Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

App Submission: Zoraxy - Reverse Proxy Manager #1751

Merged
merged 34 commits into from
Dec 19, 2024
Merged
Show file tree
Hide file tree
Changes from 28 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
8cbd8c6
Merge pull request #1 from getumbrel/master
dennysubke Sep 24, 2024
1679c67
Add files via upload
dennysubke Sep 24, 2024
b8cd858
Delete denny-linkstack directory
dennysubke Sep 24, 2024
98bbed6
Add files via upload
dennysubke Sep 24, 2024
34dce5d
Update docker-compose.yml
dennysubke Sep 24, 2024
c3c6fdb
Update umbrel-app.yml
dennysubke Sep 24, 2024
8a30866
Update umbrel-app.yml
dennysubke Sep 24, 2024
2c1669f
Update umbrel-app.yml
dennysubke Sep 24, 2024
8855afa
Update umbrel-app.yml
dennysubke Sep 24, 2024
7fb6b12
Update umbrel-app.yml
dennysubke Sep 24, 2024
a467b93
Update umbrel-app.yml
dennysubke Sep 24, 2024
627d78b
Update umbrel-app.yml
dennysubke Sep 24, 2024
57d703f
Add files via upload
dennysubke Sep 25, 2024
5c5ebcc
Delete excalidraw directory
dennysubke Sep 25, 2024
f54af58
Update umbrel-app.yml
dennysubke Sep 25, 2024
5899c20
Update umbrel-app.yml
dennysubke Sep 25, 2024
ad04036
Update umbrel-app.yml
dennysubke Sep 25, 2024
6290052
Delete linkstack directory
dennysubke Sep 25, 2024
3977fa6
Add files via upload
dennysubke Oct 27, 2024
0c3f58c
Update docker-compose.yml
dennysubke Oct 27, 2024
4edde17
Update docker-compose.yml
dennysubke Oct 27, 2024
f2d3c00
Delete denny-onionshare directory
dennysubke Oct 27, 2024
af3d623
Add files via upload
dennysubke Nov 6, 2024
cccedd8
Delete denny-zoraxy directory
dennysubke Nov 6, 2024
9329d36
Add files via upload
dennysubke Nov 6, 2024
f3c0462
Update umbrel-app.yml
dennysubke Nov 6, 2024
49ab428
Create .gitkeep
dennysubke Nov 6, 2024
6d03c38
Update umbrel-app.yml
dennysubke Nov 6, 2024
8321fa3
Update docker-compose.yml
dennysubke Nov 21, 2024
00dfb5b
Update umbrel-app.yml
dennysubke Nov 21, 2024
9852c1f
Delete zoraxy/config directory
dennysubke Nov 21, 2024
3f7677c
Create .gitkeep
dennysubke Nov 21, 2024
48da36a
Update docker-compose.yml
dennysubke Dec 19, 2024
61de22e
Shorten app name
nmfretz Dec 19, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions zoraxy/config/.gitkeep
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

23 changes: 23 additions & 0 deletions zoraxy/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
services:

Check notice on line 1 in zoraxy/docker-compose.yml

View workflow job for this annotation

GitHub Actions / Lint apps

Potentially using unsafe user in service "server"

The default container user "root" can lead to security vulnerabilities. If you are using the root user, please try to specify a different user (e.g. "1000:1000") in the compose file or try to set the UID/PUID and GID/PGID environment variables to 1000.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current Compose doesn't use version in the docker-compose.yml, but we need to add version: '3.7' here anyways to maintain compatibility with umbrelOS 0.5. Similar to #1742 (comment)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done! Added version: '3.7' to ensure compatibility with UmbrelOS 0.5. 😊

app_proxy:
environment:
APP_HOST: zoraxy_server_1
APP_PORT: 8000
PROXY_AUTH_ADD: "false"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that there is a NOAUTH environment variable we can use to disable authentication for the Zoraxy UI:
https://github.com/tobychui/zoraxy/tree/main/docker#environment

What do you think about removing Zoraxy's auth and then removing PROXY_AUTH_ADD: "false" here so that the UI is protected by umbrelOS's auth and inherits other security features like 2FA if a user has it enabled? This also means reduced friction for a user signing in since they can:

  • log in through umbrel homescreen.
  • click Zoraxy and not have to input credentials again.

Similar to what we did here: #1742 (comment)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, already taken care of!

server:
image: zoraxydocker/zoraxy:v3.1.2@sha256:38f23c5a507542bbd6eac0492bf6456be2004015594ca270a1a5998c8a377b74
restart: on-failure
#ports: -> The proxy service is listening on port 8400
# 8480:80
# 8443:443
# 8400:8000
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since Zoraxy is a reverse proxy doesn't it need to expose http and https ports for its basic functionality?

User's are going to need to open ports on their router and then port forward to Zoraxy running on their Umbrel. You can bind to free ports that haven't been taken by other apps yet. So something like:

ports:
  - 41080:80
  - 41443:443

Then right at the top of the app description you could note which ports are for which protocol.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done! Ports 41080 for HTTP and 41443 for HTTPS are now set, and I'll add the protocol details to the app description.

volumes:

Check notice on line 14 in zoraxy/docker-compose.yml

View workflow job for this annotation

GitHub Actions / Lint apps

Mounted file/directory "/zoraxy/config/" doesn't exist

The volume "${APP_DATA_DIR}/config/:/opt/zoraxy/config/" tries to mount the file/directory "/zoraxy/config/", but it is not present. This can lead to permission errors!
- ${APP_DATA_DIR}/config/:/opt/zoraxy/config/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do the same thing as the other submissions and put this one level deeper on the host inside a parent data directory so that it has similar structure to the majority of other apps, and it makes it easy to add more bind mounts inside data in the future.

