Setting up a reverse proxy using nginx for your FREENAS jails

Setting up a reverse proxy using nginx for your FREENAS jails

FREENAS, GNU/Linux, nginx

I am a big user of FREENAS and the goal behind this was to have one domain and to redirect the requests for my jails using, “jails/sickrage”, “jails/sonarr”, etc…

In order to do this, what you need to do is get an nginx server up and running. For this, I simply created a Linux Jail template and installed nginx.

This post makes the assumptions that you are using FREENAS, you are proficient in using vi or nano and that your jails are properly configured to handle reverse proxies, if not, I can do a guide on this in the future for the things you’ll need to configure for them to work correctly and you know how to set up a custom jail.

On your nginx server, locate the nginx.conf file. You can do this by using the find command in Linux but for me this file is located in /usr/local/etc/nginx, this may vary on the distribution that you use.
Now edit this file with your editor of choice.

Locate the following line: server {
Specify a server_name in my case, I named it jails.

Underneath this line type include proxy_setup.conf; (you could do the below all in the nginx.conf file but this way it’s cleaner.)

Now save and exit this file.

Now we will create a file named proxy_setup.conf in the current directory.

The general rule with this file is as follows:

    location /couchpotato {
     proxy_pass http://192.168.0.101:5050;
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }

     location /sickrage {
     proxy_pass https://192.168.0.102:8081;
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }

     location /web {
     proxy_pass http://192.168.0.103:32400;
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }

     location /ntopng {
     proxy_pass https://192.168.0.1:3000;
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }

     location /sonarr {
     proxy_pass http://192.168.0.105:8989;
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }

     location /sabnzbd {
     proxy_pass http://192.168.0.106:8080;
     proxy_redirect off;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }

The parts that you will need to change is proxy_pass and location.

This is my current working configuration. Remember, you will need to configure the jails to handle reverse proxies otherwise they won’t work. Generally, you just need to go into the .ini file of the jails and change handle_reverse_proxy = 0 to handle_reverse_proxy = 1 and to change the URL base/web root of the jail to match that of the location specified in your proxy file that points to that jail.

Enjoy not having to remember the IPs and Port numbers for each of your jails 🙂

Nathan

Chromecast devices not discoverable on Linux

Chromecast devices not discoverable on Linux

GNU/Linux

The documentation from Google indicates that the Google Cast extension is not supported in Linux, but it actually does work. In order for it to work you must configure iptables to allow the uPnP/SSDP traffic used by the Google Cast browser extension to discover the Chromecast Devices.

The browser will send a multicast UDP packet from the local IP and an ephemeral (random) port to 239.255.255.250 port 1900. The ChromeCast device will respond with a unicast UDP packet from the ChromeCast device’s IP and another ephemeral port to the source IP/port of the multicast packet. Note that this is slightly different than most other UPnP devices, which will usually respond with a unicast UDP packet from port 1900 instead of an ephemeral port.

You will need to add a rule to accept UDP packets on all ephermeral ports. The ephermal port range for the inital multicast packet should be 32768 to 61000.

iptables -I INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT

Once you have made this change in iptables you must restart the browser. You should now find your Chromecast devices to be discoverable in Chrome.

How to properly end a KDE session from shell without root privileges

How to properly end a KDE session from shell without root privileges

GNU/Linux

To end a KDE session from the shell without root privileges what you can do is send a logout command via dbus to KDE. This then should terminate the session.

The command is as follows:
qdbus org.kde.ksmserver /KSMServer logout 0 0 0

dbus is a messaging system that lets applications communicate with each other, and the qdbus command is a utility for sending dbus messages to applications.

Applications register with dbus, and the ksmserver part of KDE is the session manager – it looks after who is logged in.

So we are sending a message to ksmserver to the /KSMServer interface and telling it to logout. The message we are sending is the exact same message that is sent to KSM when you click on the logout icon on your desktop.

The three zeros are parameters and can alter the type of logout we are doing:

First parameter:

0 = Do not wait for confirmation
1 = Wait for confirmation (with a 30 second timeout)
Second parameter:

-1 = Prompt for action, defaulting to shutdown (Only makes sense when waiting for confirmation.)
0 = Logout
1 = Restart
2 = Shutdown
The third parameter is the “when” parameter, but it isn’t clear what its impact is.

This is especially useful for when you are having an issue with your session and by doing this, prevents you from having to do a force shutdown as once you’ve terminated the session, you can start a new one from the terminal.