[for developer] suggestion about reverse proxy of plugin

1. offizieller Beitrag

    there are some plugins using reverse proxy function of omv
    this can be done by putting configuration file in `/etc/nginx/openmediavault-webgui.d`
    but some of plugins dosen't use reverse proxy and just link application's listen address
    (for example deluge, transmission, emby)
    some plugins use both approach. (sickbeard, sabnzbd..)


    when plugin dosen't use reverse proxy,
    it is not intergrated omv's ssl encryption. so someone can sniff your connection
    it is also easy to configure ssl with omv-letsencrypt
    you don't need to setup applications to use ssl


    so it is good practice to change to use reverse proxy
    but I'm afraid there are unseen pitfall
    any idea or critic about this suggestion?

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

    Einmal editiert, zuletzt von luxflow ()

    • Offizieller Beitrag

    Plenty of people want reverse proxies. The only pitfall I can see is not being able to forward a port from the router to just that service.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    I don't use SSL much. I connect to my LAN via VPN. Once connected I use HTTP. If you use SSL there would be 2x encryption. A few plugins force SSL (e.g. shellinabox). It is hard to develop plugins that please everyone's preferences.

    Hi,

    Zitat von luxflow

    there are some plugins using reverse proxy function of omv
    this can be done by putting configuration file in `/etc/nginx/openmediavault-webgui.d`

    Seems not to be the "reverse proxy" function, but "virtual hosting" - don't mix that up.


    Reverse proxiing occur's on a router or in case of OMV (NAS) morely as load balancer / firewall component.
    Boarders may be fluent, since VM'ing comes in handy ;)


    The question is: what do you want to achieve?


    Sc0rp

    Zitat von Sc0rp

    Seems not to be the "reverse proxy" function, but "virtual hosting" - don't mix that up.

    I'm saying it with nginx context.
    IMHO, Virtualhost is server block in nginx
    and configuration files in `/etc/nginx/openmediavault-webgui.d` are included by `/etc/nginx/sites-available/openmediavault-webgui` which is one single virtualhost
    so I call them using reverse proxy function (actually calling it reverse proxy function is somewhat awkward but I cannot find approriate term for this)
    (reference are here and here)


    anyway,
    what I want to is, since many omv plugins use different approach, and they are not unified,
    changing them all to use reverse proxy
    or
    making a guideline when to use reverse proxy, when to use application own webserver
    but I'm not unsure how others developer think about it


    but it seems


    Zitat von tekkb

    It is hard to develop plugins that please everyone's preferences.

    as tekkb said

    OMV3 on Proxmox
    Intel E3-1245 v5 | 32GB ECC RAM | 4x3TB RAID10 HDD
    omv-zfs | omv-nginx | omv-letsencrypt | omv-openvpn
    Click link for more details

    Einmal editiert, zuletzt von luxflow ()

    Gefällt mir 1
    • Offizieller Beitrag

    Quite a few of those plugins are on my list to not maintain anymore. So, you can change them to whatever you want :)

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    Re,


    just for clear that out:

    Zitat von luxflow

    IMHO, Virtualhost is server block in nginx

    Not only!
    As for apache too, configuration can be splittet in various ways, but this is only virtual hosting, since it is related to the same machine, which is running the (same) webserver. So all related config files (whereever they hang arround) which are concatinated (symlinked) to /etc/<webserver>/sites.available are at first virtual hosts (or parts of that).


    Reverse proxiing comes in, when you use the "proxy_pass" directive which refers to a 3rd party/host (that can be a VM, but even a second webserver(process) too). So you can hide other webservers behind the omv-webgui-nginx-instance.


    The main problem is, that OMV have to catch all the coding-aproaches from other people into one nginx-instance - that's very hard till impossible.


    Sc0rp

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden