Docker an Traefik reverse proxy under Synology DSM 7 // free port 80 and 443

To run docker with the reverse proxy Traefik v2 on a Synology NAS, I need to be able to use port 80 and 443 on the host system. The Operation System of the NAS DSM uses its own reverse proxy, nginx, which thries to occupy the ports on its own.
Under DSM 6.2 I could change the port 80 and 443 by using a boot script (change-ports.sh), like described (here)(1), so that the ports went free and could be used by docker Traefik reverse proxy.

#! /bin/bash

HTTP_PORT=81
HTTPS_PORT=444

sed -i "s/^( *listen .*)80/1$HTTP_PORT/" /usr/syno/share/nginx/*.mustache
sed -i "s/^( *listen .*)443/1$HTTPS_PORT/" /usr/syno/share/nginx/*.mustache

After upgrading Synology NAS 918+ to DSM 7, I’m no longer able to “free” port 80 and 443.
Obviously the script doesn’t work and Nginx (from DSM) is always blocking the port.

The Question is, how to reach the docker reverse proxy Traefik again, by using port 80/443 under the new OS DSM 7.

postfix – proxy_content_filter and opendmarc milter at proxy smtpd

I set up the proxy_content_filter to inet:127.0.0.1:10025 and in master.cf:
##(DKIM: 8891, DMARC: 54321)

127.0.0.1:10025 inet n - n - - smtpd
...
smtpd_milters=inet:localhost:8891,inet:localhost:54321
...

and in logs opendmarc running too early:

Jul 23 12:42:07 mail postfix/smtpd(10474): NOQUEUE: client=test.com(192.168.1.1)
Jul 23 12:42:07 mail postfix/10025/smtpd(10482): connect from localhost(127.0.0.1)
Jul 23 12:42:07 mail opendmarc(5415): ignoring connection from localhost
Jul 23 12:42:07 mail postfix/10025/smtpd(10482): 989FA60982: client=localhost(127.0.0.1), orig_client=test.com(192.168.1.1)

I want to opendmarc was after orig_client to check real client IP. What am I doing wrong ?
Maybe proxy_content_filter should connect to real filter and after filtering inject to postfix on another port example 10026 ?

nginx – How to use Ngnix as a reverse proxy to access OpenShift (OKD) 4.X?

How to use Ngnix as a reverse proxy to access OpenShift (OKD) 4.X?

I’ve tried hundreds of setups for the reverse proxy (Nginx) and they all fail with the error “Application is not available” when we access the oauth-openshift.apps.mbr.some.dm route.

NOTE: This problem does not occur if we access this route directly (without using Reverse Proxy). Perhaps some information necessary for the route to be resolved is not being sent.

This is the basic configuration template we are using…

server {
    access_log /var/log/nginx/apps.mbr.some.dm-access.log;
    error_log /var/log/nginx/apps.mbr.some.dm-error.log;
    server_name ~^(?<subdomain>.+).apps.mbr.some.dm$;

    location / {
        proxy_pass https://10.2.0.18:443;
        proxy_set_header Host $subdomain.apps.mbr.some.dm;
        proxy_set_header X-Forwarded-For https://$subdomain.apps.mbr.some.dm$request_uri;
    }

    listen 443;
    ssl_certificate /etc/letsencrypt/live/apps.mbr.some.dm/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/apps.mbr.some.dm/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

We also tested these parameters and got some problems as you can see below…

server {
    (...)
    location / {
        (...)
        proxy_ssl_certificate /etc/nginx/backend_ss_certs/apps.mbr.some.dm.crt;
        proxy_ssl_certificate_key /etc/nginx/backend_ss_certs/apps.mbr.some.dm.key;
        proxy_ssl_trusted_certificate /etc/nginx/backend_ss_certs/apps.mbr.some.dm.crt.key.pem;
        proxy_ssl_ciphers HIGH:!aNULL:!MD5;
        proxy_ssl_protocols TLSv1.2 TLSv1.3;
        proxy_ssl_server_name on;
        proxy_ssl_session_reuse on;
        proxy_ssl_verify on;
        (...)
    }
    (...)
}

The certificates apps.mbr.some.dm.crt, apps.mbr.some.dm.key, apps.mbr.some.dm.crt.key.pem are the self-signed certificates used by OpenShift (OKD) to allow access to resources (HTTPS). However if we try to use these certificates with the reverse proxy (Nginx) the following error happens (“Bad Gateway”)…

2021/07/22 17:36:11 (error) 6999#6999: *1 upstream SSL certificate verify error: (21:unable to verify the first certificate) while SSL handshaking to upstream, client: 177.25.231.233, server: ~^(?<subdomain>.+).apps.mbr.brlight.net$, request: "GET /favicon.ico HTTP/1.1", upstream: "https://10.2.0.18:443/favicon.ico", host: "oauth-openshift.apps.mbr.some.dm", referrer: "https://oauth-openshift.apps.mbr.some.dm/oauth/authorize?client_id=console&redirect_uri=https%3A%2F%2Fconsole-openshift-console.apps.mbr.some.dm%2Fauth%2Fcallback&response_type=code&scope=user%3Afull&state=ff6f3064"

NOTA: We tested the apps.mbr.some.dm.crt and apps.mbr.some.dm.crt.key.pem certificates using curl and both worked perfectly.


