I’m trying to set up a reverse proxy so that each service/port has its own subdomain. So as an example, gitea would be git.example.com, a Matrix synapse server would be matrix.example.com and my main website would be just example.com with no subdomain.
However, I’ve encountered a problem. HaProxy needs to be the service pointed at port 80, which is handled currently by lighttpd. However, I cant change lighttpd’s port from 80 to something else. I tried setting it in /etc/lighttpd/lighttpd.conf, using server.port = 8080, but for some reason it still uses port 80.
Is there any way I can fix this? Some tips on this reverse proxy setup would be nice, too!
Alright, so I’m dumb. Turns out it is changing the port and it is saying that it is being used as the LISTEN port using the command you did. However, the webserver is still accessible from port 80 and is not accessible from port 8080. Is there something in lighttpd’s configs controlling this that I don’t know about?
I’m new to both HAProxy and lighttpd, so it really might just be me being dumb.
I have now done a full reboot with the port change saved in lighttpd.conf, but it still seems to be using port 80 and is still accessible from the internet. I’m not forwarding port 8080, either.
HaProxy is installed, but isn’t running. dietpi-services says it has failed, probably because I haven’t fully set up the configuration yet. Here is its log:
● haproxy.service - HAProxy Load Balancer
│ Loaded: loaded (/etc/systemd/system/haproxy.service; disabled; vendor preset: enabled)
│ Active: failed (Result: exit-code) since Mon 2020-06-08 09:05:49 BST; 4h 27min ago
│ Process: 648 ExecStartPre=/usr/local/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS (code=exited, status=203/EXEC)
│ │
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Service RestartSec=100ms expired, scheduling restart.
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Scheduled restart job, restart counter is at 5.
│ Jun 08 09:05:49 Ouroboros systemd[1]: Stopped HAProxy Load Balancer.
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Start request repeated too quickly.
│ Jun 08 09:05:49 Ouroboros systemd[1]: haproxy.service: Failed with result 'exit-code'.
│ Jun 08 09:05:49 Ouroboros systemd[1]: Failed to start HAProxy Load Balancer.
I also cannot access my website using the internal IP and port 8080, so it really is just accessible through port 80…
Yeah, that seems to change nothing. Do you think there is an additional config file in /etc/lighttpd/config-enabled causing this, or something that I set up during the dietpi installation?
doesn’t matter how much config files you have, there is no LISTEN port 80. Means you should not be able to reach anything at all on port 80. Can you try to clear cache on your browser
I cleared my browser cache and now something weirder is happening. It seems to accept a connection on port 80 via HTTP, which then redirects to HTTPS because of an option I checked during install., where it is “unable to connect” because port 443 is no longer open.
I changed the port to 8035, just in case it was the fact that 8080 was overlapping with 80 or something, but that didn’t have any effect…
EDIT: It’s working! Firefox was screwing with me with dodgy cache.
Now then, how should I go about adding SSL to the webserver from HaProxy? I’d prefer it to be compatible with the guide I linked at the start of thread. Is there a way I could possibly use a wildcard certificate with certbot?