WebUI binds to multiple interfaces (IPv4 addresses)

    • OMV 4.x
    • WebUI binds to multiple interfaces (IPv4 addresses)

      Apologies if this has been asked before, I have searched but was unable to turn up anything useful.

      I'm running a virtualised OMV instance (atop Proxmox) configured with two VirtIO NICs, idea being to use one of those interface addresses for Docker containers, the first of which will be a reverse proxy (Nginx).

      Initial tests suggest that OMV binds the WebUI to all interface IPv4 addresses, on ports 80 & 443 (the most useful of ports). How do I prevent this from occurring, is there an option to specify the interface, or if not can this be achieved within some config file? Realise that I could change the default OMV ports and use the reverse proxy, but that feels a bit ugly and perhaps unintuitive from a maintenance standpoint.

      Many thanks

      The post was edited 1 time, last by Johnny.Fiama ().

    • as i understand there are no env variables (don't expect the ui to have this also) to change the nginx configuration for the binding address.
      As for now you will have to change the file manually and avoid making changes in the ui that will undo your changes


      cc @votdev
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server

      The post was edited 1 time, last by subzero79 ().

    • There is currently no way to tweak this, you have to modify everything yourself. I think the easiest way might be to block the ports per Interface via firewall rules.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • Thank you both for your feedback - Appreciate and accept this isn't doable at present, but would like to think future OMV iterations will support the feature.

      I'll investigate the proposed firewall option, if it doesn't block the use of these ports by Docker then it is almost certainly the easiest way to achieve my goal.
    • Johnny.Fiama wrote:

      I'll investigate the proposed firewall option, if it doesn't block the use of these ports by Docker then it is almost certainly the easiest way to achieve my goal.
      Why not move the OMV web interface to a different port?
      omv 4.1.15 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      Johnny.Fiama wrote:

      I'll investigate the proposed firewall option, if it doesn't block the use of these ports by Docker then it is almost certainly the easiest way to achieve my goal.
      Why not move the OMV web interface to a different port?
      You're right, and actually this was something I mused over in my initial post.

      Reflecting on the "firewall" option - I'm not sure how that would work, since it is the binding of the OMV service that causes the problem, rather than clients being able to access the port.
    • Johnny.Fiama wrote:

      You're right, and actually this was something I mused over in my initial post.
      I missed that comment in your initial post. Do you really need the OMV web interface on port 80 or even reverse proxy to it?

      Johnny.Fiama wrote:

      Reflecting on the "firewall" option - I'm not sure how that would work, since it is the binding of the OMV service that causes the problem, rather than clients being able to access the port.
      That seems tough to do. I would avoid the firewall idea as well.
      omv 4.1.15 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.13
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • ryecoaaron wrote:

      Johnny.Fiama wrote:

      You're right, and actually this was something I mused over in my initial post.
      I missed that comment in your initial post. Do you really need the OMV web interface on port 80 or even reverse proxy to it?
      Again you're right, there is no need for the reverse proxy of port 80.

      My idea is to reverse proxy one or two http only services (eg. airsonic) and also several https services that utilise self-signed certificates (including OMV). I'll introduce a LetsEncrypt certificate and a host override on my pfSense DNS resolver to force local traffic to my Nginx instance, which if configured correctly, will serve up everything via one domain name (hope to use routes). I like the idea of this setup since it means certificate management need only happen in one place.

      Unfortunately I am not an expert with Nginx, OMV, LetEncrypt or pfSense ...this should be fun, though painfully aware that I must be careful not to expose the wrong routes/applications to the public web!