Sharing folders/files over internet

    • OMV 4.x
    • justtim wrote:

      I have moved my OMV admin panel port to a different port than 80/443, but I can't figure out how to replace the port numbers with an URL like:

      mysite.com/downloads instead of mysite.com:8080/downloads
      mysite.com/admin instead of mysite.com:12345

      This is my nginx configfile for the downloads site:

      Source Code

      1. server {
      2. listen 8080 ssl;
      3. listen [::]:8080 ssl;
      4. ssl_certificate /etc/ssl/certs/openmediavault-***.crt;
      5. ssl_certificate_key /etc/ssl/private/openmediavault-***.key;
      6. access_log /var/log/nginx/***-access.log;
      7. error_log /var/log/nginx/***-error.log;
      8. location /downloads {
      9. rewrite ^/downloads(.*) /$1 break;
      10. proxy_pass https://127.0.0.1:8080/;
      11. auth_basic "Restricted Access";
      12. auth_basic_user_file /etc/nginx/.htpasswd;
      13. alias /sharedfolders/downloads;
      14. autoindex_exact_size off;
      15. autoindex_localtime on;
      16. autoindex on;
      17. }
      18. large_client_header_buffers 4 8k;
      19. }
      Display All
      Would you mind having a look and telling me what I am doing wrong?

      "download" should listen on 80 for http or 443 if it has to be https. Change 8080 to 443 and / or 80.

      Then you will have mysite.com/download without having to enter the port.
      As for the second case, it is not possible. Because you operate on ports that are not default for the protocol and can not be automatically done.

      If you really want to have mysite.com/admin then you have to keep it on 80/443 as an additional server blocks/virtual host.
      Or create an "admin" symlink in /home/user/public_html/ pointing to /var/www/openmediavault/

      Maybe it will work ...
      I'm not an expert. I'm just a tourist here.

      - ODROID-HC1 (Samsung Exynos5422, 2GB LPDDR3 RAM, Gigabit Ethernet)
      - Sandisk Ultra 16GB A1 "SDSQUAR-016G-GN6" (btrfs)
      - Samsung SpinPoint M8 1TB (ext4)
      - OMV 4.1.11 / ARMBIAN 5.60 + Kernel 4.14.69
    • Mr.Grape wrote:

      "download" should listen on 80 for http or 443 if it has to be https. Change 8080 to 443 and / or 80.

      Then you will have mysite.com/download without having to enter the port.
      As for the second case, it is not possible. Because you operate on ports that are not default for the protocol and can not be automatically done.

      If you really want to have mysite.com/admin then you have to keep it on 80/443 as an additional server blocks/virtual host.
      Or create an "admin" symlink in /home/user/public_html/ pointing to /var/www/openmediavault/

      Maybe it will work ...
      Thanks again for your reply. I'll look into the options.
    • justtim wrote:

      Thanks again for your reply. I'll look into the options.
      Good luck.


      If I was in your shoes, I would add two domains, one for masses, the other for omv.
      For masses on 443. 80 for omv. On the firewall, pass 443 for masses. On the firewall, pass 80 traffic for lan and block all the rest. If you have your own domain, it's good. If you do not have one, buy or use free. Add the appropriate A records on the dns server. You can also move dns to lan. Or simply use HOSTS files on all lan machines. Use SSL only for masses. For omv locally, this is not so important unless you have a zone that threatens you.
      The end result will be https your-domain.com where you will add /download, /porn etc. And http omv.your-domain.com where you have adm gui.
      Set your server to 192.168.0.10 and see if you are able to use this url wan-to-justtim192-168-0-10lan-mr-grape.8w4.ovh
      This is just an example that even using dns outside lan you can add a subdomain for your local address. It can also be achieved in other ways that I have already mentioned above.
      No need for strange ports. Nice and clean. Separation per domain and per port. With the right policy on the firewall.

      This is my five cets ...
      I'm not an expert. I'm just a tourist here.

      - ODROID-HC1 (Samsung Exynos5422, 2GB LPDDR3 RAM, Gigabit Ethernet)
      - Sandisk Ultra 16GB A1 "SDSQUAR-016G-GN6" (btrfs)
      - Samsung SpinPoint M8 1TB (ext4)
      - OMV 4.1.11 / ARMBIAN 5.60 + Kernel 4.14.69

      The post was edited 2 times, last by Mr.Grape: Url fix ().

    • Thanks @Mr.Grape, In the end, I decided to have my "sharing portal" on 443, and the OMV admin portal just accessible internally on 444. Whenever I want to use the admin portal, I set up a VPN connection.
      This reduces the attack surface which is most important for me.

      I still need to look into hardening the "sharing portal", possibly by setting up fail2ban. That is going to be the next project :)
    • justtim wrote:

      Thanks @Mr.Grape, In the end, I decided to have my "sharing portal" on 443, and the OMV admin portal just accessible internally on 444. Whenever I want to use the admin portal, I set up a VPN connection.
      This reduces the attack surface which is most important for me.

      I still need to look into hardening the "sharing portal", possibly by setting up fail2ban. That is going to be the next project :)

      fail2ban is ok.

      I had it in a few places. And in many others not. Generally, it does not make a bigger difference for me. if something is exposed to wan, by definition it should be tight by itself because otherwise it is patching the hole with the help of chewing gum. ;)

      In a perfect world, you could create a firewall policy based only on specific IP addresses of your users. Well, unless it has to be absolutely for everyone.
      I'm not an expert. I'm just a tourist here.

      - ODROID-HC1 (Samsung Exynos5422, 2GB LPDDR3 RAM, Gigabit Ethernet)
      - Sandisk Ultra 16GB A1 "SDSQUAR-016G-GN6" (btrfs)
      - Samsung SpinPoint M8 1TB (ext4)
      - OMV 4.1.11 / ARMBIAN 5.60 + Kernel 4.14.69
    • Users Online 1

      1 Guest