Hi all, I’m rather new to the whole selfhosting stuff and only have limited experience (ran everything on my Raspberry). Now I’ve finally a real server I can use and I’m currently planning what I want to host.
There will be multiple service which have an web interface, like portainer, wireguard, nhost and so on and then there will be my personal developer portfolio website. Everything dockerized.
Say I have the domain “domain.com” which should point at my website. The other services either run on different ports, say domain.com:1234 or with different paths like domain.com/service. Both isn’t great. I could either use a reverse proxy which redirects to subdomains or use virtualhosts. Both should work imo (any thoughts on what to use?). Now that every ports other than 80, 443 and 22 are closed things should be somewhat safe. Anyways, I’m a bit concerned about having tens of webservers for each service, how can I be sure that all of them are safe and up to date?
That leads to my question: could I use a single webserver for all the service webinterfaces? And if so, how would I configure that?
Thanks!
Dealing with this on a couple of servers at the moment. I find the hardest part is actually the ssl. Let me know if you need help. I’ve used apache in the past bit using nginx this time around.
Thanks! What exactly do you mean with SSL is the hardest part?
I’m going to use NGINX for my website since I used it a few times and I don’t need any of Apaches features.
I’m not sure I understand the multiple web servers issue. If you forward your wan port to a web server in your network, only that one web server will be exposed. Unless you are mistakenly forwarding the other ports (eg 1234) as well?
In any case the way to go is reverse proxy. Mine have both subdomains and subpath, and they work perfectly together
Another +1 for reverse proxy to do this. Caddy is a good option. I am a fan of Nginx Proxy Manager myself. I have a domain name and in the DNS servers I redirect to the local IP of my host server. This way my website or subdomains can only be accessed if someone is connected to my home network.
After you do this, you need to know the port you exposed the web server on (e.g: 127.0.0.1:9090 ), then go into your proxy manager and make a rule where 'mydomain.com/service’ points to this. However, I prefer to use sub-domains like ‘service.mydomain.com’. The only downside of a reverse proxy is that setting up services that use CORS can be quite fiddly to set up.
edit: I ported my domain to Cloudflare dns servers since it’s easy to create an SSL wildcard certificate to force https on my sites. No ports are exposed outside of the local network so it’s relatively safe.