Cloudron as reverse proxy for non-Cloudron apps

oj

Cloudron admins also run other apps (e.g. Jitsi, Zammad, BlueSpice) on other non-Cloudron servers that use the subdomains of domains that exist on Cloudron. This is because these apps are not on Cloudron.

Nginx reverse proxy is an excellent tool for this multiple-server environment, creating a unified client experience and also keeps the other servers anonymous.

Since the Cloudron server's security is likely to be better than that of the other non-Cloudron servers (for an amateur Admin like me), can the Cloudron server be enabled - via a GUI - to make it easy to play this reverse proxy role for the other non-Cloudron servers?

robi

@oj While many of us handle this situation via separate CLI config files for nginx directly, once Cloudron 7.0 is released, the multi-host nature of this planned release will be a better time to address such a GUI feature.

oj

@oj said in Cloudron as reverse proxy for non-Cloudron apps:

Nginx reverse proxy is an excellent tool for this multiple-server environment, creating a unified client experience and also keeps the other servers anonymous.

https://nginxproxymanager.com/
https://github.com/jc21/nginx-proxy-manager

"I created this project to fill a personal need to provide users with a easy way to accomplish reverse proxying hosts with SSL termination and it had to be so easy that a monkey could do it."

robi

@oj nice find. This may be good as a second tier reverse proxy for a (sub)domain as it runs as an App in a container and needs a DB.

The main Cloudron Nginx would be fronting it.

oj

@girish @nebulon Is it OK to change the title of this post to "NginxProxy Manager as reverse proxy for non-Cloudron apps" and leave it here in "Discuss" or should I make a new post in "App Wishlist"? Not sure about the forum's rules of etiquette!

fbartels

I am still on the fence if an app such as nginx proxy manager would really be useful on Cloudron.

Normally these types of apps are used to expose apps from the local system or maybe a private network to the internet. And what would be local to the app is already a Cloudron app and therefore covered. And since most Cloudron installations are running on a virtual server in a datacenter there is usually no private network either, meaning that communication to other apps would be plain text unless the app is already configured for ssl. And when you can already configure the app for ssl, you don't need a reverse proxy to do that for you.

Plus: skimming through their documentation I did not see a switch to disable their lets encrypt handling.

girish

I wonder if nginxproxymanager is an app or something that we have to make sure Cloudron should integrate with? I feel it's the latter. If that's the case, let us know what is needed on the Cloudron side to make proxying work.

What I mean is: nginx proxy manager should be your "front" and Cloudron is just one of the apps it proxies to.

If there is an API, maybe we can at some point look into integrating with nginx proxy manager i.e an app installation can add entries into nginx proxy manager. Of course, this is viable only if nginx proxy manager is a supported and reasonably popular product. I remember we had similar ideas for integrating with Cloud Firewalls to open up ports automatically.