SSL passthrough to another VM when hosting at home
-
I have my Cloudron hosted at home with it being the target of 80/443. I want to also host things outside of Cloudron, but I've had issues with SSL and some other things. For example, I was able to install Zulip, which uses certbot to get a cert on install. When I try to go to the setup URL that zulip generates, it tells me the certificate is invalid (it's the cloudron cert rather than the zulip cert) and throws a 500 error.
Has anyone got examples for how to do full HTTP(s) passthrough with Cloudron? I sort of got it working for other things, but not 100% with something like the following (which currently sort of works with my Synology, but file uploading is broken). I would love to figure out exactly what to put when other apps use their own SSL and what to do when I do want the SSL to terminate on the Cloudron for apps that don't support getting their own certs (like radarr or sonarr)
server { server_name syno.mydomain.com; location / { proxy_pass http://192.168.1.222:5000; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } -
I have my Cloudron hosted at home with it being the target of 80/443. I want to also host things outside of Cloudron, but I've had issues with SSL and some other things. For example, I was able to install Zulip, which uses certbot to get a cert on install. When I try to go to the setup URL that zulip generates, it tells me the certificate is invalid (it's the cloudron cert rather than the zulip cert) and throws a 500 error.
Has anyone got examples for how to do full HTTP(s) passthrough with Cloudron? I sort of got it working for other things, but not 100% with something like the following (which currently sort of works with my Synology, but file uploading is broken). I would love to figure out exactly what to put when other apps use their own SSL and what to do when I do want the SSL to terminate on the Cloudron for apps that don't support getting their own certs (like radarr or sonarr)
server { server_name syno.mydomain.com; location / { proxy_pass http://192.168.1.222:5000; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }@ianhyzy there is currently no built-in support for those extra reverserproxy configs and they will eventually be purged or cause other side-effects after Cloudron updates, as we think of :owning" the nginx configs fully. Mainly because this limits the potential edge-cases we have to test for.
So far we would recommend creating a custom Cloudron app package for those apps, so they can be managed properly, however I understand this is a lot more work. Not sure if in the future we could provide some structured way, also via the dashboard, to manage such proxy pass routes.
-
@ianhyzy there is currently no built-in support for those extra reverserproxy configs and they will eventually be purged or cause other side-effects after Cloudron updates, as we think of :owning" the nginx configs fully. Mainly because this limits the potential edge-cases we have to test for.
So far we would recommend creating a custom Cloudron app package for those apps, so they can be managed properly, however I understand this is a lot more work. Not sure if in the future we could provide some structured way, also via the dashboard, to manage such proxy pass routes.
