Drawpile Server Administration using RestAPI through NGINX reverse proxy
Posted by Greywinde
|
Drawpile Server Administration using RestAPI through NGINX reverse proxy September 27, 2017 07:31PM |
Registered: 6 years ago Posts: 5 |
I need NGINX to take hostname forwarding (free service from noip.com) to and forward the request to the drawpile server (multi user drawing application) on my raspberry pi. The drawpile server is currently configured to respond to 127.0.0.1:8080 only on the raspberry pi itself. I have a generated password file which is already in place. The following block code is placed at the bottom of the file default located in /etc/nginx/sites-enabled/
server {
listen 8080;
server_name localhost greywinde.servebeer.com;
allow all;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect default;
auth_basic "Server Administration";
auth_basic_user_file /etc/nginx/passwords;
}
}
The reason for using NGINX is as follows from the creator of drawpile: "The risk is that there could be a vulnerability in libmicrohttpd, which is the web server embedded in drawpile-srv, that can be exploited without sending a username and password. Such a vulnerability existing in nginx is highly unlikely."
I could be entirely wrong on how to set this up. I'm pretty darn new to Linux and I'm still bumping my way around it here. If you have any suggestions, even if it's related to my script to compile drawpile, it's appreciated. However the main focus at this point is just getting NGINX to work for administrating the drawpile server configuration. I hope this is enough details without being over the top, please feel free to ask for more if I omitted a detail in error.
---------------------------------------------------------------------------------------------
**Details**
Drawpile is set up to be activated by socket 27750 in systemd. I've included the script in case anyone is interested in testing it themselves. Once configured correctly with NGINX, you should be able to start drawpile-srv with the following line to connect to a remote drawpile server to configure it.
Drawpile Script and No-IP Scripts for use on Raspberry Pi 3, Raspbian 4.9
https://drive.google.com/drive/folders/0B1LTac-a237WMVNIWFg4RVJmRmc?usp=sharing
**Windows**
"C:\Program Files (x86)\Drawpile\drawpile-srv.exe" --gui --remote http://greywinde.servebeer.com:8080
**Linux**
drawpile-srv.exe --gui --remote http://greywinde.servebeer.com:8080
---------------------------------------------------------------------------------------------
server {
listen 8080;
server_name localhost greywinde.servebeer.com;
allow all;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect default;
auth_basic "Server Administration";
auth_basic_user_file /etc/nginx/passwords;
}
}
The reason for using NGINX is as follows from the creator of drawpile: "The risk is that there could be a vulnerability in libmicrohttpd, which is the web server embedded in drawpile-srv, that can be exploited without sending a username and password. Such a vulnerability existing in nginx is highly unlikely."
I could be entirely wrong on how to set this up. I'm pretty darn new to Linux and I'm still bumping my way around it here. If you have any suggestions, even if it's related to my script to compile drawpile, it's appreciated. However the main focus at this point is just getting NGINX to work for administrating the drawpile server configuration. I hope this is enough details without being over the top, please feel free to ask for more if I omitted a detail in error.
---------------------------------------------------------------------------------------------
**Details**
Drawpile is set up to be activated by socket 27750 in systemd. I've included the script in case anyone is interested in testing it themselves. Once configured correctly with NGINX, you should be able to start drawpile-srv with the following line to connect to a remote drawpile server to configure it.
Drawpile Script and No-IP Scripts for use on Raspberry Pi 3, Raspbian 4.9
https://drive.google.com/drive/folders/0B1LTac-a237WMVNIWFg4RVJmRmc?usp=sharing
**Windows**
"C:\Program Files (x86)\Drawpile\drawpile-srv.exe" --gui --remote http://greywinde.servebeer.com:8080
**Linux**
drawpile-srv.exe --gui --remote http://greywinde.servebeer.com:8080
---------------------------------------------------------------------------------------------
|
Re: Drawpile Server Administration using RestAPI through NGINX reverse proxy September 27, 2017 09:34PM |
Registered: 6 years ago Posts: 5 |
|
Re: Drawpile Server Administration using RestAPI through NGINX reverse proxy September 27, 2017 10:37PM |
Registered: 6 years ago Posts: 5 |
I think I figured out part of it at least.... I wasn't using the command to restart the NGINX process as I thought using the first command
sudo nginx -s reload
Would be enough. So I combined it with the command below...
sudo /etc/init.d/nginx restart
And now I'm at least getting somewhere. I think the problem I have now lies in how the information is being transferred between NGINX and Drawpile, so I don't think I need any more help. I might post here again with the final configuration used in NGINX to make it all work, once I figure out what that is exactly.
sudo nginx -s reload
Would be enough. So I combined it with the command below...
