[nos-bbs] https support web based BBS access (mod_proxy)
M Langelaar
maiko at pcsinternet.ca
Fri Nov 19 11:54:55 EST 2021
I forgot to mention, to access this you would simply use (in my case) :
https://www.langelaar.net/jnosbbs
and magically you see the web based user bbs (secured internet side)
So no more worry about clear text data and such outside the system.
M
On 19/11/2021 10:52 a.m., M Langelaar wrote:
> Good morning,
>
> This feature requires you to run apache with mod_proxy capabilities.
> I'll leave
> it to you to get that done on your own. If you don't have apache or
> don't want
> to install it then this is not for you. If you can get it work for
> NGINX as well ?
>
> See my danger warning about proxying at the end of this email -
> important to read !
>
> This will all be added to the j2addendum 'soon', but in case people
> want to play :)
>
> Including other improvements as well, the latest bbs10000.c from the
> offiical
> rsync site has support for anyone wanting SECURE access to the JNOS port
> 10000 web based user bbs interface. You can just grab the one file if
> that's all
> you are interested in. The procedure is as follows :
>
> 1) edit your config.h and add the following entry at the top :
>
> #define APACHE_MOD_PROXY_BBS10000
>
> 2) grab the latest bbs10000.c from the rsync site
>
> 3) compile your jnos (don't have to do a mass compile) as follows :
>
> rm bbs10000.o ; make
>
> 4) edit your httpd.conf and INSIDE of your virtual host :443 add these
> two entries (replacing the IP information with whatever your internal
> JNOS ip address happens to be, these are from my system) :
>
> ProxyPass "/jnosbbs" "http://192.168.4.201:10000"
> ProxyPassReverse "/jnosbbs" "http://192.168.4.201:10000"
>
> The #define I mentioned earlier relies on the exact jnosbbs suffix, so
> just make sure your ip address is correct, the port is the default.
>
> There is a danger of running this in proxy mode, regardless of doing
> it this way or using that perl tcp redirect proxy I mentioned before. The
> way JNOS does it`s `callback`management is that it depends on unique
> IP addresses to figure out which session an incoming user should be using
> internal to JNOS. With proxy mode, the danger is if someone is already
> connected ? any subsequent user will be greeted with and be allowed to
> interact with that calls session, and see and affect everything going
> on !
>
> That is very dangerous. SO, if you are going to proxy to the internet,
> then do NOT make your link public. I am trying to find a way to deal
> with this, and making some progress, but it's not done yet. You've
> been warned.
>
> But for personal use, and firewall rules, this might be very handy for
> those that want to check their JNOS systems via web interfaces, ie:
> on a phone or something. I'll try and figure this conflict out asap.
>
> Maiko / VE4KLM
>
>
More information about the nos-bbs
mailing list