I have searched and searched and have not found the answers I have been looking for so I thought a shout out might be in order.
What I am trying to do is use a mini-pc with OPNSense installed (which is working splendidly)
and host a media server like emby (https://emby.media/). Additionally, I would like to use it as a web server.
I have seen much about NGINX, but there are many warnings not to use it in this way due to security issues and PHP active queries.
- Has this been done before and how?
- Instead of trying to run a server on OPNSense, would it be better/easier to run OPNSense on a server, possibly with VirtualBox and, if so, what is the best method of deployment? (Redhat, Ubuntu, FreeBSD, etc...)
Thanks in advance for the help and advice.
Opnsense is Hardened FreeBSD, so there is no choice. If it was me I'd run both as VMs, one VM for Opnsense and I would use Ubuntu to host the webserver on a second VM. One Virtual switch connected to one of your NICs as the LAN side and another for the WAN side for Opnsense. There are various Hypervisors around, I've used ESXI on baremetal in the past to do what you want to do, not the most friendly to set up but it works. VirtualBox is fine, but if you are running Windows10 Pro you can use HyperV which is pretty easy to set up - I use it for testing some scenarios.
You can use the nginx plugin for basic PHP execution but OPNsense is quite limited. For example, there is no database server running except redis and you can use sqlite.
Also if your web application runs on OPNsense and has a security flaw, it can mean that your whole network gets compromised.
This plugin feature has been added for home users where power consumption is an important factor but in enterprise environments you should use separate servers to deploy the application.
Quote from: marjohn56 on June 16, 2020, 11:38:01 PM
Opnsense is Hardened FreeBSD, so there is no choice. If it was me I'd run both as VMs, one VM for Opnsense and I would use Ubuntu to host the webserver on a second VM. One Virtual switch connected to one of your NICs as the LAN side and another for the WAN side for Opnsense. There are various Hypervisors around, I've used ESXI on baremetal in the past to do what you want to do, not the most friendly to set up but it works. VirtualBox is fine, but if you are running Windows10 Pro you can use HyperV which is pretty easy to set up - I use it for testing some scenarios.
This is exactly what my thoughts were. Thanks for the feedback!