Access home network (http/https) from external

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Access home network (http/https) from external - replace putty tunnelling

davidcole

6041 posts

Uber Geek

Trusted

#38328 28-Jul-2009 10:29

HI Currently have a pretty well working putty tunneling solution working. Gives me access to my home intranet pages that run on a couple of different machines.

If I wanted to I could add individual ports to the individual machines and access the pages that way. But I'd rather take the more complicated/geeky route of having only one port open.

So what I'd like I guess is something like was discussed in this thread: http://www.geekzone.co.nz/forums.asp?forumid=45&topicid=18758

I'd like to navigate to a web page which is the front door of my network, authenticate, and from there, have access to the machines at home.

By preference, Id rather not have anything loaded on the client machine doing the accessing, since this could be someone else's machine, or a phone, or even a psp. I think at this stage I only want http/https access, since for remote control etc i can use the existing putty solution.

Is this possible? Things I have are DD-WRT as an AP inside the network (currently runs the SSH server). A WHS server (https), and PVR server with Web UI, and a linux server with a couple of other Web sites (PHP mostly). Lastly the WHS runs VMware server (https:8443).

Thoughts?

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

1 | 2

BDFL - Memuneh
79323 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#239592 28-Jul-2009 10:31

That's part of the idea of Windows Home Server, isn't it? You have your digital content stored on the server and access it from outside - point port 80 and 443 to yor WHS box and login from there.

You can even remote desktop access other PCs on your network from this setup.

davidcole

6041 posts

Uber Geek

Trusted

#239595 28-Jul-2009 10:35

freitasm: That's part of the idea of Windows Home Server, isn't it? You have your digital content stored on the server and access it from outside - point port 80 and 443 to yor WHS box and login from there.

You can even remote desktop access other PCs on your network from this setup.

What about the sites on the other machines? Or should I try to move them to the homeserver?

I quite like the WHS authentication model, and figure it's probably pretty strong...

freitasm

BDFL - Memuneh
79323 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#239596 28-Jul-2009 10:35

No, you won't have access to other servers on the network...

davidcole

6041 posts

Uber Geek

Trusted

#239612 28-Jul-2009 10:57

hmm so there is the problem.

Any other ideas? I'd rather not install PHP etc on the home server, or try to get the GBPVR web UI to work from the home server....

Anything I can do with radius, or chillispot, or a vpn??

magu

Professional yak shaver
1599 posts

Uber Geek

Trusted

BitSignal

Lifetime subscriber

#239659 28-Jul-2009 12:13

VPN would be the way to go there, since you don't want to consolidate your websites in one place.

"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

freitasm

BDFL - Memuneh
79323 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#239662 28-Jul-2009 12:18

magu: VPN would be the way to go there, since you don't want to consolidate your websites in one place.

That's clear. But he wants a VPN with no clients - a VPN over HTTPS. Are there any of these for free or low cost enough for home use?

magu

Professional yak shaver
1599 posts

Uber Geek

Trusted

BitSignal

Lifetime subscriber

#239667 28-Jul-2009 12:27

If I'm not mistaken, OpenVPN can do port 443 traffic, but that still requires a client.

"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

davidcole

6041 posts

Uber Geek

Trusted

#239672 28-Jul-2009 12:34

Another option I may have just stumbled on is reverse proxying....

I guess it will just restrict me to http/https access, but supposedly the proxy server can look at part of the domain name and redirect it to another server....

So if I can get reverse proxying working with authentication (and windows authentication at that) I may have a way to do it. The rest of it (remote control etc, can stay with putty and logmein)....

Now just have to figure out how to reconfigure my squid proxy server....

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#239922 28-Jul-2009 20:29

davidcole: Another option I may have just stumbled on is reverse proxying....

I guess it will just restrict me to http/https access, but supposedly the proxy server can look at part of the domain name and redirect it to another server....

So if I can get reverse proxying working with authentication (and windows authentication at that) I may have a way to do it. The rest of it (remote control etc, can stay with putty and logmein)....

Now just have to figure out how to reconfigure my squid proxy server....

I'd second reverse proxy (I believe you could also have a virtual directory off your apache setup to point to another server).

Disclaimer: I've not yet actually implemented a reverse proxy ...

davidcole

6041 posts

Uber Geek

Trusted

#239928 28-Jul-2009 20:44

ahh bugger, was gonna ask you how.

lostangel

163 posts

Master Geek

#239931 28-Jul-2009 20:59

How about this:

SSH tunnel to a socks proxy on your network, from there remote desktop or vnc to the machines you want access to.

You will still need a client for this, on windows I recommend tunnelier by bitvise, but putty or plink will also work.

Good luck.

^^ Ignore that, as I didn't read your post very well :(

I recommend reading up about mod_proxy with apache
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

That would be able to handle the connections to the other standard http servers, I'm uncertain about https proxying with it though.

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#239940 28-Jul-2009 21:18

(UPDATE : Forgot to add the example URL in place ...)

OK - the way I understand it, you want to have access to other web servers at home ... ignoring the authentication bit, mod_proxy in apache may provide a good way (a tutorial is here http://www.apachetutor.org/admin/reverseproxies).

I've just adding the following into the bottom of my apache configure, and I can now access the nzherald website via http://localhost/app1/ (obviously it looks like kak due to not rewriting the URL's correctly and thus missing the style sheets...):

[ Added to teh end of Apache Configuration ]
ProxyRequests off
ProxyPass /app1/ http://www.nzherald.co.nz/

ProxyPassReverse /

[ END ]

Note that mod_proxy et al. were already installed (this is an internal testing server).

Take note that you heed the warnings about not creating an open proxy ...

HTH

davidcole

6041 posts

Uber Geek

Trusted

#239969 28-Jul-2009 22:21

either I'm doing something wrong or I'm just thick. For a start using webmin to configure.

Which file did you add that to? the apache.conf or the httpd.conf? I've also tried it on a virtual server (the default port 80 one)

I also turned on all the proxy mods (my server is internal as well).

I'm not accessing from local host, but from another machine on the network, would that make a difference?

I get nada....

wazzageek

1093 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#239970 28-Jul-2009 22:27

Which file did you add that to? the apache.conf or the httpd.conf? I've also tried it on a virtual server (the default port 80 one)

I put it in httpd.conf ... although my Apache is running on OS X ...

What version of linux and apache are you running on?

I also turned on all the proxy mods (my server is internal as well).

Was that through webmin as well? I assume that webmin won't offer the option if the mod isn't there?

I'm not accessing from local host, but from another machine on the network, would that make a difference?

I get nada....

It'll only make a difference if your restricting where you can access sites from.

Did you restart apache afterwards?

davidcole

6041 posts

Uber Geek

Trusted

#239971 28-Jul-2009 22:35

Using Apache 2.2.9 on ubuntu server. with webmin 1.480.

Just edited the httpd.conf directly with your 3 lines, and on starting apache it complains wbout the proxypassreverse:
ProxyPassReverse needs a path when not defined in a location

I've removed that line (PassReverse) and http://machine/app1 gets a 404, and interestingly enough http://machine/app1/ gets a 403 error.....

1 | 2