Why the need? OPNsense --> Proxmox

[fakebizprez]

Hi everyone,

If I am running LXCs on Proxmox, that consist of applications I am hosting, and each of these LXCs require a web server like Traefik/Caddy/NGINX, to host an application, then am I also required to run a web server on OPNsense?

I came into this endeavor thinking I would only need to run one Reverse Proxy on the edge (OPNsense) and that could direct traffic to the containers that are hosting my applications.

Any feedback is appreciated, and if you have any learning material that you recommend to learn these principles from the ground up then I will read it. Thank you.

[Patrick M. Hausen]

I don't run proxmox, but I have a good hand full of applications running in VMs on TrueNAS CORE, containers on TrueNAS SCALE or jails on TN CORE. I use the os-caddy plugin to reverse proxy for all of them including all SSL termination.

[bartjsmit]

learning material that you recommend to learn these principles from the ground up

The well-troden path to networking understanding is Cisco CCNA. Udemy has some low-priced courses: https://www.udemy.com/topic/cisco-ccna/ and local government/colleges may offer classroom or remote training.

Bart...

[Patrick M. Hausen]

Also I consider Radia Perlman's "Interconnections" an essential read.

1st edition is on archive.org: https://archive.org/details/interconnections0000perl

[cookiemonster]

Networking covered, you might want to also consider resource consumption and management demands versus ease. If I understand your question correctly that is.
Most modern applications have or provide a front end. This is often done as bits of code to be served by a webserver. So if you have app1 on LX1, app2 on LX2, app3 on LX3. Then you have front end code1, front end code2 and front end code3 to host somewhere. Most of the modenr applications will have instructions or scripts included to deploy said code in a webserver and not all of them use the same one. Especially with docker thingies.
Some will prefer to deploy to an apache server, others to an nginx server as the main ones.
So that's your front ends hosted but you could run one instance of a webserver and adapt those instructions if provided, to host all of them as virtual hosts on the same single webserver.
In other words from:
LX1 -- app1web1 (nginx1) -- app1backend
LX2 -- app2web2 (nginx2) -- app2backend
LX3 -- app3web3 (nginx3) -- app3backend
To:
  (nginx1)
        app1web1 -- LX1 app1backend
        app2web2 -- LX2 app2backend
        app3web3 -- LX3 app3backend
That is one webserver -somewhere- hosting all front ends.
Then your reverse proxy goes in front of the webserver.

That said, your reverse proxy doesn't need this rejigging. You need only one and point it to your current LX1,2,3 webserver front ends.

[fakebizprez]

learning material that you recommend to learn these principles from the ground up

The well-troden path to networking understanding is Cisco CCNA. Udemy has some low-priced courses: https://www.udemy.com/topic/cisco-ccna/ and local government/colleges may offer classroom or remote training.

Bart...

Thank you. I will check this out. I have been following along with CCNA tutorial videos I found from Network Chuck on YouTube.

[fakebizprez]

Networking covered, you might want to also consider resource consumption and management demands versus ease. If I understand your question correctly that is.
Most modern applications have or provide a front end. This is often done as bits of code to be served by a webserver. So if you have app1 on LX1, app2 on LX2, app3 on LX3. Then you have front end code1, front end code2 and front end code3 to host somewhere. Most of the modenr applications will have instructions or scripts included to deploy said code in a webserver and not all of them use the same one. Especially with docker thingies.
Some will prefer to deploy to an apache server, others to an nginx server as the main ones.
So that's your front ends hosted but you could run one instance of a webserver and adapt those instructions if provided, to host all of them as virtual hosts on the same single webserver.
In other words from:
LX1 -- app1web1 (nginx1) -- app1backend
LX2 -- app2web2 (nginx2) -- app2backend
LX3 -- app3web3 (nginx3) -- app3backend
To:
  (nginx1)
        app1web1 -- LX1 app1backend
        app2web2 -- LX2 app2backend
        app3web3 -- LX3 app3backend
That is one webserver -somewhere- hosting all front ends.
Then your reverse proxy goes in front of the webserver.

That said, your reverse proxy doesn't need this rejigging. You need only one and point it to your current LX1,2,3 webserver front ends.

Thank you, this really helps.
Does it benefit resource consumption and load balancing to have each container run their own webserver and point towards a universal webserver? Or is it the Reverse Proxy that is assisting in load balance?

[cookiemonster]

for things that many homelabbers host with very low load and very few incoming connections, it's usually that ease wins. Each use very little resources.
I wanted to point out that in the context of your question. Only one reverse proxy is needed. The reverse proxy takes the requests and sends them to the actual webservers. So you don't need another webserver in OPN.

[fakebizprez]

for things that many homelabbers host with very low load and very few incoming connections, it's usually that ease wins. Each use very little resources.
I wanted to point out that in the context of your question. Only one reverse proxy is needed. The reverse proxy takes the requests and sends them to the actual webservers. So you don't need another webserver in OPN.

Thank you, this clears up a lot of questions.