Reverse Proxy Traffic on CyberPanel (Include New Method)

[Kosmito]

With OpenLiteSpeed

Old Method

► Show Spoiler

Open command line and edit: /usr/local/lsws/conf/httpd_config.conf

Code: Select all

extprocessor dockerbackend {
  type                    proxy
  address                 127.0.0.1:8080
  maxConns                100
  pcKeepAliveTimeout      60
  initTimeout             60
  retryTimeout            0
  respBuffer              0
}

Take note of the address line. Make sure to replace port 8080 with appropriate port (in our case our container was being mapped to port 8080 to the outside world)

Use Rewrite Rules to Proxy traffic your app

You can now use rewrite rules to proxy traffic to your container, now edit rewrite rules for the domain you choose in Step 1 using the rewrite rule guide 256. You can use these rules:

Code: Select all

REWRITERULE ^(.*)$ HTTP://dockerbackend/$1 [P]

If you want to force redirect SSL then use the following

Code: Select all

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
REWRITERULE ^(.*)$ http://dockerbackend/$1 [P]

With LiteSpeed Enterprise Web server

Let see how we can do the same with LiteSpeed Enterprise Web server. If you have installed CyberPanel Ent, you are using LiteSpeed Enterprise Web server. If you are not already on CyberPanel Ent and want to switch you can read the switch guide 14.

Open command line and edit: /usr/local/lsws/conf/httpd_config.xml

Paste following content:

Code: Select all

<extProcessor>
      <type>proxy</type>
      <name>dockerbackend</name>
      <address>127.0.0.1:8080</address>
      <maxConns>100</maxConns>
      <pcKeepAliveTimeout>60</pcKeepAliveTimeout>
      <initTimeout>60</initTimeout>
      <retryTimeout>0</retryTimeout>
      <respBuffer>0</respBuffer>
</extProcessor>

Make sure to paste it inside in the configuration file. Take note of the address line. Make sure to replace port 8080 with appropriate port (in our case our container was being mapped to port 8080 to the outside world)

Use Rewrite Rules to Proxy traffic your app

You can now use rewrite rules to proxy traffic to your container, now edit rewrite rules for the domain you choose in Step 1 using the rewrite rule guide 256. You can use these rules:

Code: Select all

RewriteEngine On
REWRITERULE ^(.*)$ HTTP://dockerbackend/$1 [P]

If you want to force redirect SSL then use the following:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
REWRITERULE ^(.*)$ HTTP://dockerbackend/$1 [P]

New Method

The New method is not necesary the console we are going to do it on the cyberpanel directly,

We go first to the website control panel, there we go to the section of the Vhost Config, this is going to open the file config of the vhost like this example

demo-web.vhost

Code: Select all

docRoot                   /home/demo-web/public_html
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
adminEmails               demo@demo
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html
}

errorlog $VH_ROOT/logs/demo-web.com.error_log {
  useServer               0
  logLevel                WARN
  rollingSize             10M
}

accesslog $VH_ROOT/logs/demo-web.com.access_log {
  useServer               0
  logFormat               "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
  logHeaders              5
  rollingSize             10M
  keepDays                10  
  compressArchive         1
}

phpIniOverride  {

}

module cache {
 storagePath /usr/local/lsws/cachedata/$VH_NAME
}

scripthandler  {
  add                     lsapi:demo-web3097 php
}

extprocessor medus41863097 {
  type                    lsapi
  address                 UDS://tmp/lshttpd/demo-web3097.sock
  maxConns                10
  env                     LSAPI_CHILDREN=10
  initTimeout             60
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               1
  path                    /usr/local/lsws/lsphp84/bin/lsphp
  extUser                 demo-web
  extGroup                demo-web
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500
}

rewrite  {
  enable                  1
  autoLoadHtaccess        1
}

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge
  allowBrowse             1

  rewrite  {
    enable                  0
  }
  addDefaultCharset       off

  phpIniOverride  {

  }
}


vhssl  {
  keyFile                 /etc/letsencrypt/live/demo-web/privkey.pem
  certFile                /etc/letsencrypt/live/demo-web/fullchain.pem
  certChain               1
  sslProtocol             24
  enableECDHE             1
  renegProtection         1
  sslSessionCache         1
  enableSpdy              15
  enableStapling           1
  ocspRespMaxAge           86400
}

now we change from this line

Code: Select all

scripthandler {....
to
rewrite{

}

to this line with this new code

Code: Select all

extprocessor PROXY-NAME {
   type                    proxy
  address                 127.0.0.1:PORT-OF-THE-SERVICE
  maxConns                200
  pcKeepAliveTimeout      60
  initTimeout             20
  retryTimeout            0
}

scripthandler  {
 add proxy:PROXY-NAME
}

context / {
  type                    proxy
  handler                 PROXY-NAME
  addDefaultCharset       off
 
  rewrite  {
    enable 1
    autoLoadHtaccess 1
    RewriteEngine On
    RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    REWRITERULE ^(.*)$ HTTP://127.0.0.1:PORT-OF-THE-SERVICE/$1 [P]
  }
}    

rewrite  {
  enable 1
  autoLoadHtaccess 1 
}

Remember change this part

PROXY-NAME /// With a name for the proxy for example ( minecraftserver )
PORT-OF-THE-SERVICE /// With the port of the service running on backend for example ( 25565 )

Everytime you change the config on the Vhost File is going to reload the OpenLiteSpeed Server so the change are immediate.

i will left a full example with the change so you can compare how the file need to look with the change.

demo-web-with-the-change.vhost

Code: Select all

docRoot                   /home/demo-web/public_html
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
adminEmails               demo@demo
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html
}

errorlog $VH_ROOT/logs/demo-web.com.error_log {
  useServer               0
  logLevel                WARN
  rollingSize             10M
}

accesslog $VH_ROOT/logs/demo-web.com.access_log {
  useServer               0
  logFormat               "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
  logHeaders              5
  rollingSize             10M
  keepDays                10  
  compressArchive         1
}

phpIniOverride  {

}

module cache {
 storagePath /usr/local/lsws/cachedata/$VH_NAME
}

extprocessor minecraftserver {
   type                    proxy
  address                 127.0.0.1:25565
  maxConns                200
  pcKeepAliveTimeout      60
  initTimeout             20
  retryTimeout            0
}

scripthandler  {
 add proxy:minecraftserver
}

context / {
  type                    proxy
  handler                 minecraftserver
  addDefaultCharset       off
 
  rewrite  {
    enable 1
    autoLoadHtaccess 1
    RewriteEngine On
    RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    REWRITERULE ^(.*)$ HTTP://127.0.0.1:25565/$1 [P]
  }
}    

rewrite  {
  enable 1
  autoLoadHtaccess 1 
}

context /.well-known/acme-challenge {
  location                /usr/local/lsws/Example/html/.well-known/acme-challenge
  allowBrowse             1

  rewrite  {
    enable                  0
  }
  addDefaultCharset       off

  phpIniOverride  {

  }
}


vhssl  {
  keyFile                 /etc/letsencrypt/live/demo-web/privkey.pem
  certFile                /etc/letsencrypt/live/demo-web/fullchain.pem
  certChain               1
  sslProtocol             24
  enableECDHE             1
  renegProtection         1
  sslSessionCache         1
  enableSpdy              15
  enableStapling           1
  ocspRespMaxAge           86400
}

Good Luck!