Reverse proxy
- JayBlingham
- Posts: 98
- Joined: 04 Oct 2020, 10:34
Re: Reverse proxy
There is a Reverse Proxy in Beta from TM. Has anyone had a chance to look at/play with it yet?
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
-
- Posts: 74
- Joined: 04 Feb 2020, 05:00
Re: Reverse proxy
I tinkered with it for a few minutes but couldn't figure out how to get it up and running. I'm a newb with proxy configs, so maybe I missed something, but it doesn't seem to be fully functional yet.JayBlingham wrote: ↑19 Nov 2020, 05:47 There is a Reverse Proxy in Beta from TM. Has anyone had a chance to look at/play with it yet?
- JayBlingham
- Posts: 98
- Joined: 04 Oct 2020, 10:34
Re: Reverse proxy
Thanks. I'm not super familiar with them either, but plan to give it a go soon. I'll post back if I make any progress. Hoping someone that knows what they're doing gives it a try, and posts some feedback for TM to help improve it.sports_wook wrote: ↑19 Nov 2020, 08:07 I tinkered with it for a few minutes but couldn't figure out how to get it up and running. I'm a newb with proxy configs, so maybe I missed something, but it doesn't seem to be fully functional yet.
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
-
- Posts: 74
- Joined: 04 Feb 2020, 05:00
Re: Reverse proxy
Thanks. I'm not super familiar with them either, but plan to give it a go soon. I'll post back if I make any progress. Hoping someone that knows what they're doing gives it a try, and posts some feedback for TM to help improve it.
[/quote]
I haven't had any luck finding a way to get this to work at all. How about you, Jay? Any progress?
Would great if we could get some documentation from TM, a guide, or anything helpful besides just silently dumping a "beta" app on the store that is not easy to figure out.
[/quote]
I haven't had any luck finding a way to get this to work at all. How about you, Jay? Any progress?
Would great if we could get some documentation from TM, a guide, or anything helpful besides just silently dumping a "beta" app on the store that is not easy to figure out.
- JayBlingham
- Posts: 98
- Joined: 04 Oct 2020, 10:34
Re: Reverse proxy
Unfortunately no. I haven't had any time to play with this lately. At first glance into the interface, it doesn't seem overly intuitive. The important bit seems to be the "Access" section, but this is confusing because, firstly, it contains pre-populated allow entries that you cannot edit which makes no sense. Why do I want allow statements for networks that I don't even have locally? Also, why 4.4.4.4? Beyond that, it's a mystery to me. I may not know enough about ProxyServers, which could be part of the problem. I just know (back when I was looking into this) that there was a requirement for one to deploy a specific password management tool (whose name I can't remember) in a container. I'll have to find the time to refresh myself on that research, and see if this actually contains the right functionality.sports_wook wrote: ↑11 Dec 2020, 21:54 I haven't had any luck finding a way to get this to work at all. How about you, Jay? Any progress?
Would great if we could get some documentation from TM, a guide, or anything helpful besides just silently dumping a "beta" app on the store that is not easy to figure out.
Jay
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
---------------------------------------
F5-221, 5.0.171-00221
---------------------------------------
- brokenmass
- Posts: 6
- Joined: 11 Sep 2020, 17:28
Re: Reverse proxy
The beta proxy application in the app store is not a "reverse proxy". It's just an implementation of a proxy server.
Re: Reverse proxy
I can't get this to work on my TNAS - I don't think the ARM architecture is supported,harveydobson wrote: ↑19 Nov 2020, 04:18 This should be achievable through https://nginxproxymanager.com/.
I have it setup on my TNAS. Including the Let's Encrypt issued SSL certs.
I'f I'm wrong, please point me in the correct direction.
Another vote for having this as an application please.
Re: Reverse proxy
I've dropped you a PM to see if you can share some basic setup examples, but I think others would benefit from posting it on here.brokenmass wrote: ↑17 Sep 2020, 23:06 At the moment I'm providing this functionality running Traefik (a simple reverse proxy) in docker.
I get Let's encrypt certificate by using a domain hosted in godaddy (so that Lego can use dns01 challenge) and by having a wildcard entry in my dns records in the form of *.mydomain.com -> 192.128.0.2 (static ip of the nas router). Then I can just edit a file configuration to add a new route in the shape of serviceA.mydomain.com -> localhost:service-port and Traefik creates the certificate and instantiate the reverse proxy route.
