Reverse Proxy Best Practice -- Jail - VM - Separate Box

Simon Mackenzie · Sep 5, 2018

What are the pros and cons for setting up a reverse proxy in either a Jail, VM or separate box to service a number of sub domains in separate Jails and VM's?
Eg.

nextcloud.domain.world
moodle.domain.world
blog.domain.world
coppermine.domain.world

Etc. all serviced through a reverse proxy.

Would it be reasonable to use a jail for the reverse proxy?
Or should I use a VM?
Or is it just good practice to use a separate box setup for the reverse proxy?

Thanks in advance for your help.

adrianwi · Sep 5, 2018

I've got jail configured as a reverse proxy which also generates and auto renews the SSL certificates. It's redirecting to several other jails for Nextcloud, emby, WordPress, Home Assistant, and Calibre and a few docker containers in an Ubuntu VM.

Jailer · Sep 5, 2018

adrianwi said:
I've got jail configured as a reverse proxy which also generates and auto renews the SSL certificates. It's redirecting to several other jails for Nextcloud, emby, WordPress, Home Assistant, and Calibre and a few docker containers in an Ubuntu VM.

Same here, works great for me.

Simon Mackenzie · Sep 7, 2018

So is it the case that running a reverse proxy in a jail is not going to be any significantly less secure on the WAN side than running a reverse proxy on a separate box to service subdomains residing in other jails and VMs?

ByteNick · Apr 14, 2019

adrianwi said:
I've got jail configured as a reverse proxy which also generates and auto renews the SSL certificates. It's redirecting to several other jails for Nextcloud, emby, WordPress, Home Assistant, and Calibre and a few docker containers in an Ubuntu VM.

I have that as well, but I cannot make hassio.mydomain.com to work.
I installed Hass.io in a VM in FreeNAS 11.2-U3 running Ubuntu Server 18.04.
Any ideea how and what I should configure?
Please note that the rest (cloud.mydomain.com, plex.mydomain.com etc.) works.

adrianwi · Apr 15, 2019

Not sure, but if you're just running the Ubuntu VM for Hass.io have you considered running it in a jail?

There is a great guide here for getting it up and running using iocage.

ByteNick · Apr 16, 2019

adrianwi said:
Not sure, but if you're just running the Ubuntu VM for Hass.io have you considered running it in a jail?

There is a great guide here for getting it up and running using iocage.

Hass.io in a jail?
I do not think it is possible.

danb35 · Apr 16, 2019

https://www.ixsystems.com/community...ode-red-mosquitto-amazon-dash-tasmoadmin.102/ would appear to disagree with you.

ByteNick · Apr 17, 2019

danb35 said:
https://www.ixsystems.com/community...ode-red-mosquitto-amazon-dash-tasmoadmin.102/ would appear to disagree with you.

Hass.io and Home Assistant are NOT exactly the same thing.

sretalla · Apr 17, 2019

ByteNick said:
Hass.io and Home Assistant are NOT exactly the same thing.

danb35 said:
https://www.ixsystems.com/community...ode-red-mosquitto-amazon-dash-tasmoadmin.102/ would appear to disagree with you.

Just to clarify there... hass.io implies that you can run docker as all the add-ons (and indeed the home assistant main instance) are run on docker in that flavor of Home Assistant.

That option is very useful and worth having, but sadly, due to the docker requirement, not available in a jail as we all know.

ByteNick · Apr 18, 2019

Check this out:
https://github.com/jc21/nginx-proxy-manager

Looks very, very sexy...

Important Announcement for the TrueNAS Community.

Reverse Proxy Best Practice -- Jail - VM - Separate Box

Reverse Proxy Best Practice -- Jail - VM - Separate Box

FreeNAS Jail

FreeNAS VM

Separate Box

Simon Mackenzie

Dabbler

adrianwi

Guru

Jailer

Not strong, but bad

Simon Mackenzie

Dabbler

ByteNick

Explorer

adrianwi

Guru

ByteNick

Explorer

danb35

Hall of Famer

ByteNick

Explorer

sretalla

Powered by Neutrality

ByteNick

Explorer

Similar threads