i came to set up a small raspi based server for basic services. I want to make it accesible to different users, who shall have different acces rights. Everything will be based on docker.
In a basic use case i installed a InfluxDB with Grafana, Portainer to organize docker stuff and chronograf for database managment (maybe more to come). Also i have a VPN connection to my local network (not dockerized) and (FUTURE!) i would like to have a PiHole running on it as well (with little use).
So far to my setup on the Raspi4.
Here is how i imagined it to work vs. reality:
VPN acces port 1194, so it should not collide with any other service. (Indeed it works quite well so far)
Grafana is accessible through port 3000, portainer through port 9000 and chronograf through port 8888, which can be changed within docker container setup to be any desired port.
What i hoped to configure:
- HTTP request comes on port 80 with mydyndns.com/grafana (or …com/portainer, …com/AnyKindOfString)
- haproxy makes basic auth to check if the user has rights to acces the service
- if 2 applies: haproxy redirects to localhost:3000, ELSE any kind of error
This is what my haproxy.cfg looked like in the first step (pretty straight forward):
global maxconn 3000 defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms frontend http-in bind *:80 acl has_grafana path_beg /grafana acl has_portainer path_beg /portainer use_backend grafana_backend if has_grafana use_backend portainer_backend if has_portainer default_backend portainer_backend backend grafana_backend server grafana_test 192.168.0.3:4000 check backend portainer_backend server portainer 192.168.0.3:9000 check
Setting portainer as default_backend, i got redirected correctly to portainer when entering only mydyndns.com. Trying to connect to mydyndns.com/grafana i get error 404.
I changed default_backend to grafana and experienced the upside down, so got redirected tografana when typing mydyndns.com and an error with mydyndns.com/portainer.
Same happend with other ports i have tried.
So sadly i couldnt even ovecome the first stept of the reverseproxy setup and after hours of researching i couldnt really find a suitable solution.
trying base auth (frontend and backend) with only grafana i saw some little succes. I got asked for credentials, which i defined in a userlist in the haproxy.cfg file. Sadly i couldnt enter pass through the base auth with any of the created users+insecure_password, ONLY, if they were the same combination as needed for “grafana login” (so the next step login page).
So what i need to find out is:
- redirect to different servers based on the path
- create working base auth (either backend or frontend, doesnt have to be super clean, but safe)
- in addition to all the mentioned stuff, i would like to use the pi as DNS server with pihole installed, which also listens to port 80, just as haproxy in my case and the documentation did not really help me out.
So if anyne has some useful information about all(or only some) of my questions i would appreciace it a lot!!
Thanks and have some nice days off!