[HN Gopher] Zoraxy: Open-Source, All in one homelab network rout...
___________________________________________________________________
Zoraxy: Open-Source, All in one homelab network routing solution
Author : thunderbong
Score : 133 points
Date : 2024-05-18 02:13 UTC (20 hours ago)
(HTM) web link (zoraxy.arozos.com)
(TXT) w3m dump (zoraxy.arozos.com)
| metadat wrote:
| Is this a competitor for opnsense and pfsense?
| teruakohatu wrote:
| It seems to be more like a reverse proxy that integrates with
| ZeroTier.
| teleforce wrote:
| In the GitHub it's mentioned the the Zoraxy is compatible
| with ZeroTier but due to licensing issues, ZeroTier is not
| included in the binary.
|
| Just wondering is there any legit open source alternative for
| ZeroTier?
| evulhotdog wrote:
| Judging by the features, it doesn't seem predominantly focused
| on routing and acting as a tool or server you can deploy to
| operate a network and allow other devices to leverage it to
| route between networks.
| mekster wrote:
| Their GitHub has a simpler explanation.
|
| https://github.com/tobychui/zoraxy
| AbraKdabra wrote:
| No, it's a reverse proxy.
| mgarfias wrote:
| I think "network routing solution" means something different to
| me and the authors.
| AbraKdabra wrote:
| That's because you're missing the "homelab" that comes before
| those words, like it's stated in the title, I opened the link
| and was greeted by exactly what I was expecting.
| metanonsense wrote:
| Can you explain why you expected this from the title? When I
| hear ,,network routing", the first thing that comes into my
| mind is IP routing, not a reverse proxy. With a ,,homelab",
| I'd never associate the need for a reverse proxy or SSL
| certificates.
| sambazi wrote:
| you're thinking "computer networking", they mean "webapp
| experimentation"
| superb_dev wrote:
| Maybe they should use words that mean "webapp
| experimentation" instead of "computer networking"
| sambazi wrote:
| imho it's a legitimate use of the term. though the
| tension of meaning suggests that there is room for
| clarification
| dfc wrote:
| The "homelab" modifier does a lot of work. When I read
| homelab I was expecting "easy way for non tech person to do
| computer magic."
|
| When I read about a "gun fight" I am expecting to read
| about violence and carnage. If you put the word "water" in
| front of it I am no longer expecting violence and carnage
| in a wet environment. Homelab changes the definition of
| everything that comes after it much like water changes the
| definition of gun fight.
| Dalewyn wrote:
| >When I read homelab I was expecting "easy way for non
| tech person to do computer magic."
|
| Isn't that hypocritical? The very nature of a home lab
| means whoever owns it is a tech person. A "non tech
| person" wouldn't even know what a home lab is, at least
| in the context of computers and technology.
| dfc wrote:
| I do not think it is hypocritical. I did not behave in a
| manner that contradicts something I have said or believe.
| kuschku wrote:
| Homelab network routing means pfsense, opensense, vyos,
| ubiquity.
|
| What does this product have to do with "routing" at all? How
| is it a router?
| ComodoHacker wrote:
| It is routing web requests to backend endpoints, I guess.
| soneil wrote:
| I think it's an interesting quirk that we don't use the
| same terms for what are essentially the same concepts.
|
| Switching is $verbing at layer 2, IP routing is $verbing at
| layer 3, NAT is $verbing at layer 4, and reverse proxying
| is $verbing at layer 5.
|
| I'd argue that 'route' is the right value for $verb here.
| navigate8310 wrote:
| It's a fancy reverse proxy with GUI
| sambazi wrote:
| yea, the term "routing" was overlaid by the webheads to
| describe the handling of an http-request after hitting the
| first webserver.
|
| this is quite confusing to ppl that deal with "routing
| protocols", "routing tables" and other stuff that makes the
| internet work.
| wlopes wrote:
| Cool tool. I've had a few problems building it from source. Could
| only run from the pre-built release. It would be great to see
| more documentation.
| waldrews wrote:
| Would this be suitable for a VPN-like setup with some remote
| servers and distributed home dev machines? In other words, does
| the 'homelab' in the title imply LAN-specific functionality?
| navigate8310 wrote:
| https://github.com/tobychui/zoraxy/issues/49
| AbraKdabra wrote:
| Will definitely test it, it's definitely in the early stages and
| more basic stuff oriented but after using the majority of the
| fancy and more feature complete tools available today like Caddy
| and Traefik, a GUI is more than welcome.
| riedel wrote:
| Actually now that you say it: why is no one just putting a
| simple gui for editing in traefik. GUI debugging in the
| dashboard an Jaeger is already great. And the yaml syntax is so
| simple that it should be easy to model a UI based on it. I only
| found a five year old project.
| zokier wrote:
| Because infrastructure as code is the fashionable mode of
| operation these days, and we have not yet managed to move
| beyond considering code as text.
