Tag Archives: development

Nginx as an automatic reverse proxy

Nginx is a nice piece of software, an elegant webserver keeping things simple (although it has given me some headaches). On this case I'll show you how to setup a reverse proxy for any hostname on your internal/external network. A practical use case for this, could be the following
[PC] <-VPN-> [ VPN TERMINATION POINT ]     <-->[HOST A.INTRANET.LOCAL]
                                                                                                               <-->[HOST B.INTRANET.LOCAL]
                                                                                                               <-->[HOST C.INTRANET.LOCAL]
Lets say we are working remotely and had a VPN connection that is able to access a single linux box (VPN termination point), but we need to navigate to other hosts on the internal network i.e: A.INTRANET.LOCAL The solution to this problem is simple, but we need to make some assumptions:
  • The intranet has an internal DNS server capable of resolving INTRANET.LOCAL subdomains.
  • The websites we want to access are all accessible via hostname.
All we need to do is install nginx. On Ubuntu/Debian is as simple as:
$ sudo apt-get install nginx
Then put the following inside the /etc/nginx/sites-enabled/default file:  
server {
listen   80;
server_name  localhost;
access_log  /tmp/nginx.access.log;
 
location / {
resolver 10.47.4.109;
proxy_pass $scheme://$host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
  Lets explain the tricky parts a little bit:
  • resolver 10.0.0.2: This is necessary as nginx does not use the standard dns resolution method (a.k.a resolv.conf) so we need to configure a dns server. On this case 10.0.0.2 is the intranet dns server.
  • proxy_pass $scheme://$host: This is simple, it redirects all incoming requests, to the same hosts it was originally intended to. The special variable $scheme contains the protcol (http, https) and the $host variable the hostname.
  • proxy_set_header Host $host: This sets the Host header on the requests, necessary to process a virtualhost directive on any webserver listening on that hostname. proxy_set_header X-Forwarded-For $remote_addr: This attachs the original remote address to the request.
Note: This configuration, as it is, it will work only for websites listening on port 80, you may have to adjust the listen port to accomdate to other requirements.
WARNING:  One has to be very carefull implementing this solution, as the nginx configuration will act as a proxy for *any* host on the internet. You need to make sure that is not exposed to the outside world and be aware that anyone knowing the ip address inside the intranet will be able to use it, so you are encourage to take securiy measures

True statements about agile software development management

Today in Hacker news I've seen one of the best posts about software development management, which summarizes almost all of the don'ts and burdens that all of us have to deal with at some points of our careers.

This is it: Coconut Headphones: Why Agile Has Failed

I like Scrum, I think that when correctly used is a powerful tool to help a team do their best effort in producing high-quality software. But I also think that having a ScrumMaster whose only programming experience were some Java homework from College and a few lines of VisualBasic is a waste of time for everybody.

The post reminded me of the boss I had before joining Devecoop. He strongly believed in the GitHub model: everyone should be allowed to code a feature the best way they think. However, I saw it in practice and it lead to a poor architecture mostly because of the lack of design leadership.

I believe that a minimal -and mostly technical- leadership must exist in every team, to ensure that the voice of the best and most experienced programmers is seriously taken into account -and thus, defining the architecture and other important things- but, at the same time, everybody can have opinions.

Now I have to go back to coding. I will elaborate on that last approach soon, stay tuned!