nginx as a Reverse Proxy on FreeNas 8.0.1 RC possible?

Status
Not open for further replies.
S

seer_tenedos

Dabbler
Joined
Sep 12, 2011
Messages
25
I want to be able to access SABnzbd, SickBeard & CouchPotato from the web in a secure manner where i only have https access. I was wondering if anyone managed to get nginx as a Reverse Proxy for SABnzbd, SickBeard & CouchPotato installed in FreeNAS 8 in the totally isolated manner listed in this thread https://sourceforge.net/apps/phpbb/freenas/viewtopic.php?f=15&t=11618&start=0 for SABnzbd, SickBeard & CouchPotato or if anyone would be willing to provide some instructions.

Regards,

Chris
 
S

seer_tenedos

Dabbler
Joined
Sep 12, 2011
Messages
25
In answer to my own question the answer is it is possible. Took a bit of stuffing around to get nginx compiled etc as a standalone and now i can just drop it on a zfs dataset and use a script to start it. I still need to add some rc.d to Auto start/stop it but tat should not be too hard.
 
I

imdos

Dabbler
Joined
Feb 23, 2012
Messages
34
Thanks for this post, which made curious on the possibilities of using nginx. Included a couple of scripts I have created over time, to help me survive an upgrade to a newer version. Also included nginx setup. I run FreeNAS on a HP N36L, with 2 USB sticks attached (boot and backup UFS) and 6x2TB in Raidz2.


Mount and install
Code:
mount -uw / 
pkg_add -r nginx


/etc/rc.conf
Code:
tv_daemon_enable="YES"
nginx_enable="YES"
mysql_enable="YES"
mysql_limits="NO"


As with every modification, also copy these to the corresponding /conf/base/ directories

My restore script, which should fix every installed package, this is a WIP.
Code:
 
