I have a second Yunohost server to test applications (a Raspberry PI - fair enough for testing) before installing them on the main Yunohost server (a Banana Pi - much performant).
Right now, the test Yunohost server is in my local network, with a local domain (declared in the hosts file of my PC). It works fine at home.
Is it possible to have this second Yunohost server accessible from the web? For that, I can create a subdomain at my registrar. I can also open a port on my box (French Freebox), say port 444 and forward it on the second Yunohost server on port 443. And re-install Yunohost with a domain set to subdomain.domain.fr:444? Would this work? What other settings to do?
That’s the real problem of self-hosting and IPv4 shortage. Your ISP gave you only one IPv4 reacheable from Internet. Unfortunately you couldn’t get many servers using the same ports because of uncity issues. We hope IPv6, which will resolved that problem, will coming soon.
If your two different yunohosts instances are intended to hosts different applications, you should run them on two different machine. To do so, you must install first a webserver (apache, nginx, hiawatha…) on one of these (or on a third) machine in order to act as a reverse proxy, which redirect web requests to the right yunohost machine following the given subdomain for example. I do so to access my yunohost box, which is in fact a LXC container running alongside other containers for different service accessible through one IP.
Thanks for the idea of the reverse proxy. I have 2 Yunohost servers. The main server is on (e.g) https://domain.com and I want the second server to be on https://dev.domain.com. Is it possible to configure nginx on the main server to forward the requests for https://dev.domain.com to the second server ? … Of course, I defined the CNAME on my DNS zone.
Further I would tweak the configuration you are using to be a bit more predictable.
Move the ssl_certificate into the server block to ensure it is only used by that specific server and not all servers on your box
Overwrite the host header to whatever domain you configured on your 2nd Yunohost server, so it is independent of what domain you are actually using to connect.
Dankjewel buurman. I tried it, with no success. Nevermind, I will stay with my “prod” server accessible on the web and my “dev” server on my home lan. That is fair enough: it prevents me from spending to much time on my “dev” and is more secure. Thanks anyway and welcome to the “Yunohost world”.
Xof.
Go to the /etc/nginx/conf.d/proxy.domain.tld.d and create a file proxy.conf. Add the following code with your own second server ip:
location / {
proxy_pass https://192.168.0.100; #ip address of the other server(needs to be static)
proxy_set_header Host $host;
#Force https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
proxy_buffering off;
tcp_nodelay on;
}
Restart the nginx:
service nginx restart
Note:- You will have to login to the YunoHost page to get the access to the proxy page. If you need to bypass it, add the proxy.domain.tld to the skipped_urls under /etc/ssowat/conf.json.persistent .
I have two servers, one for personal (Server A), one for Duniter (Server B).
They both use port 443 and Duniter uses a reverse proxy.
Right now, I have ruined a couple of my configuration files.
I just recalled that port 80 is still needed if I can recall correctly for certificates, unless I’m wrong that is.
Deleting those parts for Server B was not smart and I just realized it after deleting it on Server A.
So perhaps it’s best to set straight again what I’ve wronged at the moment:
domain.tld.conf (of Server A)
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name domain.tld;
ssl_certificate /etc/yunohost/certs/domain.tld/crt.pem;
ssl_certificate_key /etc/yunohost/certs/domain.tld/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
# Ciphers with intermediate compatibility
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=intermediate
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-S$
# Ciphers with modern compatibility
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
# Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
#ssl_protocols TLSv1.2;
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-$
# Uncomment the following directive after DH generation
# > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
#ssl_dhparam /etc/ssl/private/dh2048.pem;
add_header Strict-Transport-Security "max-age=31536000;";
access_by_lua_file /usr/share/ssowat/access.lua;
include conf.d/domain.tld.d/*.conf;
include conf.d/yunohost_admin.conf.inc;
include conf.d/yunohost_api.conf.inc;
access_log /var/log/nginx/domain.tld-access.log;
error_log /var/log/nginx/domain.tld-error.log;
}
[Update]
I fixed that part, now I need to get back at how to solve the actual issue.
How do I get two Yunohost server to work, when the second one already uses a reverse proxy?
I have my main server with the essentials on it: blog, nextcloud, pihole, and xmpp. I want to run another yunohost on my network with other things that aren’t so essential, and to test things out: mastodon, pixelfed…
I tried with nginx too but messed it up. Frankly nginx is a bit confusing and scary for me
If anyone figures out, please make a tutorial…
Lots of moving parts to make it work it seems: and settings, nginx, port forwarding?
