Using Sentora to forward HTTP/S traffic to another server

[RobbGG]

Hi guys,

Just getting started with Sentora, I've already moved my personal site over to my home server, now I'm looking at setting up some extra features. On my home network I run a pritunl server to allow VPN access to my home network while I"m away from home. Pritunl requires the web interface to be accessible on port 80 or 443 (which is already in use by my website and forwarded to Sentora from my router).

My relevant servers consist of:
sites.my.domain - (local IP 172.16.1.19) Sentora server, hosting my personal website and potentially others in the future
pritunl.my.domain -  (local IP 172.16.1.24) Pritunl server

On my Sentrora server I currently have the following in the override virtual host setting for my.domain:

Code:

</VirtualHost>

<VirtualHost *:80>
    ServerName pritunl.my.domain

    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / http://172.16.1.24:80/
    ProxyPassReverse / http://172.16.1.24:80/
    <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>

<VirtualHost *:443>
    ServerName pritunl.my.domain

    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / https://172.16.1.24:443/
    ProxyPassReverse / https://172.16.1.24:443/
    <Location />
        Order allow,deny
        Allow from all
    </Location>

If I understand correctly this should forward all traffic directed at pritunl.my.domain to the seperate Pritunl server but it just seems to hang and timeout when I try to connect from outside my network.

Has anyone else created a setup like this?
Will this work correctly with the SSL certificates that Pritunl generates or will I need to install them onto the Sentora server as well?

Thanks in advance for any help. Please let me know if more info is needed!

// Robb

[RobbGG]

After some more searching and playing I've finally managed to get it working. I'll leave an explanation here in case anyone else needs it.

Firstly my server needed libapache2-mod-proxy-html to be overhauled. Then I needed to generate SSL certs for both my pritunl server (automatically done and built into the system) and for mt Sentora server (using certbot). I was then able to set up SSL forwarding using the following entry into my virtual hosts file. This was done through Admin -> module config -> Apache -> Override virtual host setting which also requires moving the last </VirtualHost> from the end of this snippet to the start (so it fits in with the Sentora automation).

Code:

<VirtualHost *:80>
    ServerName pritunl.my.domain

    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / http://172.16.1.24:80/
    ProxyPassReverse / http://172.16.1.24:80/
    <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>

<VirtualHost *:443>
    ServerName pritunl.my.domain
    SSLEngine On
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    SSLCertificateFile /etc/letsencrypt/live/pritunl.my.domain/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/pritunl.my.domain/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/pritunl.my.domain/chain.pem
    
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
    SSLCompression off
    
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyHTMLInterp On
    ProxyHTMLExtended On
    ProxyHTMLURLMap (.*)172.16.1.24(.*) https://pritunl.my.domain$2 [Rin]
    ProxyPass / https://172.16.1.24/
    ProxyPassReverse / https://172.16.1.24/
</VirtualHost>

// Robb