ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XO behind proxy or exposed directly?

    IT Discussion
    xenorchestra xen orchestra
    6
    17
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bnrstnr
      last edited by

      I’ve recently switched my home lab back to XS/XO because, well, KVM just wasn’t working out like I wanted it to.

      I want to access XO over the web, among other websites in my home lab. Would it be best to setup an NGINX proxy for this or expose XO directly to the web?

      There is a guide in the XO documentation on setting up https... but I’m feeling like this is best handled via reverse proxy.
      https://xen-orchestra.com/docs/configuration.html#https

      1 Reply Last reply Reply Quote 1
      • A
        Alex Sage
        last edited by

        Reserve Proxy - NGINX

        1 Reply Last reply Reply Quote 1
        • D
          DustinB3403
          last edited by

          My inclining would be to use HTTPS rather than reverse proxy, but don't take that to mean anything.

          To the next point, I would also host this in vultr or some such place and let it live there.

          J 1 Reply Last reply Reply Quote 0
          • J
            JaredBusch @DustinB3403
            last edited by JaredBusch

            @dustinb3403 said in XO behind proxy or exposed directly?:

            My inclining would be to use HTTPS rather than reverse proxy, but don't take that to mean anything.

            That would be stupid as it would negate using any other services on port 443 for his home lab.

            A proxy is the better answer because it will allow him to use whatever other services he wants on his lab without having to use random port numbers for everytthing.

            1 Reply Last reply Reply Quote 1
            • J
              JaredBusch
              last edited by

              It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

              A 1 Reply Last reply Reply Quote 1
              • A
                Alex Sage @JaredBusch
                last edited by

                @jaredbusch said in XO behind proxy or exposed directly?:

                It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                @JaredBusch Do you have a guide for this using Let's Encrypt?

                J 1 Reply Last reply Reply Quote 1
                • J
                  JaredBusch @Alex Sage
                  last edited by

                  @aaronstuder said in XO behind proxy or exposed directly?:

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                  @JaredBusch Do you have a guide for this using Let's Encrypt?

                  https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                  D 1 Reply Last reply Reply Quote 2
                  • J
                    JaredBusch
                    last edited by JaredBusch

                    That is really old though... SO meh I need new instructions.. Todayit should all be through certbot.

                    1 Reply Last reply Reply Quote 0
                    • D
                      DustinB3403 @JaredBusch
                      last edited by

                      @jaredbusch said in XO behind proxy or exposed directly?:

                      @aaronstuder said in XO behind proxy or exposed directly?:

                      @jaredbusch said in XO behind proxy or exposed directly?:

                      It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                      @JaredBusch Do you have a guide for this using Let's Encrypt?

                      https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                      Would need to be converted for Debian/Ubuntu but it should work just the same.

                      J 1 Reply Last reply Reply Quote 0
                      • S
                        scottalanmiller
                        last edited by

                        Another vote for a reverse proxy, in most cases.

                        1 Reply Last reply Reply Quote 0
                        • J
                          JaredBusch @DustinB3403
                          last edited by

                          @dustinb3403 said in XO behind proxy or exposed directly?:

                          @jaredbusch said in XO behind proxy or exposed directly?:

                          @aaronstuder said in XO behind proxy or exposed directly?:

                          @jaredbusch said in XO behind proxy or exposed directly?:

                          It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                          @JaredBusch Do you have a guide for this using Let's Encrypt?

                          https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                          Would need to be converted for Debian/Ubuntu but it should work just the same.

                          Umm what?

                          The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            dbeato
                            last edited by

                            Reverse proxy is my recommendation as well.

                            1 Reply Last reply Reply Quote 0
                            • D
                              DustinB3403 @JaredBusch
                              last edited by

                              @jaredbusch said in XO behind proxy or exposed directly?:

                              @dustinb3403 said in XO behind proxy or exposed directly?:

                              @jaredbusch said in XO behind proxy or exposed directly?:

                              @aaronstuder said in XO behind proxy or exposed directly?:

                              @jaredbusch said in XO behind proxy or exposed directly?:

                              It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                              @JaredBusch Do you have a guide for this using Let's Encrypt?

                              https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                              Would need to be converted for Debian/Ubuntu but it should work just the same.

                              Umm what?

                              The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

                              Sorry completely not thinking about a RP.. only about xo

                              1 Reply Last reply Reply Quote 0
                              • B
                                bnrstnr
                                last edited by

                                Hypothetically, if XO was the only web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                                D 1 Reply Last reply Reply Quote 0
                                • B
                                  bnrstnr
                                  last edited by

                                  If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                                  J 1 Reply Last reply Reply Quote 0
                                  • J
                                    JaredBusch @bnrstnr
                                    last edited by

                                    @bnrstnr said in XO behind proxy or exposed directly?:

                                    If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                                    No, Nginx is a webserver.

                                    Here is my old ass guide to that too: https://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy

                                    SO many guides to update

                                    1 Reply Last reply Reply Quote 1
                                    • D
                                      dbeato @bnrstnr
                                      last edited by

                                      @bnrstnr said in XO behind proxy or exposed directly?:

                                      nly web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                                      Still it would help for security purposes.

                                      1 Reply Last reply Reply Quote 0
                                      • 1 / 1
                                      • First post
                                        Last post