ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XO behind proxy or exposed directly?

    Scheduled Pinned Locked Moved IT Discussion
    xenorchestraxen orchestra
    17 Posts 6 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403
      last edited by

      My inclining would be to use HTTPS rather than reverse proxy, but don't take that to mean anything.

      To the next point, I would also host this in vultr or some such place and let it live there.

      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch @DustinB3403
        last edited by JaredBusch

        @dustinb3403 said in XO behind proxy or exposed directly?:

        My inclining would be to use HTTPS rather than reverse proxy, but don't take that to mean anything.

        That would be stupid as it would negate using any other services on port 443 for his home lab.

        A proxy is the better answer because it will allow him to use whatever other services he wants on his lab without having to use random port numbers for everytthing.

        1 Reply Last reply Reply Quote 1
        • JaredBuschJ
          JaredBusch
          last edited by

          It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

          A 1 Reply Last reply Reply Quote 1
          • A
            Alex Sage @JaredBusch
            last edited by

            @jaredbusch said in XO behind proxy or exposed directly?:

            It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

            @JaredBusch Do you have a guide for this using Let's Encrypt?

            JaredBuschJ 1 Reply Last reply Reply Quote 1
            • JaredBuschJ
              JaredBusch @Alex Sage
              last edited by

              @aaronstuder said in XO behind proxy or exposed directly?:

              @jaredbusch said in XO behind proxy or exposed directly?:

              It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

              @JaredBusch Do you have a guide for this using Let's Encrypt?

              https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

              DustinB3403D 1 Reply Last reply Reply Quote 2
              • JaredBuschJ
                JaredBusch
                last edited by JaredBusch

                That is really old though... SO meh I need new instructions.. Todayit should all be through certbot.

                1 Reply Last reply Reply Quote 0
                • DustinB3403D
                  DustinB3403 @JaredBusch
                  last edited by

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  @aaronstuder said in XO behind proxy or exposed directly?:

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                  @JaredBusch Do you have a guide for this using Let's Encrypt?

                  https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                  Would need to be converted for Debian/Ubuntu but it should work just the same.

                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    Another vote for a reverse proxy, in most cases.

                    1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @DustinB3403
                      last edited by

                      @dustinb3403 said in XO behind proxy or exposed directly?:

                      @jaredbusch said in XO behind proxy or exposed directly?:

                      @aaronstuder said in XO behind proxy or exposed directly?:

                      @jaredbusch said in XO behind proxy or exposed directly?:

                      It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                      @JaredBusch Do you have a guide for this using Let's Encrypt?

                      https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                      Would need to be converted for Debian/Ubuntu but it should work just the same.

                      Umm what?

                      The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

                      DustinB3403D 1 Reply Last reply Reply Quote 0
                      • dbeatoD
                        dbeato
                        last edited by

                        Reverse proxy is my recommendation as well.

                        1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403 @JaredBusch
                          last edited by

                          @jaredbusch said in XO behind proxy or exposed directly?:

                          @dustinb3403 said in XO behind proxy or exposed directly?:

                          @jaredbusch said in XO behind proxy or exposed directly?:

                          @aaronstuder said in XO behind proxy or exposed directly?:

                          @jaredbusch said in XO behind proxy or exposed directly?:

                          It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                          @JaredBusch Do you have a guide for this using Let's Encrypt?

                          https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                          Would need to be converted for Debian/Ubuntu but it should work just the same.

                          Umm what?

                          The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

                          Sorry completely not thinking about a RP.. only about xo

                          1 Reply Last reply Reply Quote 0
                          • B
                            bnrstnr
                            last edited by

                            Hypothetically, if XO was the only web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                            dbeatoD 1 Reply Last reply Reply Quote 0
                            • B
                              bnrstnr
                              last edited by

                              If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                              JaredBuschJ 1 Reply Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @bnrstnr
                                last edited by

                                @bnrstnr said in XO behind proxy or exposed directly?:

                                If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                                No, Nginx is a webserver.

                                Here is my old ass guide to that too: https://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy

                                SO many guides to update

                                1 Reply Last reply Reply Quote 1
                                • dbeatoD
                                  dbeato @bnrstnr
                                  last edited by

                                  @bnrstnr said in XO behind proxy or exposed directly?:

                                  nly web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                                  Still it would help for security purposes.

                                  1 Reply Last reply Reply Quote 0
                                  • 1 / 1
                                  • First post
                                    Last post