- ${APP_DATA_DIR}/data/config/:/opt/zoraxy/config/

Reminder, you'll need to make the equivalent change to the committed directories.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done! Moved it one level deeper inside a parent data directory.

# ${APP_DATA_DIR}/zerotier/config/:/var/lib/zerotier-one/ -> If you are not using ZeroTier, this directory is irrelevant.
- /var/run/docker.sock:/var/run/docker.sock
Copy link
Contributor

@nmfretz nmfretz Nov 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can remove the docker socket bind based on the discussion above: #1751 (review)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done! Removed the Docker socket bind as discussed.

- /etc/localtime:/etc/localtime:ro
environment:
FASTGEOIP: "false"
ZEROTIER: "false"

#⚠️ Zoraxy setup is working fine, but without HTTPS and ZeroTier support.
52 changes: 52 additions & 0 deletions zoraxy/umbrel-app.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
manifestVersion: 1
id: zoraxy
name: Zoraxy Proxy Server
tagline: An efficient reverse proxy server with automated SSL management
category: networking
version: "3.1.2"
port: 8400
description: >-
Zoraxy is a powerful, user-friendly reverse proxy server and forwarding tool, designed to provide a straightforward, flexible, and secure method for managing web traffic within home labs and developer environments. Written in Go, Zoraxy caters to both novice and experienced users by simplifying the process of routing HTTP requests to backend servers, enabling efficient and reliable service management without relying on traditional, more complex servers like NGINX or Apache.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking we should add port instructions and a warning at the top here, what do you think? You can just steal it directly from the nginx proxy manager app:

description: >-
Expose your apps to the internet easily and securely.
⚠️ Be cautious when exposing apps to the public internet. Ensure they have proper security, such as login protection, and avoid exposing sensitive apps without adequate safeguards.
🔧 Nginx Proxy Manager uses port 40080 for HTTP (unsecured) traffic and port 40443 for HTTPS (secured) traffic.
To make your apps accessible from the public internet, you will need to set up port forwarding on your router.
Forward external port 80 (HTTP) to internal port 40080 and external port 443 (HTTPS) to internal port 40443.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💪 Added port instructions and a warning at the top, following the nginx proxy manager app format.



Key Features:


🔀 Reverse Proxy & WebSocket Support: Zoraxy handles HTTP/2 connections and automatically supports WebSocket proxying, making it ideal for real-time applications that need a stable, low-latency connection, such as chat services or dashboards. It also enables reverse proxying across virtual directories and supports alias hostnames and custom headers for enhanced flexibility.


🤖 TLS/SSL with ACME Automation: Zoraxy simplifies the setup of HTTPS using ACME, which enables automatic renewal of SSL certificates through providers like Let's Encrypt. This feature supports both SNI (Server Name Indication) and SAN (Subject Alternative Name) certificates, helping users serve multiple domains securely with minimal manual intervention.


📍 Geo-IP Blacklisting and Whitelisting: Security is enhanced by offering geo-IP and IP-based blacklisting and whitelisting, allowing users to restrict access based on location or specific IP addresses. This feature is especially useful for protecting applications and services from specific regions or untrusted IPs.


🌐 Global Area Network Controller & ZeroTier Integration: For distributed networks, Zoraxy provides a built-in controller interface for managing ZeroTier networks, facilitating secure and scalable connections across multiple nodes. This feature is particularly valuable for homelab enthusiasts and developers creating private network setups with limited external access​ Zoraxy DEV Community.


🛠️ Built-in Utilities: Zoraxy goes beyond traditional reverse proxy functionality, including utilities like CIDR IP conversion, an mDNS scanner for local network discovery, and tools for debugging proxy connections. A Web-SSH terminal allows remote management of connected devices within the network, and its Wake-on-LAN support further extends Zoraxy’s usability for network administrators.


📊 Stream Proxying & Monitoring: Beyond HTTP/HTTPS, Zoraxy supports TCP and UDP stream proxying, making it a versatile choice for handling various data streams. Integrated uptime monitoring and non-personalized traffic analytics provide insights into network activity without cookies, enhancing privacy and enabling users to track service performance directly within Zoraxy.


🖥️ Simple UI & Integration: The Zoraxy interface is designed to be intuitive, with in-depth setup instructions for less experienced users. Advanced configurations can disable authentication to integrate with existing infrastructures that use permission management. Additionally, a single-admin management mode makes it easy to operate within private networks, similar to managing a home router.


Zoraxy is particularly popular in the homelab and developer communities for its extensive feature set, reliability, and open-source nature. It can be run on low-power devices, making it suitable for a variety of hosting environments, from personal setups to larger, distributed network architectures. Its flexibility, combined with a robust feature set, makes it a compelling choice for anyone looking to streamline their network management setup or host web services securely and efficiently.

developer: Toby Chui
website: https://zoraxy.aroz.org/
submitter: dennysubke
submission: https://github.com/getumbrel/umbrel-apps/pull/1751
repo: https://github.com/tobychui/zoraxy
support: https://github.com/tobychui/zoraxy/issues
gallery:

Check warning on line 44 in zoraxy/umbrel-app.yml

View workflow job for this annotation

GitHub Actions / Lint apps

"icon" and "gallery" needs to be empty for new app submissions

The "icon" and "gallery" fields must be empty for new app submissions as it is being created by the Umbrel team.
- 1.jpg
- 2.jpg
- 3.jpg
Comment on lines +55 to +58
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've got 5 lovely gallery images, so gotta add 4 and 5 😉

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! 😃 Added gallery images 4 and 5 to complete the set. 👌

releaseNotes: ""
dependencies: []
path: ""
defaultUsername: ""
defaultPassword: ""