Thanks in advance.
Re: Reverse proxy
I was talking rubbish.StephenM wrote: ↑13 Jan 2021, 07:55I can't get this to work on my TNAS - I don't think the ARM architecture is supported,harveydobson wrote: ↑19 Nov 2020, 04:18 This should be achievable through https://nginxproxymanager.com/.
I have it setup on my TNAS. Including the Let's Encrypt issued SSL certs.
I'f I'm wrong, please point me in the correct direction.
Another vote for having this as an application please.
I can get nginx proxy manager working - just not with nextcloud.
- brokenmass
- Posts: 6
- Joined: 11 Sep 2020, 17:28
Re: Reverse proxy
@StephenM and to whoever might be interested in my setup.
Docker config:
Install docker extension, open it, search for "traefik" click on the first entry and then click "Download"
Select the "Image" tab , click on the "traefik" image and click "Launch"
Configure it as following:
In the last tab, "Environment", configure all the environment variables required for your DNS provider (See: https://go-acme.github.io/lego/dns/). do not touch the PATH value.
Traefik Configuration
Create a folder named 'traefik' in your main disk 'appdata' folder:
acme.json: this is an autogenerated file and contains the private and public key created by traefik using letsencrypt. do not create or edit this file.
traefik.yml: this file contains the main traefik configuration
services.yml: the services configuration. replace "mydomain.com" with your base domain and service1/2/X with the actual services you want to route.
Final step:
Restart Traefik container from the docker panel.
If the container crashes imemdiatly after start, ensure that you have disabled the autoredirection (see viewtopic.php?f=12&t=825#p4017).
Docker config:
Install docker extension, open it, search for "traefik" click on the first entry and then click "Download"
Select the "Image" tab , click on the "traefik" image and click "Launch"
Configure it as following:
In the last tab, "Environment", configure all the environment variables required for your DNS provider (See: https://go-acme.github.io/lego/dns/). do not touch the PATH value.
Traefik Configuration
Create a folder named 'traefik' in your main disk 'appdata' folder:
acme.json: this is an autogenerated file and contains the private and public key created by traefik using letsencrypt. do not create or edit this file.
traefik.yml: this file contains the main traefik configuration
Code: Select all
log:
level: DEBUG
# enable traefik web dashboard
api:
dashboard: true
# configure letsecrypt certificate resolver.
certificatesResolvers:
myresolver:
acme:
email: <your email address>
storage: /etc/traefik/acme.json
dnsChallenge:
provider: <your dns challenge provider> # see https://go-acme.github.io/lego/dns/ for a list of providers
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
# instruct traefik to look at the 'static' file services.yml for the services configuration and enable watch mode so that you can edit the file directly from the terramaster text editor and traefik will update the configuration
providers:
file:
filename: /etc/traefik/services.yml
watch: true
# configure traefik to listen on port 80 and 443 and force redirection from http to https
entryPoints:
web:
# redirect all http traffic to https for security
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
Code: Select all
http:
routers:
# example: configure https://traefik.mydomain.com to traefik dashboard
api:
entryPoints:
- "web"
- "websecure"
rule: "Host(`traefik.mydomain.com`)"
service: "api@internal" # special internal traefik service
tls:
certResolver: "myresolver"
# example: configure https://nas.mydomain.com to point to terramaster nas web interface
nas:
entryPoints:
- "web"
- "websecure"
rule: "Host(`nas.mydomain.com`)"
service: "nas" # service "nas" must be defined in the services section later in the file
tls:
certResolver: "myresolver"
service1:
entryPoints:
- "web"
- "websecure"
rule: "Host(`service1.mydomain.com`)"
service: "service1" # service "service1" must be defined in the services section later in the file
tls:
certResolver: "myresolver"
service2:
entryPoints:
- "web"
- "websecure"
rule: "Host(`service2.mydomain.com`)"
service: "service2" # service "service2" must be defined in the services section later in the file
tls:
certResolver: "myresolver"
services:
nas:
loadBalancer:
servers:
- url: "http://localhost:8181"
service1:
loadBalancer:
servers:
- url: "http://<server ip address>:<service1 port>"
service2:
loadBalancer:
servers:
- url: "http://<server ip address>:<service2 port>"
Restart Traefik container from the docker panel.
If the container crashes imemdiatly after start, ensure that you have disabled the autoredirection (see viewtopic.php?f=12&t=825#p4017).