SSL passthrough to another VM when hosting at home
-
I have my Cloudron hosted at home with it being the target of 80/443. I want to also host things outside of Cloudron, but I've had issues with SSL and some other things. For example, I was able to install Zulip, which uses certbot to get a cert on install. When I try to go to the setup URL that zulip generates, it tells me the certificate is invalid (it's the cloudron cert rather than the zulip cert) and throws a 500 error.
Has anyone got examples for how to do full HTTP(s) passthrough with Cloudron? I sort of got it working for other things, but not 100% with something like the following (which currently sort of works with my Synology, but file uploading is broken). I would love to figure out exactly what to put when other apps use their own SSL and what to do when I do want the SSL to terminate on the Cloudron for apps that don't support getting their own certs (like radarr or sonarr)
server { server_name syno.mydomain.com; location / { proxy_pass http://192.168.1.222:5000; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } -
I have my Cloudron hosted at home with it being the target of 80/443. I want to also host things outside of Cloudron, but I've had issues with SSL and some other things. For example, I was able to install Zulip, which uses certbot to get a cert on install. When I try to go to the setup URL that zulip generates, it tells me the certificate is invalid (it's the cloudron cert rather than the zulip cert) and throws a 500 error.
Has anyone got examples for how to do full HTTP(s) passthrough with Cloudron? I sort of got it working for other things, but not 100% with something like the following (which currently sort of works with my Synology, but file uploading is broken). I would love to figure out exactly what to put when other apps use their own SSL and what to do when I do want the SSL to terminate on the Cloudron for apps that don't support getting their own certs (like radarr or sonarr)
server { server_name syno.mydomain.com; location / { proxy_pass http://192.168.1.222:5000; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }@ianhyzy there is currently no built-in support for those extra reverserproxy configs and they will eventually be purged or cause other side-effects after Cloudron updates, as we think of :owning" the nginx configs fully. Mainly because this limits the potential edge-cases we have to test for.
So far we would recommend creating a custom Cloudron app package for those apps, so they can be managed properly, however I understand this is a lot more work. Not sure if in the future we could provide some structured way, also via the dashboard, to manage such proxy pass routes.
-
@ianhyzy there is currently no built-in support for those extra reverserproxy configs and they will eventually be purged or cause other side-effects after Cloudron updates, as we think of :owning" the nginx configs fully. Mainly because this limits the potential edge-cases we have to test for.
So far we would recommend creating a custom Cloudron app package for those apps, so they can be managed properly, however I understand this is a lot more work. Not sure if in the future we could provide some structured way, also via the dashboard, to manage such proxy pass routes.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login