This is the last part of my farmOS setup, and I can’t make it work.
I’ve tried with nginx and traefik but no success.
I need HTTPS mainly for api access.
FarmOS is running in docker on a laptop.
One dev stack and one production stack.
I also have a Yunohost server (barebone)
It’s running with HTTPS and Let’s encrypt preconfigured.
I can add apps, and connect them to a domain, and they get HTTPS.
I can also install a custom app in Yunohost, and point it to a farmos-docker. That way I can have HTTPS on farmos externally. But not locally.
Port 80 and 443 are pointed to the Yunohost server.
I guess this creates a challenge to use Lets’Encrypt.
I could live with a selfsigned cert. But Let’sEncrypt would be best.
Appreciate some (general) feedback on this.
Is it tehnically possible to let the Yunohost server do the job?
How is the most basic nginx setup done?
If you want to keep farmOS hosted on that laptop, but use the Yunohost machine as your HTTPS reverse proxy (I’m assuming it can do so), you might be able to use reverse port forwarding.
I don’t know anything about Yunohost but if it’s a Linux machine you control running sshd, it should be possible…
I wrote a blog post about doing something similar - Local-fir (Make sure to actually read it since I describe some necessary configuration for the remote host’s sshd daemon.)
The configuration would be slightly different though since you’d be forwarding a localhost-only port on the laptop to a localhost-only port on the yunohost machine, then using the (presumed) reverse proxy capabilities of yunohost to serve farmOS via HTTPS.
autossh-forward-proxy-farmos-to-yunohost:
image: jnovack/autossh:2.0.0-rc4
environment:
# Secret sauce - tells ssh to do reverse port forwarding
- SSH_MODE=-R
# User to ssh as on yunohost machine
- SSH_REMOTE_USER=root
# Ip/(sshd)port of yunohost machine
- SSH_REMOTE_HOST=123.123.123.123
- SSH_REMOTE_PORT=22
# On the yunohost machine bind to localhost since the reverse proxy there will be the only
# thing directly connecting to it
- SSH_BIND_IP=localhost
# Pick a free port
- SSH_TUNNEL_PORT=19080
# On the laptop farmOS should be listening on localhost and a free port
- SSH_TARGET_HOST=localhost
- SSH_TARGET_PORT=1080
restart: always
privileged: true
network_mode: "host"
volumes:
# A private key that has passwordless ssh permissions as SSH_REMOTE_USER (see above)
- ./cumulus.privkey:/id_rsa
EDIT: Oh right, you can ignore the “Networking Setup” part of that blog post since you wouldn’t be trying to automatically make the traffic go to two different machines depending on which network you’re on.
@Symbioquine Yunohost is an open source barebone hosting service running on debian. I have it well working with ssh
I did manage to reach my farmOS externally with HTTPS but I doubt oauth would work then. Think I need it locally too.
Your example might be filling the last part there.
@Farmer-Ed I’ve done cloudflare tunnel but I had alot of “Bad Gateway”, and a rather bad experience.
I have something to work on now.
I’ll update on my progress
