Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

This is an old revision of the document!


How to use Hiawatha as a reverse proxy server for Synchronet

Synchronet 3.16c and prior versions do not support SSL connections. Synchronet CVS subsequent to 3.16c have an implementation of SSL, but you may either have problems with it working correctly or you may simply with to use Hiawatha's implementation of SSL. Hiawatha also has several other security features which can be useful for increasing security for Synchronet's webserver.

Installation of Hiawatha

Hiawatha is available for Windows, Mac OSX, and many different Linux distributions. Check your operating system's package repositories or visit Hiawatha's download page at https://www.hiawatha-webserver.org/download

General setup of Hiawatha is beyond the scope of this tutorial, but you will find some helpful information at the following pages.

https://www.hiawatha-webserver.org/support https://wiki.archlinux.org/index.php/Hiawatha

Minimal Hiawatha Configuration to use as a reverse proxy server

The default location for the Hiawatha configuration file may differ on your system, but for our example we will refer to /etc/hiawatha/hiawatha.conf.

open /etc/hiawatha/hiawatha.conf as root and scroll toward the bottom of the file. You'll see a commented out example section with the heading “VIRTUAL HOSTS”. Create a section similar to the one below.

VirtualHost {
        Hostname = stardate.synchro.net
        WebsiteRoot = /home/sbbs/sbbs/web/root
        StartFile = index.ssjs
        ReverseProxy .* http://127.0.0.1:81/
        RequireTLS = yes
}

1. Hostname: Assume your BBS's name is The Star Date BBS, and your URL is stardate.synchro.net. You'll place this on the first line. 2. WebsiteRoot: The next line is the root directory of Synchronet's webserver. Change this to /sbbs/web/root, /opt/sbbs/web/root or whatever the location is on your system. 3. StartFile: This is the name of the default page to load when someone accesses your web page. 4. ReverseProxy: This tells Hiawatha to redirect the traffic it receives to this IP address and port. This will be the same IP address and port you will configure your Synchronet webserver to listen to. This could be another IP address such as 192.168.0.100 if this is the Synchronet webserver's IP address. This could be necessary if Hiawatha is running on a different machine that the Synchronet webserver. However, 127.0.0.1 is more secure. If you do have to use the machine's LAN IP address, make sure you're using iptables or some other firewall to ensure that the Synchronet webserver cannot be accessed directly from the internet thus circumventing your proxy server. 5. RequireTLS: This line is completely optional, but you can enable this if you want to force SSL/TLS connections to your website. This requires that an SSL certificate be properly installed and configured with Hiawatha.

Synchronet webserver configuration

Edit your sbbs.ini file:

Example:

nano /home/sbbs/sbbs/ctrl/sbbs.ini

Look for the Web heading:

[Web]   Web (HTTP) Server
        AutoStart=true
        Interface=127.0.0.1
        Port=81
        TLSInterface=127.0.0.1
        TLSPort=444

In the default configuration, Interface and TLSInterface are blank. Change the value to match the IP address specified in Hiawatha's ReverseProxy line. Again, if Hiawatha and Synchronet are running on the same machine, the loopback interface (127.0.0.1) is the most secure, but you may need to use the IP address of the machine running the Synchronet web server if they are on different machines.

In the default configuration, the default HTTP port is 80, and the default HTTPS port is 443. In our example, we are setting the default HTTP port to 81 because Hiawatha will be listening on port 80. We want to set Synchronet to listen on a different port. The port number isn't that important, but it should match the port that Hiawatha is proxying traffic to, and it should be a port that no other service is bound to.

In our example, we are setting the HTTPS port for Synchronet's web server to 444 so that it will not conflict with Hiawatha which will be listening for incoming connections on port 443.

See Also