#!/bin/sh
#####################################################
# Restore script: To run after an upgrade
# Remount the root directory to enable this script to modify settings
# and/ or to save any changes
mount -uw /
#####################################################
# Install packages from the repository
#####################################################
pkg_add -r screen nginx lsof perl p7zip curl mdf2iso wget iat bchunk nrg2iso
#####################################################
# Perl
#####################################################
ln -s /mnt/USB/extensions/.cpan/ /root/.cpan
ln -s /mnt/USB/extensions/.cpanm/ /root/.cpanm
mv /usr/local/lib/perl5/5.10.1/ /mnt/USB/extensions/lib/perl/5.10.1/
mv /usr/local/lib/perl5/site_perl/ /mnt/USB/extensions/lib/perl/site_perl/
# Restore the perl config instead of using the blank one.
cp /mnt/USB/backup/Config.pm /usr/local/lib/perl5/5.10.1/CPAN/Config.pm
# Nasty fix for Extutils::Makemaker failure
cp /mnt/USB/backup/BSDPAN-Packlist.pm /usr/local/lib/perl/5.10.1/BSDPAN/ExtUtils
/Packlist.pm
ln -s /mnt/USB/extensions/lib/perl/5.10.1/ /usr/local/lib/perl5/5.10.1/
ln -s /mnt/USB/extensions/lib/perl/site_perl/ /usr/local/lib/perl5/site_perl/
cp /mnt/USB/backup/bin/* /usr/local/bin/
#####################################################
# Make a directory which is needed for nginx in the back-upped location!
# This is held after a reboot
#####################################################
mkdir -p /conf/base/var/tmp/nginx/
# Restore to the back-upped location! This is held after a reboot
cp -a /mnt/USB/backup/nginx /conf/base/etc/local/
cp -a /mnt/USB/backup/rc.d/* /conf/base/etc/rc.d/
cp /mnt/USB/backup/rc.conf /conf/base/etc/
cp /mnt/USB/backup/crontab /conf/base/etc/
# Not required periodic stuff
cp /mnt/USB/backup/weekly.local /conf/base/etc/
cp /mnt/USB/backup/periodic.conf /conf/base/etc/
cp /mnt/USB/backup/defaults/* /conf/base/etc/defaults/
# Restore the required files to the running configuration
cp -a /mnt/USB/backup/nginx /etc/local/
cp -a /mnt/USB/backup/rc.d/* /etc/rc.d/
cp /mnt/USB/backup/rc.conf /etc/
#!/bin/sh
#####################################################
# Restore script: To run after an upgrade
# Remount the root directory to enable this script to modify settings
# and/ or to save any changes
mount -uw /
#####################################################
# Install packages from the repository
#####################################################
pkg_add -r screen nginx lsof perl p7zip curl mdf2iso wget iat bchunk nrg2iso
#####################################################
# Perl
#####################################################
ln -s /mnt/USB/extensions/.cpan/ /root/.cpan
ln -s /mnt/USB/extensions/.cpanm/ /root/.cpanm
mv /usr/local/lib/perl5/5.10.1/ /mnt/USB/extensions/lib/perl/5.10.1/
mv /usr/local/lib/perl5/site_perl/ /mnt/USB/extensions/lib/perl/site_perl/
# Restore the perl config instead of using the blank one.
cp /mnt/USB/backup/Config.pm /usr/local/lib/perl5/5.10.1/CPAN/Config.pm
# Nasty fix for Extutils::Makemaker failure
cp /mnt/USB/backup/BSDPAN-Packlist.pm /usr/local/lib/perl/5.10.1/BSDPAN/ExtUtils
/Packlist.pm
# Link perl modules to USB stick, to survive upgrades and safe space
ln -s /mnt/USB/extensions/lib/perl/5.10.1/ /usr/local/lib/perl5/5.10.1/
ln -s /mnt/USB/extensions/lib/perl/site_perl/ /usr/local/lib/perl5/site_perl/
cp /mnt/USB/backup/bin/* /usr/local/bin/
#####################################################
# Make a directory which is needed for nginx in the back-upped location!
# This is held after a reboot
#####################################################
mkdir -p /conf/base/var/tmp/nginx/
# Restore to the back-upped location! This is held after a reboot
cp -a /mnt/USB/backup/nginx /conf/base/etc/local/
cp -a /mnt/USB/backup/rc.d/* /conf/base/etc/rc.d/
cp /mnt/USB/backup/rc.conf /conf/base/etc/
cp /mnt/USB/backup/crontab /conf/base/etc/
# Not required periodic stuff
cp /mnt/USB/backup/weekly.local /conf/base/etc/
cp /mnt/USB/backup/periodic.conf /conf/base/etc/
cp /mnt/USB/backup/defaults/* /conf/base/etc/defaults/
# Restore the required files to the running configuration
cp -a /mnt/USB/backup/nginx /etc/local/
cp -a /mnt/USB/backup/rc.d/* /etc/rc.d/
cp /mnt/USB/backup/rc.conf /etc/
cp /mnt/USB/backup/crontab /etc/
cp /mnt/USB/backup/weekly.local /etc/
cp /mnt/USB/backup/periodic.conf /etc/
cp /mnt/USB/backup/defaults/* /etc/defaults/
#####################################################
# Mysql fix
ln -s /mnt/USB/extensions/mysql/bin/* /usr/local/bin
ln -s /mnt/USB/extensions/mysql/include/* /usr/local/include
ln -s /mnt/USB/extensions/mysql/lib/* /usr/local/lib
ln -s /mnt/USB/extensions/mysql/libdata/ldconfig/* /usr/local/libdata/ldconfig
ln -s /mnt/USB/extensions/mysql/libexec/* /usr/local/libexec
ln -s /mnt/USB/extensions/mysql/share/mysql /usr/local/share/mysql
ln -s /mnt/USB/extensions/mysql/share/aclocal/* /usr/local/share/aclocal
#####################################################
# Synchronize all files and directories, just to be safe!
sync
#####################################################
# Remount the root directory as read-only
mount -ur /
# Start the added services
/etc/rc.d/tv_daemon start
/etc/rc.d/nginx start
/etc/rc.d/mysql-server start


And my nginx scripts

/etc/rc.d/nginx ; This is the default script, which I found when installing the package.
Code:
#!/bin/sh
# $FreeBSD: ports/www/nginx/files/nginx.sh.in,v 1.9 2010/03/28 04:44:54 dougb Exp $

# PROVIDE: nginx
# REQUIRE: LOGIN cleanvar
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable nginx:
# nginx_enable (bool):          Set to "NO" by default.
#                               Set it to "YES" to enable nginx
# nginx_profiles (str):         Set to "" by default.
#                               Define your profiles here.
# nginxlimits_enable (bool):    Set to "NO" by default.
#                               Set it to yes to run `limits $limits_args`
#                               just before nginx starts.
# nginx_flags (str):            Set to "" by default.
#                               Extra flags passed to start command.
# nginxlimits_args (str):       Default to "-e -U www"
#                               Arguments of pre-start limits run.

