I run a computer club at my school. I am looking to have a TL server at home, and access the server from the school computers (we are NOT admins) using the web access (port 300). I tried reverse proxying port 300 using Fossorial Pangolin, but was not able to access the server (aka it said redirection failed). How do i do this, optimally without using port forwarding (it is OK because i trust my students enough to let know the city i live in but it’d be better not to use it for load and security reasons)?
After having read through what you have sent me, i still do not understand how to put ThinLinc behind a remote proxy (specifically Pangolin because it uses a webui to configure “resources”)
Thanks. The documentation does focus on Nginx, but it should be possible to get things working with other reverse proxies too. It’s difficult for us to provide exact guidance on each one, however the general principle should be the same.
On the ThinLinc side, you should make sure you’ve set:
/webaccess/login_page to be the public-facing URL of your proxy server
/vsmagent/agent_hostname on each agent to be the hostname of the agent
/webaccess/trusted_proxies to contain the IP address of your proxy server
You would then have to adapt the Nginx configuration in the documentation for Pangolin (or use Nginx instead). Notably, you need to make sure that the path /connect/<agent_hostname>/ is handled by your proxy server.
I realise this is quite involved for smaller installations but hopefully this gets you on the right path.
I’m not familiar with Pangolin, but it does appear to support raw TCP/UDP streams (at least from 1.0.0-beta.9).
Are you running ThinLinc on a single machine, i.e. master and agent on the same server? If so, I think you should be able to get away with just forwarding port 300 on your router, and not bother with the reverse proxy.
It is the same machine.
On Pangolin, it actually seems to just give me Traefik config files instead of applying them.
Also, that means i won’t need to forward any more ports? In this case, why didn’t it work when i used Pangolin to forward HTTP port 300 and configured the thing in the TL admin interface?
I’m not sure what you mean w.r.t traefik config files?
What thing did you configure in ThinLinc Web Admin?
If you’re not going to use our reverse proxy feature:
Port-forwarding port 300 is not enough, you still need to set agent_hostname. After logging in, Web Access will redirect to the agent using what’s specified in agent_hostname (even if the agent and master are on the same machine), this is the critical step. If I correctly understand what you’re trying to achieve, I believe you should set agent_hostname to the IP or hostname of your router.
Unfortunately we’re not experts on Pangolin/Traefik/Caddy so probably won’t be much help there. You’d have to reach out via the relevant channels.
Probably the easiest way forward here - assuming you only have the ThinLinc server installed on one machine behind the router - is to not bother with a reverse proxy, and just forward port 300 instead. This should work, provided you set agent_hostname correctly. If it doesn’t, please provide a detailed description of the error you’re getting and we’ll try to help.
but hopefully this gets you on the right path.