Ken Andersen's blog about technology related subjects.
Thursday, October 20, 2016
Reverse Proxies
We all know what a proxy server does, right? A proxy server acts as a sort of path to the internet on a network that is not otherwise connected to the internet. Your computer talks to the proxy server, the proxy server requests the web page you are looking for, the web server sends the page back to the proxy server, and the proxy server sends the page to you.
What if you wanted to do the opposite? What if you have web servers that are not directly connected to the internet and you want to have them serve pages to the public? A reverse proxy can do this for you.
In my case, I have a live TV server on my home network that I want to make available on the public internet. I have made a post about Emby (formerly Media Browser) before. It's a great way to stream your live TV and recordings to your various devices. However, I decided that I wanted this traffic to be encrypted and I wasn't very happy with the way Emby handles SSL on its own.
Here is where a reverse proxy comes in. A full featured web server handles SSL much better than a standalone application can. I wanted to be able to plug in the automation of Letsencrypt to be able to conveniently renew my SSL certificate. I couldn't get this working with Emby itself. So, I turned on the IIS feature on my Windows box and setup the proper domain binding on the default website. Then, I installed the Application Request Routing extension for IIS. Then I enabled the proxy feature of the extension.
Then the URL Rewrite module needed to be installed. After installing, you need to create rules to work with Application Request Routing.
It worked beautifully! I also got the added benefit of not having to specify a port number in my URL anymore. My requests to my domain are now standard port 443 https requests. The requests then get proxied to the Emby app on port 8096 running on the same machine.
I anticipate that my reverse proxy setup will also come in handy to be able to proxy SSL traffic to multiple services that I am thinking about setting up on this box. IIS will be able to handle multiple domains coming in and proxy them to other applications. It's an absolute win-win scenario.
© The Ramblings of Ken Powered by Bootstrap , Blogger templates and RWD Testing Tool
I am new to IIS and I would like to take advantage of letsencrypt with my emby server.. Is there a way you could send me a step by step on how to you got this working? I understand how a reverse proxy works. I just havent done it in IIS. Please help
ReplyDeleteThis post pretty much lays it out for you. If you have the Application Request Routing extension for IIS and the URL Rewrite module installed then you are 90% of the way there. I linked to the downloads for those IIS plugins in the post. Then you just have to enable the proxy feature under the Application Request Routing settings and set your URL rewrite rules. That's it. Have you done those steps? Let's figure out where you might be hung up.
ReplyDeleteI have emby server on server 2012. On the same server I have IIS installed. I have the "Default Web Site". the bindings on default web site are 80 and 443 and I set up the rules almost exactly like you have it but changed to my domain, of course.
ReplyDeleteOk I actually got it working. Now I have a problem with letsencrypt having problems with the answer file. Do you think you could help me with that? I know it has something to do with extensionless URL's bu I have added a mime type .* to text/json. any advice?
ReplyDeleteI don't know the right answer to the letsencrypt problem. I struggled with the answer files for an hour or so. Finally what worked for me was dropping this web.config file in the acme-challenge folder:
ReplyDelete<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<directoryBrowse enabled="true" />
<staticContent>
<mimeMap fileExtension="." mimeType="text/plain" />
</staticContent>
</system.webServer>
</configuration>
I know that at the beginning you don't have any money (or very few bucks) so getting a good hosting or a dedicated server is out of the question. Lucky for us that if you search hard you may be lucky and find a free web host that accepts proxies. Web Proxy
ReplyDelete