Reverse Proxy using lighttpd with external.conf warning: "unknown config-key: proxy.server"

niska · March 25, 2019, 11:09am

I'm running a fresh install of Raspbian Stretch Lite. I've done apt-get update and apt-get upgrade.

I want to set up a reverse proxy in order to use another webserver (PlexConnect) at port 80 at the same RPi server as Pi-hole. Both webservers normally use port 80. However, I've set up PlexConnect to listen to port 8080. My goal is to make requests to trailers.apple.com port 80 to be "forwarded" to the PlexConnect webserver at port 8080.

I'm a beginner, but as far as I understand a part of the solution is to add a proxy server to the /etc/lighttpd/external.conf.

This is my code:
server.modules += ( "mod_proxy" )
$HTTP["host"] == "trailers.apple.com" {
proxy.server = ( "/" => ( (
"host" => "127.0.0.1",
"port" => 8080
) ) )
}

However, this code doesn't work.

$ sudo service lighttpd reload
[FAIL] Reloading web server configuration: lighttpd failed!

$ lighttpd -v
lighttpd/1.4.45 (ssl) - a light and fast webserver
Build-Date: Jan 14 2017 21:07:19

$ sudo tail /var/log/lighttpd/error.log
2019-03-25 10:33:03: (server.c.1828) server stopped by UID = 0 PID = 19231
2019-03-25 10:33:03: (log.c.217) server started
2019-03-25 10:33:03: (server.c.1295) WARNING: unknown config-key: proxy.server (ignored)

debug token is: https://tricorder.pi-hole.net/8nziq8lj7m!

It seems as the lighttpd server does not support proxy.server - do I need to update lighttpd (how?) or is there another solution?

DanSchaper · March 25, 2019, 11:24am

Did you enable the proxy module?

sudo lighttpd-enable-mod proxy

niska · March 25, 2019, 11:32am

I have now. I still get FAIL - but nothing new is appended to the error.log.

$ sudo service lighttpd reload
[FAIL] Reloading web server configuration: lighttpd failed!

DanSchaper · March 25, 2019, 11:34am

Check sudo /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf

However this most likely will not work as you expect. http://trailers.apple.com may be able to be intercepted and redirected, but apple uses TLS and https://trailers.apple.com can not be impersonated without distributing your own certificates and certificate authority.

niska · March 25, 2019, 11:41am

$ sudo /usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2019-03-25 11:40:06: (plugin.c.187) Cannot load plugin mod_proxy more than once, please fix your config (lighttpd may not accept such configs in future releases)

Regarding TLS: I have followed this guide Install Guide Mac Certificates · iBaa/PlexConnect Wiki · GitHub to generate certificates. They are now found in /usr/local/lib/PlexConnect/trailers.cer and /usr/local/lib/PlexConnect/trailers.pem. But I'm not sure how to make lighttpd use them. I'm guessing I will have to make a separate entry in /etc/lighttpd/external.conf for port 443?

DanSchaper · March 25, 2019, 11:46am

Check your configurations for mod_proxy being listed more than once.

That said, this is not a Pi-hole issue and you'll need to contact the author of that other guide to see how to configure your system.

niska · March 25, 2019, 11:48am

Removing "server.modules += ( “mod_proxy” )" from conf made the error go away. Thanks!

system · April 15, 2019, 11:48am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.