Apps running on second node should be accessible from Leader

jfranco · August 9, 2025, 1:47pm

Hi folks,

As far as I understood, if I have multiple nodes, and I want to run a application on a second node, it should be accessible from the outside passing through nginx on the leader and using the VPN to access the resources of the application on node2. Am I wrong?
I’m only getting a 404 page not found.

frx44 · August 9, 2025, 4:36pm

That’s not working.
I’ve reverse-addressed all the other nodes directly.

It’s good that opensense does this with caddy. This way, the nodes can get their own certificate.

transocean · August 9, 2025, 6:44pm

Hi @jfranco

Are you really using Nginx in front of the NS8 cluster, even though NS8 already has Traefik on board? You can do that, but it increases the configuration effort unnecessarily. I have two NS8s running in a cluster here. The first one only runs Samba AD, and the second one runs applications such as Nextcloud, Onlyoffice, and so on. If I want to make applications accessible from outside, I always forward the required port to the IP of the second NS 8.

Regards…

Uwe

jfranco · August 9, 2025, 7:16pm

Hi @transocean ,
That’s what I meant!
I’m not using anything extra, but in Settings I see that the routing was created pointing to the application on the second node.

The setup that you mentioned is what I’m trying to accomplish, but as @frx44 pointed out, it didn’t work.

Thanks,

transocean · August 9, 2025, 7:29pm

Here is my configuration using Immich from @mrmarkuz as an example.
It works without problems.

jfranco · August 9, 2025, 7:47pm

Right,
Exactly as mine, I even tried installing other applications besides SOGo, but none worked.
And the letsencrypt certificate works for all of them.

My setup is using debian on both nodes with all the latest updates.

Thanks,

mrmarkuz · August 9, 2025, 8:05pm

You could setup a traefik http route on the leader, pointing to the worker node:

jfranco · August 9, 2025, 8:18pm

Hi @mrmarkuz ,
I had already checked that post.
When I go to settings I see that it’s already set automatic, so I thought I didn’t had to do it.
When I tried as per your example, since I have to use the exact name os the app, it tells me it’s already being used.

It doesn’t allow me to delete.

Thanks,

mrmarkuz · August 9, 2025, 8:37pm

Here is an example where node 1 is the leader and node 3 is the worker:

Usually you don’t need to delete anything.

The route is added to the leader node 1. On the worker node 3 a route already exists pointing to localhost.

You can use any name, the “Route” or FQDN needs to be set correctly.

oneitonitram · August 10, 2025, 6:56am

do we have a wiki entry of how to use leader node as a gateway to access applications on private worker nodes

LayLow · August 10, 2025, 8:42am

Good call, the wiki has the capabilities to draw anything you like based on Diagrams.net

oneitonitram · August 10, 2025, 8:44am

the wiki really has been receiving alot of love lately from you