Security Problem: WebGUI Zugriff aus dem Internet verhindern

  • Sorry das ich nicht auf Englisch schreibe, ist ein wenig spät :sleeping:


    Ich hab ein kleines Security Problem, wo ich gerade am grübeln bin wie ich es am besten Lösen könnten. Vielleicht hat ja jemand ein paar Tipps.
    Ich benutze meinen MicroServer mit OMV für ein wenig SelfHosting, hab unter anderen die Dienste Wordpress, PyLoad und Seafile am Laufen welche ich auch aus dem Internet aus erreichen möchte.
    Soweit alles kein Problem,
    - Nat-Forwarding eingerichtet
    - Eigenen DNS-Server eingerichtet wegen dem Nat-Loopback Problem


    So nun kann ich von der Internen wie der Externen IP über eine DynDNS-Adresse auf meine Dienste zuzugreifen.
    Nur ist durch das Nat-Fowarding von Port 80 nun natürlich auch die WebGUI von OMV über das Internet ansprechbar.


    Hab da ein wenig Bauchschmerzen bei der Sache. SSL und Zertifikat sind zwar eingerichtet, trotzdem bleibt ein bitterer Beigeschmack.


    Mein Problem ensteht dabei anscheinend dadurch, das die Websites der anderen Dienste wie Wordpress,Seafile etc als Subdomain vom OMVWebGUI installiert werden.


    Fällt jemand eine Lösung ein wie ich eventuell den Zugriff auf die WebGUI via Internet unterbinden kann, die restlichen Dienste aber durchlassen könnte?



    Segensreiche Nacht
    Gruß Sebastian


    PS: Sorry for the english readers, but it was to late to write in English. If anyone is interested on a Translation if a Solution was found i will do it

    • Offizieller Beitrag

    Did you try the openmediavault-nginx plugin? This would allow you to separate the OMV web interface from these other services.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • run the other services on a different port (=! 80) and setup portforwarding for this ports. Make sure you don't setup portforwarding for your OMV-port (80).

  • run the other services on a different port (=! 80) and setup portforwarding for this ports. Make sure you don't setup portforwarding for your OMV-port (80).


    Indeed this was the Plan, but my problem was that i used omv's nginx, so it was not possible to switch the port of wordpress without changing omv's-webgui on same time.


    ryecoaaron did the thing, i havent see the nginx plugin in the omv-extras. Today it's a little late but tomorrow i will take a try.


    Certainly I will need help because I can better deal with the CLI as with the WebGUI.


    For the prepare tomorrow it would be nice if someone can answer me some questions:
    Is the nginx plugin a seperat instance of nginx ?
    Where is it located on the System ?
    Where is the www root ?


    Thanks for your help

    • Offizieller Beitrag

    openmediavault-nginx is in the regular omv-extras repo. Did you check the second page of plugins?


    The plugin is the equivalent of virtual hosts on apache. It does not install another nginx package. You create "servers" for each host you need. You can also create php pools that can be shared or one for each server. Very flexible.


    It is located in the shared folder you pick for each "server".


    I think the answers will make more sense once you have it installed.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Hey Guys, so i currently have some time for my Problem :D
    Had to do something for my Study.


    Now I have installed the nginx Plugin , but it confused me a little bit.
    Some help would be nice. First I will explain it how I've done it so far


    I´ve downloaded the latest Seafile.gzip file and extracted it in the /var/www root.
    Installed the dependecy per CLI and configured seafile how it´s explained on the website:


    http://manual.seafile.com/depl…b_at_Non-root_domain.html
    http://manual.seafile.com/depl…y_Seafile_behind_NAT.html
    http://manual.seafile.com/deploy/deploy_with_nginx.html

    So i had to configure the nginx, this was my first Problem i´ve solved it after checking the github Page of OMV where i found the location of /etc/nginx/openmediavault-webgui.d


    So far i´ve created my own openmediavault-seafile-site.conf with following content:



    After this i was able to start and use seafile with:

    Code
    /var/www/seafile/seafile-server-latest/./seafile.sh start
    /var/www/seafile/seafile-server-latest/./seahub.sh start-fastcgi


    But with the nginx Plugin i really don't know what i have to do ^^
    I would be happy about some help


    Edit: I play arround with the openmediavault-seafile-site.conf
    The original seafile config looks like:



    So i tried to set in my openmediavault-seafile-site.conf a line with listen 80901 as a other Port. But still with no effect.


    Greetings
    Vertax

  • Hey guys,


    I am confronted with the exact same problem, but I don't know how to use the nginx plugin.
    I configured OMV with a seafile server, both SSL secured.


    Obviously I like to access seafile via the internet, but - as Vertex - , I do not want to access to WebGUI of OMV over the Internet.


    Can someone help me in this / or should I open a new thread?


    Thanks a lot.


    ... this forum was already helping me a lot, THANKS for that too ...

    OMV 5.x | Banana PI (M1) | Seafile Server
    OMV 4.x | ShuttlePC SH55J2

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!