|
| Webmin style solutions were more fashionable in the turn of
| the century but, outside MS ecosystem, GUIs never got
| predominant.
| frankharv wrote:
| OpnSense,pfSense,FreeNAS,NAS4Free would all disagree.
|
| I only lament how they moved from classic lighttpd/PHP to
| BootStrap.
| chadsix wrote:
| If you make a script that handles building the traefik config
| from various inputs, you could make a gui config for it with
| Configurator [1] which we built and open sourced to make it
| easy to config stuff!
|
| [1] https://github.com/ipv6rslimited/configurator
| loadbalancer wrote:
| Looks like a lot of effort has been put into this, very nice.
| Your only other option is to figure out best of breed open source
| solutions like HAProxy. I guess you could also use the the
| community edition of Zevenet. Makes my commerical
| Loadbalancer.org appliance interface look a bit clunky actually..
| sigh..
| hiatus wrote:
| I think you're going to get in some hot water for showcasing
| big companies' logos on your page as if they use your product,
| despite your disclaimer on a linked page.
| seabrookmx wrote:
| Regardless, it's off-putting to potential customers.
| tigrezno wrote:
| My experience with these noob-friendly proxys is that many apps
| just don't work behind a proxy and need complex configurations.
|
| You end up pasting a confusing snippet found in the internet to
| make it work.
| lenova wrote:
| I've actually been watching this project develop over on
| /r/selfhosted over the last year at least. The author has put a
| lot of work into it, and it's definitely worth giving a shot
| for a homelab/self-hosted project.
| MrDarcy wrote:
| What differentiates it from the rest? Does it make oidc sso
| easy for home labs?
| lenova wrote:
| GUI driven is the primary differentiator I believe.
|
| Repo: https://github.com/tobychui/zoraxy
| OptionOfT wrote:
| The largest issue with reverse proxies I've seen is that apps
| don't always offer a configuration to tell the front-end where
| they are hosted.
|
| The proxy can rewrite app/suffix to /suffix so the back-end
| sees the the correct Location header.
|
| But for a front-end it's not always that simple. Take a React
| application with HTML5-mode (where you can go from /foo to /bar
| without actually invoking a reques to the backend): Your React
| app needs to know what its base is. Otherwise the URLs just
| don't work, as it doesn't know which base to inject (or remove)
| as part of its navigation.
|
| Combine that with the nginx's try_files and you have a recipe
| for infinite navigation to the index.html:
| https://nginx.org/en/docs/http/ngx_http_core_module.html#try...
| JimBlackwood wrote:
| Would people really be willing to use this to expose their
| services to the internet?
|
| Given it's small and focused on home users, I'd be afraid of any
| potential security issues. I'd much rather use tools that get a
| lot more frequent security scanning (like nginx)
| ctippett wrote:
| I've cobbled together my own assortment of services that
| achieves a similar suite of functionality Zoraxy appears to
| offer. Everything is hosted and accessible (ACLs permitting)
| via my Tailscale network - nothing gets exposed publicly.
|
| This looks very cool and if it's able to integrate with
| Tailscale I'd try it in a heartbeat!
| Filligree wrote:
| Nginx is written in C. It's not the worst offender of the
| species, but there's been enough RCE-level CVEs over the years
| that I would assume some remain in its current version.
|
| Something written in e.g. Go at least gives you a fighting
| chance.
| madc wrote:
| Here another similar project based on nginx:
| https://nginxproxymanager.com/
| v3ss0n wrote:
| Don't use it. It have many problems.
|
| - User auth bugs.
|
| - Security issues.
|
| The developer do not care about fixing those.
| quickslowdown wrote:
| I wasn't aware of security issues and I'm currently using
| this proxy manager, do you have a good alternative?
| einsteinx2 wrote:
| Care to elaborate on both counts? I've been using it for
| years and have had no auth issues in my use case at least. I
| mainly use it inside lan only though I do have a firewalled
| instance for a couple public services I host, but I haven't
| heard of any security issues, I sort of assumed it had a
| similar attack surface as regular Nginx as that's basically
| all it is.
| op00to wrote:
| I looked at the issues for the github project, and it's a
| cesspool of "doesn't work". I can't imagine being the
| maintainer and having to wade through that.
|
| https://github.com/NginxProxyManager/nginx-proxy-
| manager/iss...
|
| This seems to be the security vulnerability, with no details.
| sigmonsays wrote:
| we can't use "network routing" here to mean reverse proxy
|
| These are separate things.
| MrDarcy wrote:
| Something happened in higher education the past 5 years. I've
| noticed many new hires at various companies in the bay call
| layer 3 IP routers "proxies"
| Krasnol wrote:
| This is just another one of those cases where the actual github
| is more informative than the homepage.
|
| https://github.com/tobychui/zoraxy
|
| All you need to know about this Software is at a glance there.
| ei8ths wrote:
| dont call this a network routing solution.
___________________________________________________________________
(page generated 2024-05-18 23:01 UTC)