Reverse Proxy
A reverse proxy is a service which a client can connect to and it’ll forward all connections to respective service, usually internally. This is mostly used for HTTP requests, where the reverse proxy will handle the default ports, certificates and hosts to keep track on. All requests are then forwarded to an internal web server, or any other server that supports HTTP. It separates the direct access to services and makes it possible for one IP to be used with several services. There are many programs for this, some that are full blown web servers.
As I use Apache2 in my web server, I used that not only to serve clients with web data for some domains, but also forwarded some requests to other services. This worked fine, but it made the whole system coupled, and leaving Apache encumbered if it needed both to do web requests and proxying. I therefore chose to move out the reverse proxy, including all certificates, to another VM. There were also more issues, but that is for another post.
Over a year ago I started designing an Ansible playbook, refactored it into a couple of roles, and finally tested it last month with two test VMs. The reason for the time was that it included Apache2, PHP-FPM, MariaDB and Nginx(as proxy, chosen due to compatibility issues). All these worked together and was made to be applied on top of the current web server, while also modifying certain aspects, like configs, to be more universal. The proxy would allow not only a gateway to the web server, but also for some of my other services. It would also secure down my web server which have had sort of a default config regarding domains that worked but was not configured at all.
When I finally had determined the playbook finished, I started an afternoon with a backup, run the playbook and immediately ran into issues. About 5 hours later I found myself at a complete system, the whole server being sort of inaccessible for about 3 hours while I was working. The next 2 days I tinkered a bit with some configs, and fixed some bugs and issues that were raised due to my minimal testing, but now it is in a similar state as before, except some services which is not urgent to fix.
I have been mean to do this for years, but found it a bit tricky, would take days and leave my web server down while I was doing it. I am happy with the result and this will make it a lot easier changing certain things. More details at a later date.