this post was submitted on 26 Apr 2024
79 points (94.4% liked)

Selfhosted

40747 readers
662 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Zoraxy describes itself as:

"General purpose request (reverse) proxy and forwarding tool for networking noobs. Now written in Go!".

Yet it seems to be packed with goodies and features, such as Geo-IP & Blacklist, ZeroTier controller integrated GAN, IP Scanner, Real Time Stats and even built in Uptime monitor. Addtionally, it can run via a single binary for those who don't want to rely on Docker. There is also an Unraid Template available from IBRACORP. Lastly the project is under the AGPL license 🌻

I also checked, and saw this was recommended on this community 9months ago, but didn't seem to get much attraction then. Has anyone tried this yet? It seems like a good alternative to say NGINX proxy manager and am wondering if I should switch, but wanted to hear thoughts first!

Zoraxy's Github list the following features:

Features

  • Simple to use interface with detail in-system instructions
  • Reverse Proxy (HTTP/2)
    • Virtual Directory
    • WebSocket Proxy (automatic, no set-up needed)
    • Basic Auth
    • Alias Hostnames
    • Custom Headers
  • Redirection Rules
  • TLS / SSL setup and deploy
    • ACME features like auto-renew to serve your sites in https
    • SNI support (one certificate contains multiple host names)
  • Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)
  • Global Area Network Controller Web UI (ZeroTier not included)
  • TCP Tunneling / Proxy
  • Integrated Up-time Monitor
  • Web-SSH Terminal
  • Utilities
    • CIDR IP converters
    • mDNS Scanner
    • IP Scanner
  • Others
    • Basic single-admin management mode
    • External permission management system for easy system integration
    • SMTP config for password reset

Screenshots

Image 1

Image 2

Image 3

Image 4

Image 5

Image 6

Image 7

Image 8

Image 9

Image 10

Image 11

Image 12

Image 13

Image 14

Image 15

Image 16

Image 17

Image 18

top 29 comments
sorted by: hot top controversial new old
[–] cevn 20 points 8 months ago (1 children)

I use Caddy. It works from Cli but very ez to use. Might try this in the future tho

[–] [email protected] 3 points 8 months ago

Same. Caddy is absurdly simple to configure

[–] [email protected] 14 points 8 months ago (1 children)

That looks pretty cool. I think it's just that everyone kinda picked their setup at the start and nobody wants to mess with it anymore lol.

I've got traefik setup so that I just add a few lines to a docker compose file and I'll automatically have a new service running under a new subdomain, with SSL certificate and all. Never have to think about it.

[–] [email protected] 1 points 8 months ago (1 children)

Have you automated host record creation?

[–] [email protected] 5 points 8 months ago (1 children)

I just have a wildcard subdomain record. (CNAME: *.mydomain.com)

Then the traffic gets sent to Traefik which checks the request for what subdomain it is asking for and routes it accordingly.

It's just two label lines in each docker compose with whatever subdomain I want to use and a minute or two later it's gotten the certificates and it's available.

[–] [email protected] 1 points 8 months ago (1 children)

Ah, that would make it easy. I can't use a wildcard with most of my domains, but maybe I could set up subdomains to have this convenience for dev/test sites. Thanks!

I suspect it would be trivial to add a hook to dynamically create (and remove, maybe) DNS records, just haven't tried yet.

[–] [email protected] 1 points 8 months ago (1 children)

Out of curiosity, why cant you use a wildcard?

[–] [email protected] 2 points 8 months ago

Lots of different hosts, multiple load balancers / ingress controllers.

[–] nexusband 7 points 8 months ago

Yes, I did. But I couldn't get my Homeassistant to work routing through it, so I switched back to Proxy Manager...

[–] [email protected] 5 points 8 months ago (1 children)

I use Zoraxy on all my servers, it replaced Nginx proxy manager (NPM) for me completely. Installed on my host system, it points directly into docker containers via IPV6 in most cases.

