Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What type of proxy do I need?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What type of proxy do I need?

I've got an Online.net server that is running BigBlueButton (www.bigbluebutton.org) in a Proxmox VM with its own IP address. Reading through the FAQ at BBB, they don't guarantee any sort of security on their app and putting a SSL certificate to run it over https is pretty difficult since it runs over many different ports.

So I was thinking of creating a second proxy type of server in the same data center that people can log into securely that redirects all the traffic to/from the BigBlueButton server. I can manage getting the BigBlueButton server to only accept traffic from this second server via IP tables so I got that covered. But what I'm looking for is how to make this second proxy server.

My requirements are that the user is connected to it securely somehow (either via a VPN, Shadowsocks, or SSL certificate) and that all the data and ports to this second server is encrypted. I'm less concerned with encrypting the traffic between the BBB server and the second server. The second thing I would like is a zero install for the client or at least something very simple like a Shadowsocks app which can be run directly.

Any ideas of what I should be Googling for? I've tried some searches but there seem to be SO many options but none of them seem to fit.

Thanks!

Comments

  • @Jack said:
    A big one.

    Wow...that was super useful and super funny! You made my day!

    :-(

  • Based on my minimal experience, I'd suggest using SSL AND(or) making everyone connect through a specific VPN and restricting BBB server access to the VPN server's IP (like how universities have their systems set up so that students can only access online university resources when connected from campus or through the university VPN).

  • ZEROFZEROF Member
    edited October 2014

    If you are looking, what we call 2nd level security just get one small vps or make one with proxmox and add one more IP, install open vpn and explain people how to connect. On your server (1) side just set rules about allowed ip, any config will do the job. And SSL is good for your login pages, other static pages don't need to be encrypted. But take care to get SSL for your openvpn ip, not point 1 server.

    If you want ssl on server (1)(but i don't see use of it), use self signed ssl with openssl, and show people how to allow connection from their browser. Not best solution, but will do the job. I don't know with how many students/people you want to deal.

    You can add some other rules like time for login: 8am to 7pm etc ...

  • @ZEROF said:
    If you are looking, what we call 2nd level security just get one small vps or make one with proxmox and add one more IP, install open vpn and explain people how to connect.

    I'm hoping to avoid VPN clients like openvpn that require installation. Any portable vpn clients out there that would do the job? STunnel or shadowsocks maybe?

Sign In or Register to comment.