XO behind proxy or exposed directly?
-
@aaronstuder said in XO behind proxy or exposed directly?:
@jaredbusch said in XO behind proxy or exposed directly?:
It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.
@JaredBusch Do you have a guide for this using Let's Encrypt?
https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy
-
That is really old though... SO meh I need new instructions.. Todayit should all be through certbot.
-
@jaredbusch said in XO behind proxy or exposed directly?:
@aaronstuder said in XO behind proxy or exposed directly?:
@jaredbusch said in XO behind proxy or exposed directly?:
It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.
@JaredBusch Do you have a guide for this using Let's Encrypt?
https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy
Would need to be converted for Debian/Ubuntu but it should work just the same.
-
Another vote for a reverse proxy, in most cases.
-
@dustinb3403 said in XO behind proxy or exposed directly?:
@jaredbusch said in XO behind proxy or exposed directly?:
@aaronstuder said in XO behind proxy or exposed directly?:
@jaredbusch said in XO behind proxy or exposed directly?:
It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.
@JaredBusch Do you have a guide for this using Let's Encrypt?
https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy
Would need to be converted for Debian/Ubuntu but it should work just the same.
Umm what?
The proxy should not be on the same system as XO in a case like this. It should be it's own VM.
-
Reverse proxy is my recommendation as well.
-
@jaredbusch said in XO behind proxy or exposed directly?:
@dustinb3403 said in XO behind proxy or exposed directly?:
@jaredbusch said in XO behind proxy or exposed directly?:
@aaronstuder said in XO behind proxy or exposed directly?:
@jaredbusch said in XO behind proxy or exposed directly?:
It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.
@JaredBusch Do you have a guide for this using Let's Encrypt?
https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy
Would need to be converted for Debian/Ubuntu but it should work just the same.
Umm what?
The proxy should not be on the same system as XO in a case like this. It should be it's own VM.
Sorry completely not thinking about a RP.. only about xo
-
Hypothetically, if XO was the only web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?
-
If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?
-
@bnrstnr said in XO behind proxy or exposed directly?:
If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?
No, Nginx is a webserver.
Here is my old ass guide to that too: https://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy
SO many guides to update
-
@bnrstnr said in XO behind proxy or exposed directly?:
nly web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?
Still it would help for security purposes.