Cloudron and Apps Behind a Proxy
-
Has anyone tried to put an entire CR behind another NGinx proxy? I suspect that's a nono but wanted to check. I only get one IP address and want to route some things to CR and some things to "Other" stuff.
-
@doodlemania2 isn't that the typical home setup, where in this case the proxy is the home router?
-
@doodlemania2 You can just proxy_pass (https), it should work fine. I think if you have the programmatic DNS then Cloudron can gets certs with DNS automation with no problem as well (otherwise, you will have to somehow auto-magically redirect .well-known stuff required for LE).
I recall this post - https://forum.cloudron.io/topic/2094/reverse-proxy-infront-of-cloudron-gives-me-to-many-redirects . Maybe @smilebasti has a config.
-
@robi In a home setup, the home-router acts as a NAT, not a proxy. It's totally different, as it acts at level 3/4 of the network stack, not level 7
-
@mehdi yes, but it's still a node where a transition happens with a similar config that points to CL the domains it hosts.
-
@girish That seems like a good idea. I was thinking of doing this:
Internet -> 1. NGinix Proxy Manager -> Cloudron
2. NGinix Proxy Manager -> Other thingWhere:
- Proxy host apps.mydomain.net (my cloudron) which has DNS set to public IP address.
- Proxy host blah.mydomain.net (my other thing) which has DNS set to public IP address.
Looks a bit like this:
My Cloudron DNS is set up as Wildcard so that's happy. But I don't think I can have a cert in the proxy AND on the Cloudron resolving to same thing?
-
@doodlemania2 may have to copy the cert over manually..
-
@doodlemania2 said in Cloudron and Apps Behind a Proxy:
But I don't think I can have a cert in the proxy AND on the Cloudron resolving to same thing?
What do you mean by this? Cert doesn't resolve to anything (or did you mean DNS? even then I am not sure what you are asking...)
But you are on the right path! For Cloudron, choose https proxying.
-
@doodlemania2 I think you should just use traefik (or another reverse-proxy that handles Let'sEncrypt stuff by itself), and just disable certs on Cloudron's side. You don't really care about the encryption between the Reverse-Proxy and cloudron, if there are self-signed certs, it shouldn't be an issue (as long as the reverse-proxy is configured to accept it)