Just setup a MiaB VM at home it’s working great. My MiaB is not right on the internet, but on a private network behind a firewall with all the appropriate ports forwarded to it.
Now I want to restore access to my owncloud server running on another machine (different domain name). I only have the one IP, so I’m looking for something that will sit inbetween my firewall and MiaB/owncloud, that will inspect the hostname (SNI) and forward the request to the appropriate server.
Does anyone have any experience with this kind of setup?
My firewall is pfSense and my first search results are turning up something called Varnish so I’m looking into that for now. I’ve also heard the “Reverse Proxy” term used with Apache and nginx, but I don’t know anything about them. Maybe it’s something I could setup on my Ubuntu owncloud server to forward to MiaB? I don’t want to fiddle with MiaB, but maybe there’s a way it could be a reverse proxy for my owncloud server?
Keeping in mind that everything you’re going to do will not be supported:
Harder: You could try HAProxy. Depending on your configuration you might have to basically Man-in-the-Middle yourself.
Easiest: You could try editing the nginx.conf file on your MIAB to proxy to your internal IP hosting your own ownCloud, for the /cloud/ directory on your MIAB. You would need to restore this modification to the nginx config after each MIAB update.
Also, you may well experience email delivery issues to other email systems if your IP PTR record does not match the FQDN you’ve set for your MIAB, as many email systems rely on forward-confirmed reverse DNS checks for verifying incoming email is originating where it claims to originate from. Moreover, many residential ISP net space blocks are blacklisted by Spamhaus as a matter of course.
Thanks! I installed HAProxy on my pfSense firewall and got it working with no changes to MiaB. I created two MiaB backends, SSL and non-ssl, and two MiaB front ends.
For the SSL Frontends, I didn’t use SSL Offloading and the ACL was “Server Name Indication TLS Extension ends with” with the value of my domain. This catches the plain domain, and the www and box prefix. The non-ssl front-end ACL used “Host ends with”.
I then repeated the process, creating two more backends and two more frontends, for my other domain.
I had to disable Back-End health checking, the default wasn’t working and I just need to learn how to do it right.
I recognize the problems of running MiaB at home, but this is currently just a learning exercise; my IP is in the Spamhaus Block List, I can’t change my reverse DNS, and my public IP address changes on every reboot of the firewall. So far I’ve been able to setup external DNS and use dynamic DNS to update my A records and I can send and receive test messages, and access the web, SMTP and IMAP interfaces remotely.
Have fun with Mail-in-a-Box! I experimented with it at home before pushing it into production too, and that was time well spent in my experience. We’ll be here if you need any further suggestions or have questions.
