ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XO behind proxy or exposed directly?

    Scheduled Pinned Locked Moved IT Discussion
    xenorchestraxen orchestra
    17 Posts 6 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by

      It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

      A 1 Reply Last reply Reply Quote 1
      • A
        Alex Sage @JaredBusch
        last edited by

        @jaredbusch said in XO behind proxy or exposed directly?:

        It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

        @JaredBusch Do you have a guide for this using Let's Encrypt?

        JaredBuschJ 1 Reply Last reply Reply Quote 1
        • JaredBuschJ
          JaredBusch @Alex Sage
          last edited by

          @aaronstuder said in XO behind proxy or exposed directly?:

          @jaredbusch said in XO behind proxy or exposed directly?:

          It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

          @JaredBusch Do you have a guide for this using Let's Encrypt?

          https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

          DustinB3403D 1 Reply Last reply Reply Quote 2
          • JaredBuschJ
            JaredBusch
            last edited by JaredBusch

            That is really old though... SO meh I need new instructions.. Todayit should all be through certbot.

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403 @JaredBusch
              last edited by

              @jaredbusch said in XO behind proxy or exposed directly?:

              @aaronstuder said in XO behind proxy or exposed directly?:

              @jaredbusch said in XO behind proxy or exposed directly?:

              It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

              @JaredBusch Do you have a guide for this using Let's Encrypt?

              https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

              Would need to be converted for Debian/Ubuntu but it should work just the same.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Another vote for a reverse proxy, in most cases.

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @DustinB3403
                  last edited by

                  @dustinb3403 said in XO behind proxy or exposed directly?:

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  @aaronstuder said in XO behind proxy or exposed directly?:

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                  @JaredBusch Do you have a guide for this using Let's Encrypt?

                  https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                  Would need to be converted for Debian/Ubuntu but it should work just the same.

                  Umm what?

                  The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

                  DustinB3403D 1 Reply Last reply Reply Quote 0
                  • dbeatoD
                    dbeato
                    last edited by

                    Reverse proxy is my recommendation as well.

                    1 Reply Last reply Reply Quote 0
                    • DustinB3403D
                      DustinB3403 @JaredBusch
                      last edited by

                      @jaredbusch said in XO behind proxy or exposed directly?:

                      @dustinb3403 said in XO behind proxy or exposed directly?:

                      @jaredbusch said in XO behind proxy or exposed directly?:

                      @aaronstuder said in XO behind proxy or exposed directly?:

                      @jaredbusch said in XO behind proxy or exposed directly?:

                      It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                      @JaredBusch Do you have a guide for this using Let's Encrypt?

                      https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                      Would need to be converted for Debian/Ubuntu but it should work just the same.

                      Umm what?

                      The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

                      Sorry completely not thinking about a RP.. only about xo

                      1 Reply Last reply Reply Quote 0
                      • B
                        bnrstnr
                        last edited by

                        Hypothetically, if XO was the only web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                        dbeatoD 1 Reply Last reply Reply Quote 0
                        • B
                          bnrstnr
                          last edited by

                          If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @bnrstnr
                            last edited by

                            @bnrstnr said in XO behind proxy or exposed directly?:

                            If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                            No, Nginx is a webserver.

                            Here is my old ass guide to that too: https://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy

                            SO many guides to update

                            1 Reply Last reply Reply Quote 1
                            • dbeatoD
                              dbeato @bnrstnr
                              last edited by

                              @bnrstnr said in XO behind proxy or exposed directly?:

                              nly web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                              Still it would help for security purposes.

                              1 Reply Last reply Reply Quote 0
                              • 1 / 1
                              • First post
                                Last post