sudo /etc/init.d/nginx restart
And now I'm at least getting somewhere. I think the problem I have now lies in how the information is being transferred between NGINX and Drawpile, so I don't think I need any more help. I might post here again with the final configuration used in NGINX to make it all work, once I figure out what that is exactly.
|
Re: Drawpile Server Administration using RestAPI through NGINX reverse proxy September 28, 2017 12:39PM |
Registered: 6 years ago Posts: 5 |
In addition to the information given by Andrzej A. Flip (from https://superuser.com/questions/1254358/replace-single-line-with-multline-content-within-the-file-nginx-conf/1254557#1254557 ), you need to escape the semicolon (;), asterisk (*), and forward slash (/) characters. The \n makes it a new line, and use -i.bak to make a backup of the file before making the change with an .bak extension.
sudo sed -i.bak 's/^ include \/etc\/nginx\/sites-enabled\/\*\;$/&\n \n server {\n listen 8081\;\n \n location \/ {\n proxy_pass http:\/\/127.0.0.1:8080\/\;\n proxy_redirect default\;\n auth_basic "Server Administration"\;\n auth_basic_user_file \/etc\/nginx\/passwords\;\n }\n}\n/' /home/pi/Public/NGINX-test/nginx.conf
sudo sed -i.bak 's/^ include \/etc\/nginx\/sites-enabled\/\*\;$/&\n \n server {\n listen 8081\;\n \n location \/ {\n proxy_pass http:\/\/127.0.0.1:8080\/\;\n proxy_redirect default\;\n auth_basic "Server Administration"\;\n auth_basic_user_file \/etc\/nginx\/passwords\;\n }\n}\n/' /home/pi/Public/NGINX-test/nginx.conf
|
Re: Drawpile Server Administration using RestAPI through NGINX reverse proxy October 13, 2017 09:36AM |
Registered: 6 years ago Posts: 5 |
***THIS QUESTION IS OFFICIALLY SOLVED.***
I would have deleted/edited posts if I could, but alas I cannot. So I'm posting a final update.
------------------------------------------------------------------------------------------------------------------------------
This is the actual configuration I used for NGINX, located in /etc/nginx/nginx.conf under the line "include /etc/nginx/sites-enabled/*;" See the attached image for proper formatting.
server {
listen 8081;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect default;
auth_basic "Server Administration";
auth_basic_user_file /etc/nginx/passwords;
}
------------------------------------------------------------------------------------------------------------------------------
The line below is the line I use to insert my desired changes to NGINX by script.
sudo sed -i.bak 's/^ include \/etc\/nginx\/sites-enabled\/\*\;$/&\n \n server {\n listen 8081\;\n \n location \/ {\n proxy_pass http:\/\/127.0.0.1:8080\/\;\n proxy_redirect default\;\n auth_basic "Server Administration"\;\n auth_basic_user_file \/etc\/nginx\/passwords\;\n }\n}\n/' /etc/nginx/nginx.conf
------------------------------------------------------------------------------------------------------------------------------
And this is the final copy of the script I made for creating a drawpile server on the Raspberry Pi 3 running Raspbian Stretch 4.9.
https://docs.google.com/document/d/1l-3rYol468mpZg-TEo4d_zJt0ddpm6U_IlSz3nd6SlQ/edit
I would have deleted/edited posts if I could, but alas I cannot. So I'm posting a final update.
------------------------------------------------------------------------------------------------------------------------------
This is the actual configuration I used for NGINX, located in /etc/nginx/nginx.conf under the line "include /etc/nginx/sites-enabled/*;" See the attached image for proper formatting.
server {
listen 8081;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect default;
auth_basic "Server Administration";
auth_basic_user_file /etc/nginx/passwords;
}
------------------------------------------------------------------------------------------------------------------------------
The line below is the line I use to insert my desired changes to NGINX by script.
sudo sed -i.bak 's/^ include \/etc\/nginx\/sites-enabled\/\*\;$/&\n \n server {\n listen 8081\;\n \n location \/ {\n proxy_pass http:\/\/127.0.0.1:8080\/\;\n proxy_redirect default\;\n auth_basic "Server Administration"\;\n auth_basic_user_file \/etc\/nginx\/passwords\;\n }\n}\n/' /etc/nginx/nginx.conf
------------------------------------------------------------------------------------------------------------------------------
And this is the final copy of the script I made for creating a drawpile server on the Raspberry Pi 3 running Raspbian Stretch 4.9.
https://docs.google.com/document/d/1l-3rYol468mpZg-TEo4d_zJt0ddpm6U_IlSz3nd6SlQ/edit
Sorry, only registered users may post in this forum.
Online Users
Guests:
298
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|