1

I seem to have trouble trying to run a particular server application locally in a VirtualBox VM from my Ubuntu host (that will eventually be deployed offsite which is why I’m testing with a VM) — providing the ability of the host to go to a web browser and go to https://localhost/ to get to the server's web portal.

(Host Ubuntu 18.04, guest CentOS 7 with NAT + port forwarding in VirtualBox for SSH port 2200 -> 22 and web content on port 443 -> 443)

SSH works fine via this port forward from 2200 -> guest 22 so I know there isn't an issue outside the NAT port forwarding config.

The problem appears to be that port 443 being passed through as the same from VirtualBox > Network > port forwarding.

I believe the system is not allowing me to forward to a 'low port number' 443 being the case. Like any port below 1024 or something cannot be assigned correctly I need a way to override this but workarounds so far have not succeeded.

I did succeed at simply forwarding to a higher port number on the host (e.g. 4430 instead of 443) - I was able to get the server portal page to pop up on my host web browser. But then trying to navigate to a different page in the web portal, each time it navigates to a new URL it 'undoes' the higher port assignment and the server instructs the client to again use 443, and thus it fails.

Still looking at workarounds such as authbind and setcap but my initial attempts at both those by assigning to VirtualBox specifically (/usr/bin/virtualbox) have not succeeded as of yet.

FYI, I cannot currently make changes to the server-side software (can only take its output on 443 and somehow map it onto my host and be able to use a web browser to access it).

Improve this question
3
  • 3
    Linux does not allow you to bind to ports lower then 1024 unless you are root. Thats probably the cause of your issue.
    – davidgo
    Commented Apr 19, 2019 at 5:49
  • 1
    Which is important because VirtualBox "NAT" (and corresponding port-forwarding) isn't done at the kernel level like in routers, but by the VirtualBox app itself.
    – grawity_u1686
    Commented Apr 19, 2019 at 6:12
  • @user1686 kernal has nothing to do with it. The distinction is unprivileged user vs privileged (root or CAP_NET_BIND_SERVICE).
    – ctrl-alt-delor
    Commented Dec 17, 2022 at 16:23

1 Answer 1

Reset to default
1

I set up an Apache2 proxy daemon on my host machine which proxies traffic on port :443 to :4430 with SSL enabled (needed to talk to SSL server running on locally running VirtualBox VM (CentOS server)

The trick was that the VM server wanted https over that port and most online answers only handle HTTP with no SSL authentication. The below approach accounts for SSL in the Apache2 proxy!

VirtualBox Network Config

Make sure you have this in VirtualBox config > Network > NAT > Port forwarding:

Protocol TCP
Host IP 127.0.0.1
Host Port 4430
Guest IP 10.0.2.15
Guest Port 443

So with the VM listening to host on 4430, the challenge is now to allow browser requests to localhost:443 on the host get proxied to --> VM :4430. (also vice-versa)

This means we need a mechanism to proxy and reverse proxy from host <-> guest VM on these ports!

This is usually not that hard for http (most workarounds on SO cite this usecase), but https adds SSL prickly complexity, which after trying several different potential workarounds (authbind, nginx, ssh tunnel, etc.) I settled in on setting up a proxy via Apache2 on my host machine...

Apache2 Install

Begin by installing Apache2

sudo apt install apache2

Enable needed Apache2 plugins:

a2enmod proxy_http proxy ssl

Set up SSL cert stuff

Ran openssl as follows. It generated SSL cert (all defaults, just kept hitting enter for each prompt):

mkdir -p ~/certs && cd ~/certs
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt

Create Apache2 proxy server config

Now that the certificate files exist, create a new site in apache2 by creating and editing this file:

/etc/apache2/sites-enabled/001-myserverproxy.conf

Contents:

<VirtualHost *:443>


    #DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # CUSTOM STUFF NEEDED FOR SSL PROXY
    SSLEngine On
    SSLProxyEngine on
    SSLProxyCheckPeerCN off

    # this needs to be off because cert does not match server name
    SSLProxyCheckPeerName off

    # MAKE SURE THE CERTS ARE GENERATED AND AT THE CORRECT PATH
    SSLCertificateFile /home/myuser/certs/mysitename.crt
    SSLCertificateKeyFile /home/myuser/certs/mysitename.key
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / https://localhost:4430/
    ProxyPassReverse / https://localhost:4430/


</VirtualHost>


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Now make sure Apache2 daemon service can run and restart it!

sudo systemctl restart apache2

Now go to browser on host machine and you should be able to browse the VM server from localhost normally!

Improve this answer
1
  • 1
    I hear that you can just use sudo su - ; VirtualBox and run VB as root, but I was spooked by doing this as I didn't want to give root access to my VM
    – adowdy
    Commented Apr 21, 2019 at 21:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .