I seem to have trouble trying to run a particular server application locally in a VirtualBox VM from my Ubuntu host (that will eventually be deployed offsite which is why I’m testing with a VM) — providing the ability of the host to go to a web browser and go to https://localhost/ to get to the server's web portal.
(Host Ubuntu 18.04, guest CentOS 7 with NAT + port forwarding in VirtualBox for SSH port 2200 -> 22 and web content on port 443 -> 443)
SSH works fine via this port forward from 2200 -> guest 22 so I know there isn't an issue outside the NAT port forwarding config.
The problem appears to be that port 443 being passed through as the same from VirtualBox > Network > port forwarding.
I believe the system is not allowing me to forward to a 'low port number' 443 being the case. Like any port below 1024 or something cannot be assigned correctly I need a way to override this but workarounds so far have not succeeded.
I did succeed at simply forwarding to a higher port number on the host (e.g. 4430 instead of 443) - I was able to get the server portal page to pop up on my host web browser. But then trying to navigate to a different page in the web portal, each time it navigates to a new URL it 'undoes' the higher port assignment and the server instructs the client to again use 443, and thus it fails.
Still looking at workarounds such as authbind and setcap but my initial attempts at both those by assigning to VirtualBox specifically (/usr/bin/virtualbox) have not succeeded as of yet.
FYI, I cannot currently make changes to the server-side software (can only take its output on 443 and somehow map it onto my host and be able to use a web browser to access it).
I set up an Apache2 proxy daemon on my host machine which proxies traffic on port :443 to :4430 with SSL enabled (needed to talk to SSL server running on locally running VirtualBox VM (CentOS server)
The trick was that the VM server wanted https over that port and most online answers only handle HTTP with no SSL authentication. The below approach accounts for SSL in the Apache2 proxy!
Make sure you have this in VirtualBox config > Network > NAT > Port forwarding:
Protocol TCP
Host IP 127.0.0.1
Host Port 4430
Guest IP 10.0.2.15
Guest Port 443
So with the VM listening to host on 4430, the challenge is now to allow browser requests to localhost:443 on the host get proxied to --> VM :4430. (also vice-versa)
This means we need a mechanism to proxy and reverse proxy from host <-> guest VM on these ports!
This is usually not that hard for http (most workarounds on SO cite this usecase), but https adds SSL prickly complexity, which after trying several different potential workarounds (authbind, nginx, ssh tunnel, etc.) I settled in on setting up a proxy via Apache2 on my host machine...
Begin by installing Apache2
sudo apt install apache2
Enable needed Apache2 plugins:
a2enmod proxy_http proxy ssl
Ran openssl as follows. It generated SSL cert (all defaults, just kept hitting enter for each prompt):
mkdir -p ~/certs && cd ~/certs
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt
Now that the certificate files exist, create a new site in apache2 by creating and editing this file:
/etc/apache2/sites-enabled/001-myserverproxy.conf
Contents:
<VirtualHost *:443>
#DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# CUSTOM STUFF NEEDED FOR SSL PROXY
SSLEngine On
SSLProxyEngine on
SSLProxyCheckPeerCN off
# this needs to be off because cert does not match server name
SSLProxyCheckPeerName off
# MAKE SURE THE CERTS ARE GENERATED AND AT THE CORRECT PATH
SSLCertificateFile /home/myuser/certs/mysitename.crt
SSLCertificateKeyFile /home/myuser/certs/mysitename.key
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / https://localhost:4430/
ProxyPassReverse / https://localhost:4430/
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Now make sure Apache2 daemon service can run and restart it!
sudo systemctl restart apache2
Now go to browser on host machine and you should be able to browse the VM server from localhost normally!
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments