OMV 5, Docker and Reverse Proxy

1. offizieller Beitrag

    Hi,

    I'm a new user and I would like to switch to OMV 5 + Docker.

    I also would like to use a reverse proxy (nginx or traefik) + Let's Encrypt in order to add a SSL layer for OMV + Docker.

    I have some questions :

    - Is it possible to use a reverse proxy ? I think yes, but is it possible to add OMV behind this reverse proxy in order to use SSL or is it better to access directly to OMV ?

    - Is it possible to use SSL with OMV and Docker simultaneously, and what is it the best way to get certificates ?

    - Overall, what is the best way to access OMV + Docker container with SSL certificates from Lets Encrypt ?

    Thank you !

    1. Yes it is possible - and IMO accessing OMV web over SSL is a requirement (at the very least to avoid OMV credentials in the clear over your network) - the other protocols used by OMV aren't addressed by the proxy but that is another can of worms entirely

    2. Yes, it is possible - I run Traefik in docker that is running on the OMV host - Traefik manages the wildcard SSL cert for my domain and proxies requests to all apps running in docker or elsewhere on my network (incl OMV and Cockpit web UIs)

    3. "Best" will always be a debate - Traefik in docker is GREAT when all apps are in docker, but becomes more of a pain when you want to use it for docker and non-docker apps (omv, cockpit for instance), but it is doable, and is what I've chosen to use.


    The main challenge with running a containerized proxy are:

    1. docker containers can't access applications running on the host (workaround is proxying to the docker gateway ip or `host.docker.internal`)

    2. an http/s proxy usually needs to bind to 443 (and probably 80, among potentially many others), so anything running on the host needs to be bound to ports that don't conflict with the proxy (omv web ui for instance) - workaround is changing anything running on the host to NOT use port 80, 443, or anything else that should be proxied

    • Offizieller Beitrag
    Zitat von prplhaz4

    2. an http/s proxy usually needs to bind to 443 (and probably 80, among potentially many others), so anything running on the host needs to be bound to ports that don't conflict with the proxy (omv web ui for instance) - workaround is changing anything running on the host to NOT use port 80, 443, or anything else that should be proxied

    Or you make use of macvlan. Than you can define a different IP to the docker.

    interesting topic/discussion...

    due to history since I had an Haproxy proxy installed on on a dedicated box before I installed OMV5 on a new server with a lot of dockers in it....,

    I prefer to stick to this configuration.


    This keep the all reverse proxy topic very simple and highly configurable

    (just my 2 cents....:))

    Zitat von sabamimi

    nteresting topic/discussion...

    due to history since I had an Haproxy proxy installed on on a dedicated box before I installed OMV5 on a new server with a lot of dockers in it....,

    I prefer to stick to this configuration.


    This keep the all reverse proxy topic very simple and highly configurable

    (just my 2 cents.... :) )

    Great idea. I am currently looking into setting up either traefik v.2 of NGINX (linuxserver/swag), and while I haven't decided on one yet, I'm wondering how they would run on a 4gig RPi4 as it would make a much cleaner setup?.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden