Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
RETURN all – anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all – anywhere anywhere
DROP all – anywhere anywhere
RETURN all – anywhere anywhere
I am not exactly sure what you mean by start the container. When I access the container I use the command below. I didn’t realize it needed starting.
docker exec -it 54021ab1303b /bin/bash
So I installed an ubuntu desktop environment on my linode instance. I did this so that I could get access to a browser and see if I could see anything. In Glish I can open firefox and access the web. When I type localhost I get the nginx splash screen. When I type the ip address of the container, 172.18.0.3, I briefly see a page for haproxy-wi and then it immediately redirects to address 172.18.0.3/app/overview.py and says NotFound, the requested URL /app/overview.py was not found on this server.
Within the docker container I thought that I tinkered with the appache settings in /etc/conf/httpd.conf to change the document folder from /etc/conf/httpd.conf to /var/www/haproxy-wi but now when I go back to httpd.conf the settings that are in the document folder are /var/www/html. The html folder is empty whilst the /var/www/haproxy-wi folder does contain an index folder and it does look to be the one that runs when I type 172.18.0.3. The folder app is located at /var/www/haproxy-wi/app where there a lot of python files. For a while I would see the plain text python code for overview.py within the browser. For some reason that isn’t the case now. It just says NotFound as I indicated above.
Sorry for this long winded explanation but I didn’t want to leave anything out in the case that it might be important. It seems I am close to having things working with haproxy-wi, but close doesn’t count.
I should also mention that when I type my domain name that I have setup in DNS I do get the same nginx splash page I mention above. But there is no port , 8443, 8000, 8080 I have tried that will redirect me from there to haproxy-wi.
Many thanks Wendell. I feel like I am getting close. I couldn’t figure out how to clear out all the docker containers so I deleted the linode and started over.
Far be it for me to question you but I believe the -p line should be your-linodeip:443:8443. I checked the documentation and your syntax appeared correct except that the ports were inverted. I hope, at least. The output of my new docker ps is
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b80099621fa4 registry.haproxy-wi.org:5000/haproxy-wi "/bin/sh -c '/usr/sb…" 2 minutes ago Up 2 minutes 443/tcp, 4x.3x.8x.xxx:443->8443/tcp haproxy-wi
So the status now is that I do not know how to access haproxy-wi. From the linode machine and my private url I get the nginx splash page. So DNS is working and nginx. I installed a desktop on the linode. The ip address of the container is 172.17.0.2. Going to that address in firefox gives me the apache landing page for CentOS. So the container appears to working fine. I do not know what needs to be done so that things point to the correct places.
My haproxy.conf file is
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
I have cleared the iptables so there should be nothing in the way, but it still doesn’t work. I was wondering what I should be putting in my haproxy-wi.conf file in the container. On the settings page of haproxy-wi.org it says to use
VirtualHost my_domain.local:80
What is my_domain.local? Is it my domain name or the ip address of the container, which in my case is 172.17.0.2?
Should the port be 8843?
I am running a desktop environment in the container with ip address 172.17.0.2 . When I go to that address I get the apache landing page on either port 80 or 443. It seems like I am missing some sort of redirect pointing the main page to haproxy-wi instead of the default apache page. Does this seem possible?
I’d like to do all this using Nginx instead. I could just use a proxy_pass directive in the site’s server block to pass the request to the ip address in my home network. However, I’d like to be able to dynamically update the IP address within Nginx every hour or so… I am thinking I could just have the traffic route to my router’s public IP address on port 8192 or something. Then I could have all requests on 8192 forwarded to my home “server”.
Its a bit off topic, but you can definitely set up a reverse proxy in that manner so long as you plan on doing mostly web/tcp stuff.
I have this setup almost exactly. Traffic comes in to an Nginx proxy server and directed to the appropriate internal IP address and port based off the subdomain.
Here is one (of the many) blocks in my Nginx config. This one is for my PLEX server, this way I don’t have to remember the PLEX port and can instead just navigate to “plex.home.judahnatordomain” -
The only difficult part might be having the IP’s dynamically update. In that case I might recommend running an internal DNS server and proxy_passing the traffic to your internal domain, then having all that logic centralized on your DNS server instead of pushing updated configs to Nginx.
Yeah, I knew that a solution would have to exist on my side, but unless I wanna pay Comcast an additional $10/month (which I definitely do not), I cannot get a static IP even for the DNS server. I could probably implement something with my router. Currently it is running OpenWRT, but I have plans to transition to PFSense.
I’ve just done this over the weekend. I was a bit sick of all the bot traffic, and my paranoia being tweaked by my public IP being generally exposed for simple things.
I used nginx to reverse proxy wireguard, since haproxy doesn’t really do UDP.
Working well!
Edit: My plex app doesn’t work away from home, though. Need to fix that.
To get Plex working I had to do some routing so all non-local traffic for Plex was tunneled to my VPS. That way when it checked its public IP it was my VPSs IP and not my home IP.
My setup has a wireguard tunnel between my home and VPS so there are no open ports on the home side. By setting the gateway for my plex docker image to go over that tunnel and having the tunnel set to allow any internet bound traffic to pass, plex will still support local streaming at full rates on lan and only communicate to the internet though my VPS.
I’m very new to HAProxy. I’m using Cloudflare to manage DNS and I can see that CF have a proxy option for DNS. Can I achieve the same thing with CF’s DNS proxy as with the HA-Proxy solution described here? Or is it two different things?
I’m a bit confused about where to place my HA-proxy instance. I have read the how to, watched the video and read the comments and I’m still unsure of where to place HA-proxy.
I have a pfSense firewall with HA-Proxy running. But do I still have to have an additional HA-Proxy instance running on my Linode VM?
Sorry for a noob question, but where to place these configurations?
Is it within /etc/nginx/nginx.conf, /etc/nginx/conf.d/example.com.conf, /etc/nginx/sites-available/example.com or a complete other file?