Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Cloudron and Apps Behind a Proxy

    Support
    reverseproxy
    4
    14
    115
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • doodlemania2
      doodlemania2 App Dev last edited by girish

      Has anyone tried to put an entire CR behind another NGinx proxy? I suspect that's a nono but wanted to check. I only get one IP address and want to route some things to CR and some things to "Other" stuff.

      robi girish 2 Replies Last reply Reply Quote 0
      • robi
        robi @doodlemania2 last edited by

        @doodlemania2 isn't that the typical home setup, where in this case the proxy is the home router?

        mehdi 1 Reply Last reply Reply Quote 0
        • girish
          girish Staff @doodlemania2 last edited by

          @doodlemania2 You can just proxy_pass (https), it should work fine. I think if you have the programmatic DNS then Cloudron can gets certs with DNS automation with no problem as well (otherwise, you will have to somehow auto-magically redirect .well-known stuff required for LE).

          I recall this post - https://forum.cloudron.io/topic/2094/reverse-proxy-infront-of-cloudron-gives-me-to-many-redirects . Maybe @smilebasti has a config.

          doodlemania2 1 Reply Last reply Reply Quote 0
          • mehdi
            mehdi App Dev @robi last edited by

            @robi In a home setup, the home-router acts as a NAT, not a proxy. It's totally different, as it acts at level 3/4 of the network stack, not level 7

            robi 1 Reply Last reply Reply Quote 0
            • robi
              robi @mehdi last edited by

              @mehdi yes, but it's still a node where a transition happens with a similar config that points to CL the domains it hosts.

              1 Reply Last reply Reply Quote 0
              • doodlemania2
                doodlemania2 App Dev @girish last edited by doodlemania2

                @girish That seems like a good idea. I was thinking of doing this:

                Internet -> 1. NGinix Proxy Manager -> Cloudron
                2. NGinix Proxy Manager -> Other thing

                Where:

                1. Proxy host apps.mydomain.net (my cloudron) which has DNS set to public IP address.
                2. Proxy host blah.mydomain.net (my other thing) which has DNS set to public IP address.

                Looks a bit like this:
                4dd19714-1874-41d1-b527-edea98a525ea-image.png

                My Cloudron DNS is set up as Wildcard so that's happy. But I don't think I can have a cert in the proxy AND on the Cloudron resolving to same thing?

                robi girish mehdi 3 Replies Last reply Reply Quote 0
                • robi
                  robi @doodlemania2 last edited by

                  @doodlemania2 may have to copy the cert over manually..

                  1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @doodlemania2 last edited by

                    @doodlemania2 said in Cloudron and Apps Behind a Proxy:

                    But I don't think I can have a cert in the proxy AND on the Cloudron resolving to same thing?

                    What do you mean by this? Cert doesn't resolve to anything (or did you mean DNS? even then I am not sure what you are asking...)

                    But you are on the right path! For Cloudron, choose https proxying.

                    1 Reply Last reply Reply Quote 0
                    • mehdi
                      mehdi App Dev @doodlemania2 last edited by

                      @doodlemania2 I think you should just use traefik (or another reverse-proxy that handles Let'sEncrypt stuff by itself), and just disable certs on Cloudron's side. You don't really care about the encryption between the Reverse-Proxy and cloudron, if there are self-signed certs, it shouldn't be an issue (as long as the reverse-proxy is configured to accept it)

                      doodlemania2 1 Reply Last reply Reply Quote 0
                      • doodlemania2
                        doodlemania2 App Dev @mehdi last edited by

                        @mehdi this is kind of like that, just with a pretty GUI. https://github.com/jc21/nginx-proxy-manager?utm_source=nginx-proxy-manager

                        Haven't gotten it to work with CR yet, but I'm getting close!

                        doodlemania2 1 Reply Last reply Reply Quote 2
                        • doodlemania2
                          doodlemania2 App Dev @doodlemania2 last edited by

                          have tried pretty much everything i can think of but can't seem to get cloudron to NOT try to do SSL. it's not that big of a deal, just something I was trying to figure out for fun.

                          girish 1 Reply Last reply Reply Quote 0
                          • girish
                            girish Staff @doodlemania2 last edited by

                            @doodlemania2 said in Cloudron and Apps Behind a Proxy:

                            but can't seem to get cloudron to NOT try to do SSL

                            Cloudron will always do TLS. Have your just tried configuring reverse proxy to do TLS? Atleast in nginx, this is doable. See https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/#complete-example

                            doodlemania2 1 Reply Last reply Reply Quote 0
                            • doodlemania2
                              doodlemania2 App Dev @girish last edited by

                              @girish this is likely just me not knowing how nginx works:
                              b0149683-057f-4568-a486-df75e7c59e1f-image.png
                              Was hoping crtest.altdomain would pass to existing my.apps.primarydomain and it would "just work" but I got the "You've found a cloudron in the wild"

                              That was somewhat expected cause the CR doesn't know about crtest.altdomain. Was kind of hoping NGinx would have done that translation for me by keeping the destination as the 'URL' that I wanted.

                              I suppose I could create a crtest.altdomain in CR and things would magically just start working, but I'd have to assign the altdomain names to each of my apps, I think??

                              girish 1 Reply Last reply Reply Quote 0
                              • girish
                                girish Staff @doodlemania2 last edited by

                                @doodlemania2 As a first step, you can try this to understand how it might work:

                                curl -k -H 'Host: app.domain.com' https://<cloudron-server-ip>

                                To explain the above, first we try to reach the cloudron server by IP via https. In your case, (if I understood your setup), this IP will be the intranet cloudron server IP (and not the public one). Next, the Host header helps (cloudron) nginx decide which vhost/app the request is meant for. Finally, the -k is needed because curl will not be able to match the server cert because we are accessing by IP but the cert will be whatever the host header was set to.

                                If the above works, you just have to make it work in the above UI:

                                • Make sure destination is https://ip
                                • I am guessing the Host header is automatically set
                                • You have to accept the cert.
                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post