I have the following setup:

  1. DO Droplet running Ubuntu 18 with Tinc VPN (server)
  2. rPi in remote location also running Tinc connected to server

The rPi is behind a router/firewall that I have no control over, so I can’t port forward there.

When I ssh to the DO droplet, I can then ssh to the rPi using the VPN address. So the VPN is working.

I need to be able to open a browser window on a random client machine and connect to a port on the DO server which will connect me to the rPi. Specifically, the rPi is running node-red, so it’s port 1880.

I tried setting up a proxy using NGINX to do it, but was unable to get it working. I also tried a simple port forward using iptables, but no luck there either.

Suggestions?

TIA

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi @jpkeenanjr,

I’ll use Nginx’s proxy as well. I usually use the following DigitalOcean article:

https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-18-04-server

Can you try once again to go over it and see if it works. If it doesn’t please post your Nginx configuration file.

Another thing you can see is you Access logs to see how it redirects your connections to the server.

Regards,
KFSys

by Jesin A
In this tutorial you'll configure Nginx as both a web server and as a reverse proxy for Apache to host four domains on a single server.
  • I tried the following Nginx config, but it did not work. I might need some firewall rules to go with it.

    server {
        listen 1880;
        location / {
            proxy_pass http://10.0.0.2:1880/;
        }
    }
    
    
    • Hello @jpkeenanjr,

      Please note that 10.0.0.2 is an internal IP address so if you are not in one network trying to reach 10.0.0.2 would not be possible.

      The next step would be to allow connection from your droplet to the other droplet on port 1880 via IPtables.

      sudo iptables -A INPUT -p tcp -s XXX.XXX.XXX.XXX --dport 1880 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
      sudo iptables -A OUTPUT -p tcp --sport 1880 -m conntrack --ctstate ESTABLISHED -j ACCEPT
      

      Please remember to change XXX.XXX.XXX.XXX with the IP address the request is coming from i.e your droplet.

      Regards,
      KFSys

Submit an Answer