Lighttpd Reverse Proxy with SSL/HTTPS

Question

I am trying configure Lighttpd to redirect/handle port-specific requests to a subdomain.

I can access my plex server via https://www.example.com:32400/

I would like that to be redirected to https://plex.example.com/

I have the following config, but there isn't any SSL associated with the link. SSL is working fine on the main page, but nothing else.

$HTTP["host"] == "plex.example.com" {
    proxy.server  = ( "" => ( (
            "host" => "127.0.0.1",
            "port" => 32400
    ) ) )
}

score 1 · Answer 1 · answered Jul 10 '19 at 08:30

1

See: https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModProxy

lighttpd mod_proxy is a reverse proxy. lighttpd mod_proxy does not currently support SSL/TLS connections to the backend server.

If you want to use lighttpd as your reverse proxy, you would need to disable HTTPS on the backend (Plex) service.

Other tools would work, like a port forward using iptables. (This assumes tht the application does not use absolute links to itself, for which a more complicated solution, like Apache's mod_proxy_html to rewrite modifiy the returned data to fix the links)

answered Jul 10 '19 at 08:30

Gert van den Berg

175
8

can we first terminate TLS in lighttpd then redirect HTTP only? – Vincent Alex Feb 11 '20 at 20:53
@VincentAlex You should be able to set up a HTTPS site in lighttpd that just redirects to HTTP (The answer is more about where the backend behind the proxy is running HTTPS instead of HTTP) – Gert van den Berg Feb 13 '20 at 13:53
This is a joke. Why this is not supported? – Marek Marczak Aug 25 '20 at 09:38

score 0 · Answer 2 · answered Aug 10 '22 at 10:25

0

Assuming you control the backend server, you can use an unprivileged SSH tunnel from the front-end server to the backend to add transport-layer encryption. SSH session multiplexing can help reduce latency.

answered Aug 10 '22 at 10:25

Daniel

191
2
16

Lighttpd Reverse Proxy with SSL/HTTPS

2 Answers2