WebHosting on OPNSense

Started by uslte, June 16, 2020, 09:54:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 16, 2020, 09:54:31 PM
I have searched and searched and have not found the answers I have been looking for so I thought a shout out might be in order.

What I am trying to do is use a mini-pc with OPNSense installed (which is working splendidly) and host a media server like emby  (https://emby.media/).  Additionally, I would like to use it as a web server. 

I have seen much about NGINX, but there are many warnings not to use it in this way due to security issues and PHP active  queries.

  • Has this been done before and how?
  • Instead of trying to run a server on OPNSense, would it be better/easier to run OPNSense on a server, possibly with VirtualBox and, if so, what is the best method of deployment? (Redhat, Ubuntu, FreeBSD, etc...)

Thanks in advance for the help and advice.
June 16, 2020, 11:38:01 PM #1
Opnsense is Hardened FreeBSD, so there is no choice. If it was me I'd run both as VMs, one VM for Opnsense and I would use Ubuntu to host the webserver on a second VM. One Virtual switch connected to one of your NICs as the LAN side and another for the WAN side for Opnsense. There are various Hypervisors around, I've used ESXI on baremetal in the past to do what you want to do, not the most friendly to set up but it works. VirtualBox is fine, but if you are running Windows10  Pro you can use HyperV which is pretty easy to set up - I use it for testing some scenarios.
OPNsense 25.7a - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
June 17, 2020, 07:09:57 AM #2
You can use the nginx plugin for basic PHP execution but OPNsense is quite limited. For example, there is no database server running except redis and you can use sqlite.

Also if your web application runs on OPNsense and has a security flaw, it can mean that your whole network gets compromised.

This plugin feature has been added for home users where power consumption is an important factor but in enterprise environments you should use separate servers to deploy the application.
June 17, 2020, 08:26:28 PM #3
Quote from: marjohn56 on June 16, 2020, 11:38:01 PM
Opnsense is Hardened FreeBSD, so there is no choice. If it was me I'd run both as VMs, one VM for Opnsense and I would use Ubuntu to host the webserver on a second VM. One Virtual switch connected to one of your NICs as the LAN side and another for the WAN side for Opnsense. There are various Hypervisors around, I've used ESXI on baremetal in the past to do what you want to do, not the most friendly to set up but it works. VirtualBox is fine, but if you are running Windows10  Pro you can use HyperV which is pretty easy to set up - I use it for testing some scenarios.

This is exactly what my thoughts were.  Thanks for the feedback!
Print
Go Up Pages1
User actions