PLUS: We couldn’t define a way to diagnose/observe (logs) about what goes wrong when the request arrives the route oauth-openshift.apps.mbr.some.dm . I think this would help us figure out what’s going wrong.

tls – Can Proxy insert headers to a HTTPS requests which are on the same network?


Your privacy


By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.




ubuntu – How to handle proxy call in apache

I have a reverse proxy setup as follows in Apache:

Server A with address www.proxyserver.com/graphql is the reverse proxy server.

It maps to: Server B with address example.com

This kind works properly in develop environment.

For e.g: when server call a request /graphql?hash=600508575&identifier_1=%22new-main-menu%22&_currency=%22%22 then it redirects to https://proxyserver.com/graphql?hash=600508575&identifier_1=%22new-main-menu%22&_currency=%22%22

But in apache, it doesn’t work. It calls http://example.com/graphql?hash=600508575&identifier_1=%22new-main-menu%22&_currency=%22%22

How do I fix this?

My reverse proxy is configured as follow on Server B (www.example.com):

<VirtualHost *:80>
    ServerAdmin admin@example.com
    DocumentRoot /var/www/example.com/build
    ServerName example.com
    ServerAlias www.example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ProxyPreserveHost On
    ProxyPass "/graphql" "https://proxyserver.com/graphql"
    ProxyPassReverse "/graphql" "https://proxyserver.com/graphql"
</VirtualHost>

and this is server A configuration

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin admin@arrowhitech.com
        DocumentRoot /etc/pub
        ServerName proxyserver.com
        ErrorLog logs/cezanno-error_log
        LimitRequestBody 104857600
        <Proxy "unix:/var/opt/remi/php73/run/php-fpm/php73-fpm.sock|fcgi://proxyserver.com">
            ProxySet timeout=100
        </Proxy>
        <FilesMatch .(php|phar)$>
            SetHandler "proxy:fcgi://proxyserver.com"
        </FilesMatch>

        SSLCertificateFile /path/to/cert/directory/cert.pem
        SSLCertificateKeyFile /path/to/cert/directory/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /path/to/cert/directory/chain.pem
    </VirtualHost>
</IfModule>

IPROYAL – new leading proxy services

IPROYAL is known as one of the best proxy services and has many types of proxies to offer: find private, sneaker, residential, datacenter, 4G mobile proxies that promise security and anonymity.
Find your solution today at Iproyal.com.​

Nginx proxy using domain as part of url path

I’d like to proxy foo.domain.com to the internal server http://localhost:8080/foo, the subdomain part is dynamic so bar.domain.com is also proxy to http://localhost:8080/bar.

I try this code up and running with redirect.

server {
    listen 80;
    server_name ~^(?<subdomain>.+).domain.com$;
    return 301 http://localhost:8080/$subdomain$request_uri;
}

However, I can’t really find the solution using a proxy. I tried this but return 502.

server {
    listen 80;
    server_name ~^(?<subdomain>.+).domain.com$;
    
    location / {
        proxy_pass http://localhost:8080/$subdomain;
        # proxy_pass http://localhost:8080/$subdomain$request_uri; # this also not working
    }
}

Any help is really appreciated.

hybrid solution – HTTP Error 400. The request hostname is invalid using SharePoint Application Proxy

Has anyone else experienced this error after completing the SharePoint Application Proxy deployment?

I have the Proxy connector set up and I have added all the required information in my Azure Active Directory(Internal URL and SPN for SSO). When I run the Test Application Proxy Configuration report, I have all green checkmarks(picture below). So I am confused as to why I am getting this error.

enter image description here

linux – ARP Proxy second IP of VPS to route it over Wireguard

I have setup a ARP Proxy on my VPS. With this Setup I can route incoming traffic on the second IP of my VPS over Wireguard. This should allow my Raspberry Pi at home to use the second Public IP.

I got this kind of working. Incoming Pings are forwarded over the Wireguard Tunnel to the Pi. But the Pi then tries to answer the Ping via eth0. Is there a way to fix this so it sends the reply Packets also over the Wireguard Interface?

To show this Problem (Both on the Raspberry Pi)

Wireguard Interface:

# tcpdump -i wg_pub
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg_pub, link-type RAW (Raw IP), capture size 262144 bytes
01:35:02.796522 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 1, length 64
01:35:03.795359 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 2, length 64
01:35:04.810613 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 3, length 64

Ethernet Interface:

# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:37:11.477589 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 128, length 64
01:37:12.491045 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 129, length 64
01:37:13.505965 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 130, length 64

I would like to prevent using a private Subnet on the Wireguard Tunnel.

One way I got this working was to add a static route (ip route add <First VPS IP>/32 dev eth0) and then overwriting the default route (ip route add 0.0.0.0/0 dev wg_pub). But this has the disadvantage of routing all Internet Traffic via the VPS then.

proxy – How to use mobile data instead on wifi (while wifi is on) on Android Phone?

I am looking to use Android phone as the proxy server, so I setup “Proxy Server” on my android phone -> Connected phone to Wifi -> Got local IP of phone -> Connecting to phone thru LAN (from my local computer) thru the proxy and its working BUT phone is using same WIFI connection to connect back to Internet.
So i got 2 questions:

1) Is there any way to force Android to use Mobile data to access internet which it still have WIFI on ?

2) I can not connect thru that proxy from Internet when i am using phones IP address . I am getting error “Connection refused”, I did some research and looks like some ISP blocking some or most ports. How do deal / bypass that ?

Thank You Very Much
Any help greatly appreciated.