If you’ve got a single ingress IP, perhaps a NAT situation with various services behind a router on a private network, and you want to route different domains to different backends, you can do it with HAProxy. If you want to use HTTP and HTTPS without using SSL termination on the HAProxy host that’s possible too and what we’ll explore here.
What you will need is:
One host with HAProxy, with all TCP traffic on ports 80 and 443 being routed to it.
A new year lies ahead in all it’s glory, and I want to spend at least some of this year being more aware of how I approach information, communication, and technology. While ICT is often seen as a staid descriptor, I think it perfectly encapsulates the areas that I want to be more conscious about.
It helps to define what I mean by “more conscious about” in this context. I decided to reduce my focus to the following pillars:
As part of my VoIP adventure game, I need to set up a VoIP number, but thankfully my ISP (iiNet) provides a free VoIP number to NBN customers, so that was covered. Next up I needed a virtual PBX, I went with Asterisk. This was an easy install on Ubuntu 18.04, just:
sudo apt install asterisk Of course, installing software is much different from configuring it for use, so let me just preface this with describing some of my experience:
First on Gopher, then in LaTeX, it started becoming apparent that I have a predilection towards short, one-shot Choose Your Own Adventure-style stories on strange mediums. So in that vein, I decided to make another one, but this time played via a phone call made to a VoIP (Voice over Internet Protocol) number attached to a virtual PBX.
To do this, I firstly needed a VoIP number. Thankfully my ISP (iiNet) provides a free VoIP number to NBN customers, so that was covered.
A few months back I built a tool to cross-compile my Hugo blog into one that can be accessed via the Gopher protocol.
More recently, I built a CI/CD pipeline on my GitLab* instance which automatically compiled and uploaded my website to AWS. I won’t cover that here, but I found a wonderful and perfect guide for it.
Sometime yesterday I decided to take this all one step further and integrate my hugogopher into that CI/CD pipeline.
Not long after the passing of Terry Pratchett, revered author of the Discworld series (and many other excellent works!), people everywhere wanted to find ways of memorialising him in their own ways. One great solution was based around adding headers to web requests. The “clacks” sempahore system in Terry Pratchett is a form of low-tech, distributed, packet-switched network much like the internet and so it seemed fair to modify our systems to carry on his legacy.
An announcement went out today from BitBucket, one of the largest players in the version control platform market. They let the world know that due to declining popularity, they were going to stop allowing Mercurial repositories to be hosted with them. But not only will they stop allowing new repositories and new commits, they will completely delete all existing repositories by the middle of next year.
Of course, a private company such as Atlassian is allowed to make their own decisions about their web presence and what they do with it, it is within their rights.
As a reward to myself for 6 months of regular posts - no mean feat given my previous history of blogging - I have allowed myself to splurge and purchase parts for a new ‘server’. In this case I didn’t use proper server components like my NAS re-re build, deciding that for the bang-for-buck I wanted wouldn’t be found trying to source Intel Xeon processors. I also wanted to avoid the sort of over-sized rackmount or workstation monolith that comes with powerful SME machinations and go for something meatier than the small business builds you find in things like the HP N40L MicroServer (one of which I already have from years ago).
Problem I recently purchased a new ‘server’ and started setting up a bunch of services including GitLab and Taiga. I also want these services available outside my home network but I also want to meet at least the bare modicum of security by having my sites secured via TLS. This isn’t too much of a problem if they’re all hosted on the same IP address or each service has a dedicated IP address like you’ll find in many public scenarios.
Running OpenNebula or miniONE on a single host with one NIC? Watch out! OpenNebula/miniONE creates a “dummy” interface with an address like 172.16.200.1 and then attaches the bridge to that directly. While this is probably useful for trialling and not having your virtual machines visible/attackable from the outside world, you might want to make them visible to other hosts on your LAN.
What you’ll need to do is go into /etc/netplan/minione.