Setting up reverse proxy to get around existing server on LAN

Currently, my home has a Tekmar thermostat system which includes a web server. We have a domain, example.org, and our router currently forwards port 80 (not https) to the thermostat web server. What I want to do is to have my QB server receive the requests, and then dispatch requests for example.org to the thermostat server, and dispatch requests to blah.example.org to itself. So basically anything on the blah subdomain goes to QuickBox, and anything without a subdomain goes to the thermostat website. I have tried to use NGINX but cannot really make heads or tails of how to configure this stuff correctly.

Any help much appreciated, I’ll donate if you guys can finally help me figure this out.

Hello,

Tell me if i’m wrong.

Currenlty you have :
Internet > example.org > your home router > thermostat web server

What you want :
Internet > example.org > your home router > quickbox server (quickbox.example.org) > thermostat web server (example.org)

What is your goal ? To access to your QuickBox server from internet through the subdomain quickbox.example.org ?

Yes that is correct.

So I guess you only need to declare in your domain example.org a DNS A record targeting your QuickBox server IP address. And to add a new vhost to the QuickBox server apache configuration like this (do not copy/paste, you need to adujust this example with your configuration) : Quickbox and whmcs.

Plus the same redirection rule (web/80) that you allowed in your router. Maybe you could enable https (443) redirection as well :wink:

Is the new vhost supposed to represent the thermostat server?

Nope.
The goal of the new vhost is to tell to your QuickBox server that it should respond to requests targeting subdomain.example.org.

In fact, you don’t need to change anything from the thermostat server configuration.
Requests received from subdomain.example.org will be directly redirected to your QuickBox server.
Requests received from example.org will be directly redirected to your thermostat server.

If you only want to access to your QB server from external access, you don’t need to put the QB server “before” your thermostat server.

But if you absolutely want to do that, I guess you will need to put the QuickBox server as the target of the domain example.org and create a vhost redirection to thermostat.example.org pointing to the thermostat web server IP address.

Don’t hesitate to tell me if i’m on the wrong direction :slight_smile:

Just implemented it. Worked perfectly. I forwarded port 443 to the QB server and 80 is still going to the thermostat, as the router didn’t let me put multiple port 80 rules so there’s no https redirect, but that’s ok. Thank you for the help, donation on the way!

1 Like

glad to help :slight_smile:

But be careful, if your QuickBox is reachable from internet and connected to your LAN, you should enable firewall rules to block any requests and services not needed. Maybe with these things :

  • Disable root account
  • Enable Public Key Authentication and disable password authentification
  • Setting up UFW
  • Etc.

Never to safe :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.