I'm a new user and I would like to switch to OMV 5 + Docker.
I also would like to use a reverse proxy (nginx or traefik) + Let's Encrypt in order to add a SSL layer for OMV + Docker.
I have some questions :
- Is it possible to use a reverse proxy ? I think yes, but is it possible to add OMV behind this reverse proxy in order to use SSL or is it better to access directly to OMV ?
- Is it possible to use SSL with OMV and Docker simultaneously, and what is it the best way to get certificates ?
- Overall, what is the best way to access OMV + Docker container with SSL certificates from Lets Encrypt ?
Thank you !
1. Yes it is possible - and IMO accessing OMV web over SSL is a requirement (at the very least to avoid OMV credentials in the clear over your network) - the other protocols used by OMV aren't addressed by the proxy but that is another can of worms entirely
2. Yes, it is possible - I run Traefik in docker that is running on the OMV host - Traefik manages the wildcard SSL cert for my domain and proxies requests to all apps running in docker or elsewhere on my network (incl OMV and Cockpit web UIs)
3. "Best" will always be a debate - Traefik in docker is GREAT when all apps are in docker, but becomes more of a pain when you want to use it for docker and non-docker apps (omv, cockpit for instance), but it is doable, and is what I've chosen to use.
The main challenge with running a containerized proxy are:
1. docker containers can't access applications running on the host (workaround is proxying to the docker gateway ip or `host.docker.internal`)
2. an http/s proxy usually needs to bind to 443 (and probably 80, among potentially many others), so anything running on the host needs to be bound to ports that don't conflict with the proxy (omv web ui for instance) - workaround is changing anything running on the host to NOT use port 80, 443, or anything else that should be proxied