides' started by Woyager, Nov 6, 2018.

  1. Woyager

    Woyager New Member

    Joined:
    Nov 6, 2018
    Messages:
    6
    Likes Received:
    0
    Hello guys.

    I am currently working on a project where I would like to be able to access my web App N.1 (currently accessible only via IP:pORT) trough HTTPS and domain (https://www.example.eu/Application1) web App N.2 (https://www.example.eu/Application2) etc...

    To be honest i am pretty clueless on how to actually do it as i am totally new in this area. I did find some info on reddit but those tutorials are mainly for linux and not windows 10. Secondly, they are all written in a pretty advanced level so I am not really able to follow them.

    I already have the domain name bought.
    I know I have to use NGINX or apache (or other reverse proxy - I dont know which one is better).
    DNS is cloudflare - I´ve found somewhere that they have better routing with lower latency.


    Any help would be much appreciated.
     
    #1
  2. BackupProphet

    BackupProphet Well-Known Member

    Joined:
    Jul 2, 2014
    Messages:
    720
    Likes Received:
    253
    Windows also has a /etc/hosts file somewhere where you can put your custom domains. You don't actually need to buy a domain for local use. I have no idea about configuring Apache nor Nginx for Windows. But what you usually want is to configure for a new site/domain as a virtual host.
     
    #2
  3. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    430
    Likes Received:
    144
    You only need a reverse proxy if you don't want to expose your web server(s) to the Internet.

    So, the question is do you want to expose the web server(s) or not? If not, why not?
     
    #3
  4. Woyager

    Woyager New Member

    Joined:
    Nov 6, 2018
    Messages:
    6
    Likes Received:
    0
    People who are accessing the current domain are complaining about me not using HTTPS (they are loging into the web app with their login info and exposing it) I know that I can not use HTTPS if I am not using a domain. Secondly, as I have already bought the domain name, it would be much easier for them to use that, instead of the IP and port numbers which are also hard to memorize.
     
    #4
  5. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    430
    Likes Received:
    144
    HTTPS has nothing to do with using a domain name or not, it has to do with how the web server(s) is configured.

    Again, back to my original question.
     
    #5
  6. Woyager

    Woyager New Member

    Joined:
    Nov 6, 2018
    Messages:
    6
    Likes Received:
    0
    Well I don't really care if my server is exposed as long as the information that is in there stays safe and will be accessible only by those who have the login credentials.

    The only thing that I want to do is for the users to be able to access the web app trough domain with https. The way with reverse proxy was only mentioned here because i have read on one forum that they did it with reverse proxy.
     
    #6
  7. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    430
    Likes Received:
    144
    And there in lies the rub. Securing a web server exposed to the web is *not* a trivial task. A reverse proxy can only mitigate some of it, not all. You still have to harden the entire web server stack.
     
    #7
  8. Woyager

    Woyager New Member

    Joined:
    Nov 6, 2018
    Messages:
    6
    Likes Received:
    0
    What could that actually mean to me as a layman ?
     
    #8
  9. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    430
    Likes Received:
    144
    It means...to be honest...

    1. Don't run a server exposed to the internet.
    2. Learn what you need to, to do #1
    3. Hire someone who knows how to do #1.
     
    #9
  10. Woyager

    Woyager New Member

    Joined:
    Nov 6, 2018
    Messages:
    6
    Likes Received:
    0
    So that basically means that even now when i am running the web app trough ip and port it is not that particularly safe?

    Secondly, if I choose to use the reverse proxy to "mitigate some of it" and not "all of it" as the info that they are actually enter is nothing like security IDs nor card numbers, just nickname and password they created for my services? The actual number of people who will when know about the web site is max 40 as it is only to my friends. Is there a way to do it ?

    Or just enable them to use the domain and https whatever way it is possible?
     
    #10
  11. kapone

    kapone Active Member

    Joined:
    May 23, 2015
    Messages:
    430
    Likes Received:
    144
    Web server/stack hardening is an industry on its own... :) That tells you the complexity level.

    I have no way of answering your questions to any degree of completeness, without a very thorough discussion of what you're doing. Any answers I give will potentially be incorrect or misleading, without that level of information, and that's not something you should disclose publicly. Especially not without some level of legal protection.

    I understand this may be just a hobby type thing, but the principles are the same.
     
    #11
  12. Joel

    Joel Active Member

    Joined:
    Jan 30, 2015
    Messages:
    710
    Likes Received:
    133
    Yes. Plenty of hackers run ip/port scanners nonstop looking for open ports.

    You need SSL (HTTPS) first if you want any sort of restriction. If you don’t, any passwords you send will be unencrypted and could be intercepted.

    Or just enable them to use the domain and https whatever way it is possible?[/QUOTE]

    I’m still working through this stuff myself so that I would be able to access my NAS at home while I’m sitting at a Starbucks either down the street or 1000 miles away.
     
    #12
  13. Woyager

    Woyager New Member

    Joined:
    Nov 6, 2018
    Messages:
    6
    Likes Received:
    0
    I’m still working through this stuff myself so that I would be able to access my NAS at home while I’m sitting at a Starbucks either down the street or 1000 miles away.[/QUOTE]

    Okay, so the next step is to do the ssl on my side. How should this be done ?
    Then install the reverse proxy?
    Then connect it somehow to the domain?
     
    #13
Similar Threads: Reverse proxy
Forum Title Date
Guides LetsEncrypt a 2012 R2 Web Application Proxy Mar 11, 2016

Share This Page