Tried the ProxyApp, and I must say I'm impressed how easy it was to configure. I didn't read any documentation I just set some settings and boom it's working with a webapp running in a Docker container on another server. Not sure who wrote the app but they did a good job!

Thanks Nick for pointing me to that app.

You're pushing my knowledge here. Isn't that what a reverse proxy does? I guess there is this for a start. There should be working examples all around the internet. If you fancy paying some money, there is the ProxyPass app. Also, I think with either Docker or ClearGLASS we got NGINX which can also do the reverse proxy.

Thank you Nick. It's clear now!

Another interesting question. If I want to create a sub domain for a service running in a container on another server. How is that done?

I'll try and break it down.

• Let's Encrypt can provide wildcard certificates but the Webconfig cannot request them
  
• It you have your domain with Clearcenter then any subdomain without a specific DNS record resolves back to your A record rather than fails. This means any subdomain on your main IP does not explicitly need a DNS record. It also means I can be lazy and not set up subdomain records and Let's Encrypt will still give me certificates.
  
• In the Let's Encrypt app you specify the primary (sub)domain for the certificate, but you can also specify Other (sub)Domains for the certificate.
  
• These Other Domains go into the Subject Alternative Name on the certificate and all of them can be used with that certificate. This is how I have one certificate for multiple subdomains
  
• You can get a Let's Encrypt certificate covering any subdomain as long as it resolves back to your IP address. This is how I get my howitts.poweredbyclear.com certificate.
  

I'm not sure if it's clear.. You need a wildcard in your dns record (*.lionux.nl) if you want to use sub domains? Then you can use the certificate (lionux.nl)?

You also have a certificate for poweredbyclear.com thus you have 2 certificates?

All the certificate requires is that one of the certificate domains matches the FQDN you request. It does not matter if it is external. I don't think our certificate app does wildcard certificates yet, but you can have multiple domains and subdomains on a single certificate. eg my one matches howitts.co.uk, howitts.poweredbyclear.com, lanserver.howitts.co.uk, mailserver.howitts.co.uk, server.howitts.co.uk and www.howitts.co.uk. All those domains have to resolve externally back to you, but if you use Clearcenter as your registrar, you effectvely have a wildcard DNS record so *.howitts.co.uk resolves back to me (unless explicitly set)

Nick Howitt wrote:
Another document needs updating here. Have a look at Webconfig > System > Settings > General Settings for the webconfig certificate.

This of course is also working in your local network when you use your domain name to access the webconfig of your server. I didn't realise the till I found out a couple of minutes ago. Nice work developers!!

Nice! Tried and it's working fine.

I did a quick search, but had to lookup information of that last rule

I played around earlier. More powerful and generic is:

RewriteEngine on

RewriteCond %{SERVER_PORT} 80

RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

This will work with both your_proper_domain.com and your_clearos_domain.poweredbyclear.com without rewriting your_clearos_domain.poweredbyclear.com to your_proper_domain.com.

Found the certificate setting for accessing the webconfig secure from the internet. Cool that this is possible!

I've added the following to ".htaccess":

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://domain.com/$1 [R,L]

and it's working okay.

This thread shows you how to limit the rewrite rule to just port 80 and other tricks.

Another document needs updating here. Have a look at Webconfig > System > Settings > General Settings for the webconfig certificate.

Thank you Nick.

Going to check that link and see if I can solve my challenge.

So I can use Let Encrypt certificates also for the webconfig? So that it's accessible via the internet over https? I have it already setup for the web server.

Yes it is possible. See feature request 18171 for more detail. Perhaps try doing it in the top level .htaccess file.

Be aware that I may have done something in the past like this to try it out and it is rewriting my Transmission FQDN and Transmission does not do https. I have to use a different FQDN to access it. I don't know if you can limit the rewrite rule to port 80 only. I expect you can and it would be a good idea to.

Have you checked out the Let's Encrypt app for a proper SSL certificate which can also be used for the webconfig?