EVE-NG access over Internet – Reverse Proxy

Intro

This is a follow up post to NGINX Reverse Proxy LetsEncrypt Auto-Renew where I should you how to configure NGINX as a reverse proxy. This post details the specific configuration needed to access eve-ng over the internet using a reverse proxy. I assume you have deployed the eve-ng appliance on ESXi or another hypervisor however it will probably work with bare metal installs.

Configure NGINX

Firstly on the reverse proxy server install nodejs and npm (only a few dependencies). I am using CentOS 7 for the reverse proxy. Please note you might not have to install this but I used it to test the websocket connection.

Then install the ws program.

You can test a websocket connection with: (It will fail until you configure tomcat further down the page)

Next create a new server configuration (I assume you have a NGINX configuration as described here).

Now add the following, adjusting the IP address and server name to match your environment. Please note: The .well-known location is for LetsEncrypt to verify the subdomain.

Now save this file and restart NGINX.

Eve-ng Appliance Configuration

SSH into your EVE appliance (I have deployed the EVE-NG Ubuntu VM on ESXi).

Edit the tomcat server.xml file to allow connections to port 8080 from another host.

Find the connector section and change ‘address=”127.0.0.1″‘ to ‘address=”0.0.0.0″‘; tomcat will now listen on any address.

Save the file and exit.

I made a mistake, you don’t need to edit the apache config file. If you do then you can’t login to the web client when “html5” is selected.

Now open the apache2 vhost config file and comment out the reverse proxy section.

Restart both apache2 and tomcat8.

You should be able to access eve-ng at https://labs.example.com. Don’t forget to update the DNS server to point at the reverse proxy!

References:

NGINX: Using NGINX as a websocket proxy

Please share 🙂