App-proxy is a transparent HTTP proxy to add authentication to Umbrel apps. Every HTTP request and Websocket connection goes through the proxy and each request has the session token checked for validity. The session token is set via App-auth. It runs by-default as a containerized service.
If you are looking to run Umbrel on your hardware, you do not need to run this service on it's own. Just download Umbrel OS and you're good to go.
Make sure umbrel-manager and app-auth are running and available.
cd $UMBREL_ROOT/containers/app-proxy/test
./test.sh docker-compose.app1.ymlWithin the test directory there are several test apps to test different functionality such as Websocket and SSE with the proxy.
The following environment variables are set in .env file of the project's root:
| Variable | Description | Default |
|---|---|---|
LOG_LEVEL |
Log level for the proxy (http-proxy-middleware) |
info |
PROXY_PORT |
HTTP proxy container port | 4000 |
PROXY_AUTH_ADD |
true/false as to whether the app should be protected with authentication |
true |
PROXY_AUTH_WHITELIST |
A comma seperated list of paths that are whitelisted (e.g. /public/*) |
|
PROXY_AUTH_BLACKLIST |
A comma seperated list of paths that are whitelisted (e.g. /admin/*,/api/*) |
|
APP_HOST |
App's frontend container hostname/IP | |
APP_PORT |
App's frontend container port | |
APP_MANIFEST_FILE |
Location of app's manifest file | /extra/umbrel-app.yml |
UMBREL_AUTH_PORT |
App-auth's exposed (port-forwarded) port | 2000 |
UMBREL_AUTH_SECRET |
A shared secret for manager, app-auth and app-proxy | umbrel |
UMBREL_AUTH_HIDDEN_SERVICE_FILE |
Location of app-auth's Tor HS hostname | /var/lib/tor/auth/hostname |
MANAGER_IP |
Umbrel's manager IP | 10.21.21.4 |
MANAGER_PORT |
Umbrel's manager container port | 9005 |