Reverse proxy configuration on separate machine

Support Podmin Support
1

I am looking for help to setup reverse proxy using Nginx where Diaspora* and Nginx are not running on the same machine.
Current setup:

  • Machine A runs both Diapsora* and Nginx.

Desired setup::

  • Machine A to run only Diaspora*
  • Machine B to run only Nginx

Both machines are in the same LAN and behind NAT.

Current setup
I have managed to get Diaspora* and Nginx up and running together on a single machine using this guide using the following nginx.conf below.

upstream diaspora_server {
  server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
}

server {
  listen 80;
  listen [::]:80;
  server_name pod.lbwsk.nl;
  return 301 https://pod.lbwsk.nl$request_uri;

  access_log /dev/null;
  error_log /dev/null;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name pod.lbwsk.nl;

  access_log /var/log/nginx/dspr-access.log;
  error_log /var/log/nginx/dspr-error.log;

  ssl_certificate /etc/letsencrypt/live/pod.lbwsk.nl/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/pod.lbwsk.nl/privkey.pem;

  ssl_protocols TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
  ssl_ecdh_curve X25519:P-521:P-384:P-256;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;

  root /home/diaspora/diaspora/public;

  client_max_body_size 5M;
  client_body_buffer_size 256K;

  try_files $uri @diaspora;

  location /assets/ {
    expires max;
    add_header Cache-Control public;
  }

  location @diaspora {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://diaspora_server;
  }
}

I have setup Machine B using Centos Stream 9 with Nginx and copied the conf above into the Nginx.conf of Machine B with following exception:

proxy_pass http://xxx.xxx.xxx.xxx;

I have set all the xxx’s to the local LAN IP. However, this gives a 502 Bad Gateway. Any feedback on what I am doing wrong would be very helpful.

Thanks

2

So i have managed to get desired setup with Machine A and Machine B working, but not with diaspora.sock. Is there a way to make this work using diaspora.sock instead the method below using an IP and port number?

Instead I have got the setup running by changing the diaspora.toml on Machine A from:

listen = “unix:tmp/diaspora.sock”

to:

listen = “xxx.xxx.xxx.xxx:3000”

where xxx.xxx.xxx.xxx represents the LAN IP of Machine A

On Machine B I followed this guide to setup the reverse proxy with Centos Stream 9 and Nginx. I have used the info from the Nginx.conf file posted earlier to make it work.

3

You can change where the diaspora runserver is listening at in diaspora.yml/diaspora.toml, there’s even an example for using a port.

In practice, that doesn’t help you too much, though, as something needs to serve the static files in public/ (things like css/js, but also user uploads). A more realistic setup probably would be to have nginx on both machine A and machine B, where machine A only exposes http in an internal network or something, and machine B then forwards all traffic for that domain to machine A.

4

Dennis, thanks for your reply. I have indeed noticed that content of my own posts. like pictures, do not show. What you suggest is basically a proxy server, right? If not, please provide a little more guidance as what and where I could find what you are referring to.

Thanks in advance.

5

Yeah, but using nginx for both works just fine.