. /etc/rc.subr

name="nginx"
rcvar=`set_rcvar`

start_precmd="nginx_precmd"
restart_precmd="nginx_checkconfig"
reload_precmd="nginx_checkconfig"
configtest_cmd="nginx_checkconfig"
gracefulstop_cmd="nginx_gracefulstop"
upgrade_precmd="nginx_checkconfig"
upgrade_cmd="nginx_upgrade"
command="/usr/local/sbin/nginx"
_pidprefix="/var/run/nginx"
pidfile="${_pidprefix}.pid"
required_files=/usr/local/etc/nginx/nginx.conf

[ -z "$nginx_enable" ]          && nginx_enable="NO"
[ -z "$nginxlimits_enable" ]    && nginxlimits_enable="NO"
[ -z "$nginxlimits_args" ]      && nginxlimits_args="-e -U www"

load_rc_config $name

if [ -n "$2" ]; then
        profile="$2"
        if [ "x${nginx_profiles}" != "x" ]; then
                pidfile="${_pidprefix}.${profile}.pid"
                eval nginx_configfile="\${nginx_${profile}_configfile:-}"
                if [ "x${nginx_configfile}" = "x" ]; then
                        echo "You must define a configuration file (nginx_${profile}_configfile)"
                        exit 1
                fi
                required_files="${nginx_configfile}"
                eval nginx_enable="\${nginx_${profile}_enable:-${nginx_enable}}"
                eval nginx_flags="\${nginx_${profile}_flags:-${nginx_flags}}"
                eval nginxlimits_enable="\${nginxlimits_${profile}_enable:-${nginxlimits_enable}}"
                eval nginxlimits_args="\${nginxlimits_${profile}_args:-${nginxlimits_args}}"
                nginx_flags="-c ${nginx_configfile} -g \"pid ${pidfile};\" ${nginx_flags}"
        else
                echo "$0: extra argument ignored"
        fi
else
        if [ "x${nginx_profiles}" != "x" -a "x$1" != "x" ]; then
                for profile in ${nginx_profiles}; do
                        echo "===> nginx profile: ${profile}"
                        /usr/local/etc/rc.d/nginx $1 ${profile}
                        retcode="$?"
                        if [ "0${retcode}" -ne 0 ]; then
                                failed="${profile} (${retcode}) ${failed:-}"
                        else
                                success="${profile} ${success:-}"
                        fi
                done
                exit 0
        fi
fi

nginx_checkconfig()
{
        mkdir -p /var/tmp/nginx
        echo "Performing sanity check on nginx configuration:"
        eval ${command} ${nginx_flags} -t
}

nginx_gracefulstop()
{
        echo "Performing a graceful stop:"
        sig_stop="QUIT"
        run_rc_command ${rc_prefix}stop $rc_extra_args || return 1
}

nginx_upgrade()
{
        echo "Upgrading nginx binary:"

        reload_precmd=""
        sig_reload="USR2"
        run_rc_command ${rc_prefix}reload $rc_extra_args || return 1

        sleep 1

        echo "Stopping old binary:"

        sig_reload="QUIT"
        pidfile="$pidfile.oldbin"
        run_rc_command ${rc_prefix}reload $rc_extra_args || return 1
}

nginx_precmd()
{
        nginx_checkconfig

        if checkyesno nginxlimits_enable
        then
                eval `/usr/bin/limits ${nginxlimits_args}` 2>/dev/null
        else
                return 0
        fi
}

extra_commands="reload configtest upgrade gracefulstop"
run_rc_command "$1"