For services that I run on the host directly, it points to nginx or apache, both work well with Zoraxy. Synape, Mastodon, Immich, Vaultwarden, Jellyfin, Nextcloud, WordPress... No problem

If you run Zoraxy in docker, it works like NPM, but it has no advanced tab for additional configuration. It is just a reverse proxy, not a full web server like NPM, which is basically a GUI for nginx.

You will need nginx in addition for traffic splitting for some services, like Synapse or Mastodon, even in docker. In NPM this is called locations

I think it is beginner friendly, since those users mostly use docker containers. Container mostly work out of the box like in NPM. They can use Zoraxy in docker too and point it directly to a container name and port, immich_server:3001 for example. Same as in NPM

[–] [email protected] 2 points 8 months ago (1 children)

You will need nginx in addition for traffic splitting for some services, like Synapse or Mastodon, even in docker. In NPM this is called locations

That sounds like a pretty major missing feature.

[–] [email protected] 1 points 8 months ago (1 children)

Why? It is a reverse proxy, not a fully webserver, this is the difference from Nginx Proxy Manager, which includes Nginx. But advanced configuration can be a pain with NPM too, just look for Synapse and Delegation. This is troublesome for most users of NPM.

Zoraxy can serve a static website, but traffic splitting like for Synapse, MinIO or Mastodon is part of a (fully) webserver.

I use Zoraxy as a reverse proxy for easy managing my services, mostly directly in containers, but I use it with Apache and Nginx on the same host too for WordPress and Nextcloud for example.

Beginners will mostly only use docker containers, without further configuration, like in NPM and this works out of the box :)

[–] [email protected] 5 points 8 months ago

Splitting traffic on a reverse proxy host based on various triggers is a pretty common thing for a reverse proxy to do. Caddy does it, Nginx does it, HAProxy does it.

[–] [email protected] 3 points 8 months ago (1 children)

I wish I'd seen this before the minor hell I went through learning how to geoip block via iptables. 😁

It looks interesting. I think my only real concern is security. There's a lot of people using and working on nginx so, presumably, more people to identify bugs and squash them.

[–] [email protected] 2 points 8 months ago (1 children)

Yeah that's a valid point, especially if you're pointing this to the outside world.

[–] [email protected] 1 points 8 months ago

I'm still curious tho. I'll probably set it up for some internal only sites to test.

[–] [email protected] 3 points 8 months ago (3 children)

Let me know if the Screenshots are loading or not... on mobile they dont seem to load for me, but on PC they do...?

[–] PunkiBas 2 points 8 months ago (1 children)

They're not working for me

[–] [email protected] 1 points 8 months ago (1 children)
[–] PunkiBas 1 points 8 months ago* (last edited 8 months ago)

Now they're working

[–] [email protected] 1 points 8 months ago (1 children)

They load on the link to github, but not here on Lemmy.

[–] [email protected] 3 points 8 months ago (1 children)
[–] dragnansia 3 points 8 months ago

They're working for me on PC.

[–] callmepk 1 points 8 months ago (1 children)
[–] [email protected] 2 points 8 months ago

should work now :)

[–] Zeoic 3 points 8 months ago

Looks interesting! The ui looks miles ahead of NPM, so I might need to check it out

[–] [email protected] 2 points 8 months ago

I too am interested.

[–] [email protected] 2 points 8 months ago

I tried it out yesterday. All I wanted to do was add names to my services. I managed to get Homarr to show up when I go to server.local but couldn't then get Overseerr to show when I go to overseerr.server.local or server.local/overseerr

So after an hour or so of fiddling I gave up.

I use Tailscale so I just don't need to have everything sent to my domain, but I'm struggling just keeping it all on the local network.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
SSL Secure Sockets Layer, for transparent encryption
nginx Popular HTTP server

3 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread #714 for this sub, first seen 26th Apr 2024, 16:15] [FAQ] [Full list] [Contact] [Source code]