The largest issue with reverse proxies I've seen is that apps don't always offer a configuration to tell the front-end where they are hosted.
The proxy can rewrite app/suffix to /suffix so the back-end sees the the correct Location header.
But for a front-end it's not always that simple. Take a React application with HTML5-mode (where you can go from /foo to /bar without actually invoking a reques to the backend): Your React app needs to know what its base is. Otherwise the URLs just don't work, as it doesn't know which base to inject (or remove) as part of its navigation.
I've actually been watching this project develop over on /r/selfhosted over the last year at least. The author has put a lot of work into it, and it's definitely worth giving a shot for a homelab/self-hosted project.
Will definitely test it, it's definitely in the early stages and more basic stuff oriented but after using the majority of the fancy and more feature complete tools available today like Caddy and Traefik, a GUI is more than welcome.
Actually now that you say it: why is no one just putting a simple gui for editing in traefik. GUI debugging in the dashboard an Jaeger is already great. And the yaml syntax is so simple that it should be easy to model a UI based on it. I only found a five year old project.
If you make a script that handles building the traefik config from various inputs, you could make a gui config for it with Configurator [1] which we built and open sourced to make it easy to config stuff!
Looks like a lot of effort has been put into this, very nice. Your only other option is to figure out best of breed open source solutions like HAProxy. I guess you could also use the the community edition of Zevenet. Makes my commerical Loadbalancer.org appliance interface look a bit clunky actually.. sigh..
I think you're going to get in some hot water for showcasing big companies' logos on your page as if they use your product, despite your disclaimer on a linked page.
I looked at the issues for the github project, and it's a cesspool of "doesn't work". I can't imagine being the maintainer and having to wade through that.
Care to elaborate on both counts? I’ve been using it for years and have had no auth issues in my use case at least. I mainly use it inside lan only though I do have a firewalled instance for a couple public services I host, but I haven’t heard of any security issues, I sort of assumed it had a similar attack surface as regular Nginx as that’s basically all it is.
Would people really be willing to use this to expose their services to the internet?
Given it’s small and focused on home users, I’d be afraid of any potential security issues. I’d much rather use tools that get a lot more frequent security scanning (like nginx)
I've cobbled together my own assortment of services that achieves a similar suite of functionality Zoraxy appears to offer. Everything is hosted and accessible (ACLs permitting) via my Tailscale network – nothing gets exposed publicly.
This looks very cool and if it's able to integrate with Tailscale I'd try it in a heartbeat!
Nginx is written in C. It's not the worst offender of the species, but there's been enough RCE-level CVEs over the years that I would assume some remain in its current version.
Something written in e.g. Go at least gives you a fighting chance.
Would this be suitable for a VPN-like setup with some remote servers and distributed home dev machines? In other words, does the 'homelab' in the title imply LAN-specific functionality?
Judging by the features, it doesn’t seem predominantly focused on routing and acting as a tool or server you can deploy to operate a network and allow other devices to leverage it to route between networks.
That's because you're missing the "homelab" that comes before those words, like it's stated in the title, I opened the link and was greeted by exactly what I was expecting.
Can you explain why you expected this from the title? When I hear „network routing“, the first thing that comes into my mind is IP routing, not a reverse proxy. With a „homelab“, I‘d never associate the need for a reverse proxy or SSL certificates.
The "homelab" modifier does a lot of work. When I read homelab I was expecting "easy way for non tech person to do computer magic."
When I read about a "gun fight" I am expecting to read about violence and carnage. If you put the word "water" in front of it I am no longer expecting violence and carnage in a wet environment. Homelab changes the definition of everything that comes after it much like water changes the definition of gun fight.
>When I read homelab I was expecting "easy way for non tech person to do computer magic."
Isn't that hypocritical? The very nature of a home lab means whoever owns it is a tech person. A "non tech person" wouldn't even know what a home lab is, at least in the context of computers and technology.
I expected that because I didn't just read "network routing", I read "homelab network routing", I don't 100% agree with the title but nowadays a homelab means docker containers and a reverse proxy to expose them all. Also Zoraxy sounds a lot like "proxy", so there's that.
You end up pasting a confusing snippet found in the internet to make it work.