(looking for feedback) HTTP(S) reverse proxy


Github repository


A simple, no-dependency HTTP(S) reverse-proxy application for Yunohost. Install from https://github.com/YunoHost-Apps/reverseproxy_ynh (only for testing).


I forked redirect_ynh because i wanted the reverse proxy to serve static files from a preset directory without my backend application having to take care of that.

We could add other features in the future. What do you find useful?


Beginner question but how do i give ownership of the repo to Yunohost-Apps as suggested by the linter?

EDIT: Received response on apps chatroom. Got invitation on Github. Transfered the repository.

What would be super awesome would be to have a “SNI-based reverse proxy” mode … though I don’t know if it could easily fit in the existing code or if we should have like a 'sni_based_reverse_proxy_ynh` instead

The current implementation (just like redirect_ynh) is mostly about reverse -proxying a single app through HTTP which is an important use case. But there is another use case which is to reverse proxy for example a YunoHost inside a YunoHost. Or more generally reverse-proxying an entire external server/domain through YunoHost (for example hosting multiple server at home behind a single IP). For this use case, the usual issue is about certificate : a) should the certificate be handled by the front ? b) Or the proxied server ? In the case of a), the issue is that the proxied server usually wants to handle the SSL layer (for example YunoHost is configured with HTTP->HTTPS redirect by default) so you have to disable it and it’s not practical for reasons. In the case of b) it’s not practical either, because the front server must have access to the certificate so it can’t be generated/renewed by the proxied server … or you gotta copy between the two machines somehow

The cool solution is SNI-based reverse proxy and uses the fact that in the HTTPS protocol, the target domain of the request is available as unencrypted data and can be use by a reverse-proxy to forward the traffic without having to decrypt the traffic, such that the proxied server can handle its the SSL layer / certificate on its own.

The corresponding module in nginx : Module ngx_stream_ssl_preread_module

It’s a bit more unusual compared to regular yunohost apps (even redirect_ynh) though

1 Like

The current NGINX helper would not be able to help us here, since it includes the configuration file in a server block. upstream directives can only be in a http block.

1 Like

Great idea! I will do that next :slight_smile:

I’ll probably make that a different app though, because i find it clunky to have a dropdown of “types” of configuration in the interface, then have specific config depending on the type.

I mean if there’s support for that in the UI and in the config parsing for options to depend on other options i’ll go for it, but i couldn’t find anything about this in the docs.

1 Like