ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XO behind proxy or exposed directly?

    Scheduled Pinned Locked Moved IT Discussion
    xenorchestraxen orchestra
    17 Posts 6 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JaredBusch @Alex Sage
      last edited by

      @aaronstuder said in XO behind proxy or exposed directly?:

      @jaredbusch said in XO behind proxy or exposed directly?:

      It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

      @JaredBusch Do you have a guide for this using Let's Encrypt?

      https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

      D 1 Reply Last reply Reply Quote 2
      • J
        JaredBusch
        last edited by JaredBusch

        That is really old though... SO meh I need new instructions.. Todayit should all be through certbot.

        1 Reply Last reply Reply Quote 0
        • D
          DustinB3403 @JaredBusch
          last edited by

          @jaredbusch said in XO behind proxy or exposed directly?:

          @aaronstuder said in XO behind proxy or exposed directly?:

          @jaredbusch said in XO behind proxy or exposed directly?:

          It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

          @JaredBusch Do you have a guide for this using Let's Encrypt?

          https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

          Would need to be converted for Debian/Ubuntu but it should work just the same.

          J 1 Reply Last reply Reply Quote 0
          • S
            scottalanmiller
            last edited by

            Another vote for a reverse proxy, in most cases.

            1 Reply Last reply Reply Quote 0
            • J
              JaredBusch @DustinB3403
              last edited by

              @dustinb3403 said in XO behind proxy or exposed directly?:

              @jaredbusch said in XO behind proxy or exposed directly?:

              @aaronstuder said in XO behind proxy or exposed directly?:

              @jaredbusch said in XO behind proxy or exposed directly?:

              It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

              @JaredBusch Do you have a guide for this using Let's Encrypt?

              https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

              Would need to be converted for Debian/Ubuntu but it should work just the same.

              Umm what?

              The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

              D 1 Reply Last reply Reply Quote 0
              • D
                dbeato
                last edited by

                Reverse proxy is my recommendation as well.

                1 Reply Last reply Reply Quote 0
                • D
                  DustinB3403 @JaredBusch
                  last edited by

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  @dustinb3403 said in XO behind proxy or exposed directly?:

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  @aaronstuder said in XO behind proxy or exposed directly?:

                  @jaredbusch said in XO behind proxy or exposed directly?:

                  It would also centralize all the SSL certs on the proxy. Everything would terminate there and hit the services behind the proxy over standard ports.

                  @JaredBusch Do you have a guide for this using Let's Encrypt?

                  https://mangolassi.it/topic/7127/setting-up-letsencrypt-on-a-centos-7-nginx-proxy

                  Would need to be converted for Debian/Ubuntu but it should work just the same.

                  Umm what?

                  The proxy should not be on the same system as XO in a case like this. It should be it's own VM.

                  Sorry completely not thinking about a RP.. only about xo

                  1 Reply Last reply Reply Quote 0
                  • B
                    bnrstnr
                    last edited by

                    Hypothetically, if XO was the only web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                    D 1 Reply Last reply Reply Quote 0
                    • B
                      bnrstnr
                      last edited by

                      If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        JaredBusch @bnrstnr
                        last edited by

                        @bnrstnr said in XO behind proxy or exposed directly?:

                        If using nginx for RP do you still need to setup the web server behind it to run https and force redirects, etc?

                        No, Nginx is a webserver.

                        Here is my old ass guide to that too: https://mangolassi.it/topic/6905/setting-up-nginx-on-centos-7-as-a-reverse-proxy

                        SO many guides to update

                        1 Reply Last reply Reply Quote 1
                        • D
                          dbeato @bnrstnr
                          last edited by

                          @bnrstnr said in XO behind proxy or exposed directly?:

                          nly web server I wanted to use, would there be any benefit at all of using a reverse proxy instead of just forwarding 443 directly to XO?

                          Still it would help for security purposes.

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post