this post was submitted on 05 May 2024
47 points (91.2% liked)

Selfhosted

40428 readers
527 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
47
Reverse proxy (lemdro.id)
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/selfhosted
 

I have an openwrt router at home which also acts as my home server. It's running a bunch of services using docker (Jellyfin, Nextcloud, etc.)

I have set up an SSH tunnel between my openwrt router and VPS and can access jellyfin successfully.

I understand that I need to set up a reverse proxy to access multiple services and have https.

But I'm confused if I should set up this reverse proxy on the VPS or on the router itself. Is nginx the easiest option? Should i add subdomains in cloudflare for every service?

Pease don't recommend vpns since they are all blocked where i live (wireguard, tailscale openVPN, etc.) I'm limited to using ssh tunneling only.

Thanks

you are viewing a single comment's thread
view the rest of the comments
[–] pyrosis 2 points 6 months ago

Usually a reverse proxy runs behind the firewall/router. The idea you are pointing 80/443 at the proxy with port forwarding once traffic hits your router.

So if someone goes to service.domain.com

You would have dynamic DNS telling domain.com the router is the IP.

You would tell domain.com that service.domain.com exists as a cname or a record. You could also say *.domain.com is a cname. That would point any hosttname to your router.

From here in the proxy you would say service.domain.com points to your services IP and port. Usually that is would be on the lan but in your case it would be through a tunnel.

It is possible and probably more resource efficient to just put the proxy on the VPS and point your public domain traffic directly at the VPS IP.

So you could say on the domain service.domain.com points to the VPS IP as an a record. Service2.domain.com points to the VPS IP as another a record.

You would allow 80/443 on the VPS and create entries for the services

Those would look like the service.domain.com pointing to localhost:port

In your particular case I would just run the proxy on the public VPS the services are already on.

Don't forget you can enable https certificates when you have them running. You can secure the management interface on its own service3.domain.com with the proxy if you need to.

And op consider some blocklists for your vps firewall like spamhaus. It wouldn't hurt to setup fail2ban either.