nginx.conf
Code:
user  nobody;
worker_processes  1;
#working_directory /mnt/USB/tmp;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
        worker_connections  1024;
        use kqueue;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

        gzip  on;
        gzip_proxied any;
        gzip_comp_level 9;
        gzip_min_length 1400;
        gzip_types  text/plain text/css image/png image/gif image/jpeg application/x-javascript text/xml application/xml application/xml+rss text/javascript;
        gzip_vary on;
        gzip_http_version 1.1;
        gzip_disable "MSIE [1-6]\.(?!.*SV1)";

        proxy_cache_path  /mnt/USB/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
        proxy_temp_path /mnt/USB/cache/tmp;


    server {
        listen       8000;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
        #error_page  404              /404.html;
    #    ssl                  on;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_timeout  5m;

    #    ssl_protocols  SSLv2 SSLv3 TLSv1;
    #    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    #    ssl_prefer_server_ciphers   on;

location / {
        #root   /usr/local/www/nginx;
        root        /mnt/USB/extensions/webpages;
        index  index.html index.htm;
        auth_basic            "Restricted";
        auth_basic_user_file /mnt/USB/extensions/webpages/.htpasswd;

        #!!! IMPORTANT !!! We need to hide the password file from prying eyes
        # This will deny access to any hidden file (beginning with a .period)
        location ~ /\. { deny  all; }

        #cache control: all statics are cacheable for 72 hours
        if ($request_uri ~* \.(ico|css|js|gif|jpe?g|png)$) {
                expires 72h;
                        break;
                }
        client_max_body_size 5m;
        }


location /couchpotato/ {
#Couchpotato
        auth_basic            "Restricted";
        auth_basic_user_file /mnt/USB/extensions/webpages/.htpasswd;
      proxy_pass http://localhost:5000/;
      proxy_redirect default;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header Host localhost:5000;
#     proxy_cache my-cache;
#     proxy_cache_valid  200 302  60m;
#     proxy_cache_valid  404      1m;
}
location /sickbeard/ {
#sickbeard
        auth_basic            "Restricted";
        auth_basic_user_file /mnt/USB/extensions/webpages/.htpasswd;
        proxy_pass http://localhost:8081/sickbeard/;
      proxy_redirect default;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header Host localhost:8081;
#     proxy_cache my-cache;
#     proxy_cache_valid  200 302  60m;
#     proxy_cache_valid  404      1m;
}
location /sabnzbd/ {
#sabnzbd
      proxy_pass http://localhost:8085/sabnzbd/;
      proxy_redirect default;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header Host localhost:8085;
#     proxy_cache my-cache;
#     proxy_cache_valid  200 302  60m;
#     proxy_cache_valid  404      1m;
        proxy_no_cache config;
        proxy_cache_bypass config;
        client_max_body_size 5m;
}
location /headphones/ {
#headphones
        auth_basic            "Restricted";
        auth_basic_user_file /mnt/USB/extensions/webpages/.htpasswd;
      proxy_pass http://localhost:8181/headphones/;
      proxy_redirect default;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header Host localhost:8181;
#     proxy_cache my-cache;
#     proxy_cache_valid  200 302  60m;
#     proxy_cache_valid  404      1m;
}
    }

}


Don't forget to execute
Code:
 mkdir -p /conf/base/var/tmp/nginx/

Otherwise it won't start after a reboot.
 
Status
Not open for further replies.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "nginx as a Reverse Proxy on FreeNas 8.0.1 RC possible?"

Similar threads

Z
502 Bad Gateway error when trying to access nextcloud plugin through nginx reverse proxy jail
Replies
9
Views
8K
zombifiedpatato
Z
drkmachine
  • Locked
Organizr install help with nginx reverse proxy
Replies
13
Views
11K
Jan Banan
J
fahadshery
  • Locked
Setting up NGINX Reverse-Proxy, Cloudflare Let’s Encrypt SSL for NextCloud, DDNS on Freenas...
Replies
6
Views
5K
fahadshery
fahadshery
S
How to set up an nginx reverse proxy with SSL termination in a jail
Replies
19
Views
14K
samuel-emrys
S
R
Setting up Netdata with an nginx reverse proxy
Replies
0
Views
2K
Ray DeMoss
R
Top