[nos-bbs] https support web based BBS access (mod_proxy)

M Langelaar maiko at pcsinternet.ca
Fri Nov 19 17:13:10 EST 2021 

One last thing. Technically a header rewrite entry in httpd.conf should be
able to handle the https <-> http proxy, without needing to change code
in the bbs10000.c source file, but I had some issues trying to make it
work, and rewrite rules are not my forte' so that's why I did the mod.

If someone wants to give it a shot without the mod, go for it please.

Maiko / VE4KLM

On 19/11/2021 10:54 a.m., M Langelaar wrote:

> I forgot to mention, to access this you would simply use (in my case) :
>
>     https://www.langelaar.net/jnosbbs
>
> and magically you see the web based user bbs (secured internet side)
>
> So no more worry about clear text data and such outside the system.
>
> M
>
> On 19/11/2021 10:52 a.m., M Langelaar wrote:
>> Good morning,
>>
>> This feature requires you to run apache with mod_proxy capabilities. 
>> I'll leave
>> it to you to get that done on your own. If you don't have apache or 
>> don't want
>> to install it then this is not for you. If you can get it work for 
>> NGINX as well ?
>>
>> See my danger warning about proxying at the end of this email - 
>> important to read !
>>
>> This will all be added to the j2addendum 'soon', but in case people 
>> want to play :)
>>
>> Including other improvements as well, the latest bbs10000.c from the 
>> offiical
>> rsync site has support for anyone wanting SECURE access to the JNOS port
>> 10000 web based user bbs interface. You can just grab the one file if 
>> that's all
>> you are interested in. The procedure is as follows :
>>
>> 1) edit your config.h and add the following entry at the top :
>>
>>     #define APACHE_MOD_PROXY_BBS10000
>>
>> 2) grab the latest bbs10000.c from the rsync site
>>
>> 3) compile your jnos (don't have to do a mass compile) as follows :
>>
>>     rm bbs10000.o ; make
>>
>> 4) edit your httpd.conf and INSIDE of your virtual host :443 add these
>>     two entries (replacing the IP information with whatever your 
>> internal
>>     JNOS ip address happens to be, these are from my system) :
>>
>>     ProxyPass "/jnosbbs" "http://192.168.4.201:10000"
>>     ProxyPassReverse "/jnosbbs" "http://192.168.4.201:10000"
>>
>> The #define I mentioned earlier relies on the exact jnosbbs suffix, so
>> just make sure your ip address is correct, the port is the default.
>>
>> There is a danger of running this in proxy mode, regardless of doing
>> it this way or using that perl tcp redirect proxy I mentioned before. 
>> The
>> way JNOS does it`s `callback`management is that it depends on unique
>> IP addresses to figure out which session an incoming user should be 
>> using
>> internal to JNOS. With proxy mode, the danger is if someone is already
>> connected ? any subsequent user will be greeted with and be allowed to
>> interact with that calls session, and see and affect everything going 
>> on !
>>
>> That is very dangerous. SO, if you are going to proxy to the internet,
>> then do NOT make your link public. I am trying to find a way to deal
>> with this, and making some progress, but it's not done yet. You've
>> been warned.
>>
>> But for personal use, and firewall rules, this might be very handy for
>> those that want to check their JNOS systems via web interfaces, ie:
>> on a phone or something. I'll try and figure this conflict out asap.
>>
>> Maiko / VE4KLM
>>
>>

More information about the nos-bbs mailing list