Web Reverse Proxy works... but now I need FTP Reverse proxy...

Question

Level 1

4 points

Web Reverse Proxy works... but now I need FTP Reverse proxy...

Thanks to a Mr Hoffman whose purposely vague responses (it's a compliment by the way, makes you figure it out yourself, otherwise why are you here...right?).

Anyway I was forced to figure out a solution to linking a computer on my LAN to accept incoming traffic to a subdomain.

I added the subdomain web site to the MAC GUI, but then went and edited the .conf file in /Library/Server/Web/Config/apache2/sites/0000_any_80_mysite.mydomain.com and deleted the auto configuration entirely and replaced it with:

ServerName mysite.mydomain.info

ProxyPreserveHost On

ProxyRequests off

ProxyPass / http://192.168.0.6/

ProxyPassReverse / http://192.168.0.6/

</VirtualHost>

So now any queries for my subdomain are now directed to the correct location and server (A VBox Ubuntu 12.04 LTS) that is actually on the same box as the MAC but in theory it is a seperate computer on the local area network.

So now I have an issue because when I FTP into the afore mentioned site it defaults to the MAC Server set up of FTP which is kind of curiously lacking the ability to set up multiple FTP site log-ins. 😮

So I guess I need to do same as above but for FTP access, trouble is I added it to above file and everything broke. So is there another conf file I could tweak to push FTP services to the subdomain.

Believe me, I've tried sharing directories with the Virtual Box and having the web site point to the FTP default of the MAC but you can't see the files other than that of the MAC server's files.

Need to FTP into the subdomain to start populating the site with content via Dreamweaver but can't get to it. Any clues? Don't have to tell me full answer. But if it requires a secondary .conf file to reverse proxy then do tell.

However, if it gets to be too tricky, I might just blow the MAC server and just install Ubuntu native on the mac mini, but I kind of like the combo.

Oh and before you ask, FTP ports are open for above IP on Cable ISP router box.

Cheers

iMac, Mac OS X (10.5.1)

Posted on Feb 20, 2014 4:10 PM

Reply

Answer 1

Best reply

MrHoffman

Community+ 2024

Level 10

116,655 points

Feb 20, 2014 4:48 PM in response to Magiccam

ftp is older than TCP/IP networking (yes, really!), and is generally a pain around modern IP network firewalls due to an inherent limitation of the protocol design. This in addition to ftp being completely and totally insecure. (read: not the biggest ftp fan around the 'net.)

Easiest way to "copy" files around within your network is usually via file shares established to or from the bastion host, or you could set up a network and route traffic — though running virtual machine guests can be somewhat of a network hassle, as the virtual routing can be fussy. (That may be what you're running into, though there are probably better spots for vbox virtual networking questions.) Or set up some automated processing that copies the files around to their destinations, from specific directories.

There isn't an included ftp reverse proxy, but you might find and download one from somewhere, and get it working.

Given OS X Server has a VPN server, you could configure and enable VPN into the Mac, enable VPN passthrough at your gateway box, and then you have what is effectively local access to the rest of the network. Once you get the VPN working, that'll be far easier than trying to reverse proxy everything, too.

Alas, there might still be issues with IP routing among the virtual machine guests.

Reply

Answer 2

Magiccam Author

Level 1

4 points

Feb 20, 2014 5:12 PM in response to MrHoffman

Interesting that you plug the VPN solution, as you mentioned in my web proxy query. The file sharing from the VBox to Host (Mac) system is a total pain in the Rs, rife with permission issues and the ability to see files from both systems is at the moment not working.

I use Dreamweaver whose tech is invariably reliant on FTP but does do local network too but at this time I haven't figured out how to get the VBox to show up as a local access point. I won't need to FTP in remotely as all the work will be done locally here at home. I don't think my boss would appreciate me doing personal work at the office 😀, but that said, I just VNC to my server and can work locally from a remote location.

But you have got me thinking about VPN tech as I have largely ignored it due to having used it to access files in my office via sanctioned software called Enpoint Security and noticed that performance was extremely poor and had me feeling impatient.

I know the MAC Server has VPN, and my VBox has VPN so yes I will look into this as a viable alternative to FTP.

Thanks again Mr Hoffman, you definitely are a good teacher. So my web proxy works for public access, now I need to figure out secure remote/local access to develop the project I have to do.

The project is to develop apps using Adobe Indesign, but I don't appreciate Indesign's features enough to solely use it to create an engaging publication. So I need more tech and MySQL PHPMyadmin, Javascript, CSS and HTML5 are my chosen tools to suppliment Indesign's inability to be cool enough for the general population. InDesign does however have the capability to accept incoming web served pages/apps and that is what makes it all the more interesting for me. I don't want to use MySQL on the MAC as it is full of errors, I tried it. The Linux box is clean and that makes me happy.

Cheers.

Reply

Answer 3

Magiccam Author

Level 1

4 points

Feb 23, 2014 7:47 PM in response to Magiccam

Actually, I created a work around. Installed Samba on the Linux box and shared the www directory. Mounted it on the Mac, then had the Mac Server select that mount as the FTP site. Not ideal, but when I type subdomain.FQDN.com I reach the directory on the Virtual Linux Box serving the website.

Pity that the MAC Server software can't provide multiple directories depending on log in.

Good thing is when logging into the ftp site the root is /var/www on the linux box but shows up as / so you can't get out of there to see what is going on in the rest of the computer. Somthing that vsftpd seemed to lack as it let me browse around the entire box, and I didn't like that at all. Maybe something I configured wrong, but needless to say this is better solution.

Also since the MAC is serving the FTP to the linux share directory, none of the users on the mac can access it, it just ignores the connection. If I wanted any of the Mac users to access it, I would have to add them to the smb.conf file on the Virtual Linux box. So that is cool too.

Again not ideal, but it works for me for what I need to get done. Back to the project now instead of configuring servers, not that I don't like configuring servers, but I do need to get a job done here 😀

Reply