Hi everybody.

How should I setup reverse proxy for my services? I’ve got things like jellyfin, immich a bitwarden running on my Debian server in docker. So should i install something like nginx for each of these also in docker? Or should I install it from repository and make configs for each of these docker services?

Btw I have no idea how to use something like nginx or caddy but i would still like to learn.

Also can you use nginx for multiple services on the same port like(443)?

  • monogram@feddit.nlEnglish
    361·
    1 day ago

    Caddy

    It’s three lines of configuration

    jellyfin.example.com {
  reverse_proxy http://localhost:8083/
}

    Automatic https with let’sencrypt, simplicity of a single binary, downgrade is as simple as replace binary & restart service.

      • HelloRoot@lemy.lolEnglish
        10·
        1 day ago

        1. you rent a domain

        2. in the config (provided by the service where you rented the domain) you set it to point to the IP of the device where you run caddy

        3. the service tells the relevant global DNS servers your setting

        4. your DNS does a DNS lookup and a DNS server returns the IP you configured it to point to

        Depending on the DNS you use, you can manually add entries to do 1-3 differently, but that will only work for devices that use your DNS and is hard.

        • beeng@discuss.tchncs.deEnglish
          2·
          1 day ago

          Is this a local address or a public IP address?

          I just want the resolving internal to my network but I never got it working right.

          • Scrath@lemmy.dbzer0.comEnglish
            5·
            1 day ago

            I’m not the guy you replied to but personally I use a setup called split-horizon DNS.

            1. I have a DNS server running on a raspberry pi which I have set up as the DNS server for all devices in my local network (by setting it in the router).
            2. This DNS server has my domain name as an A record pointing to my reverse-proxy (Nginx Proxy Manager), e.g. example.com would resolve to 192.168.0.100.
            3. Any subdomain I want to use is set up as a CNAME record in my DNS server referring to the previously configured A record with my domain. (jellyfin.example.com => example.com)
            4. Now all requests to the registered domain and subdomain are routed to my reverse-proxy which I configured to forward them to the correct service depending on the given subdomain.

            This is a little bit of a simplification. I also use a cloudflare tunnel to allow access to select subdomains and I have 2 reverse-proxies chained together since NPM can resolve services by their container name as long as they are in the same docker network.

            Also probably important: My DNS server was a pi-hole (until today at least) and did not act as my DHCP server. This meant it had no idea of local device hostnames and therefore was configured to forward queries to local device names to my routers built-in DNS server.

            The domain I use for my services is one I rent from a registrar so that I can get valid SSL certificates without self-signing them. If you are fine with self-signed certificates or simple http you probably don’t need to do that.

            • DevotedOtter@lemm.eeEnglish
              2·
              23 hours ago

              I’m looking to do something like this. I’m uneasy about having the registered domain pointing towards my IP address (partially because I’m unsure of the exact risks and partially because I’d rather do it internally if possible).

              You said you were using pihole. What did you change to and why did you change? Pihole seems the most recommended from what I’ve seen?

              • Scrath@lemmy.dbzer0.comEnglish
                1·
                12 hours ago

                You are lucky I haven’t deleted my pi-hole VM yet ;D

                In the Pi-Hole DNS settings I have the following configuration:

                • Upstream DNS Servers => Quad9 (filtered, DNSSEC) both checkboxes for IPv4 checked
                • Under Custom DNS servers I added a line with my routers IP
                • Under Interface settings => Permit all origins. Note the warning written regarding this setting and check whether it applies for your setup!
                • Under Advanced DNS settings I have enabled “Never forward non-FQDN A and AAAA queries” and “Never forward reverse lookups for private IP ranges”. Since according to the warning this would block local hostname resolution note the next setting.
                • Under conditional forwarding I have added this line true,192.168.1.0/24,192.168.1.1,fritz.box. fritz.box was my local DHCP domain name but has since been changed to lan.

                The other settings in Pi-Hole were under the Local DNS Records menu where I added my domain name (let’s call it example.com) to the list of local DNS records and pointed it at the IP of the server running my reverse-proxy. Finally I added each subdomain I wanted to use to the List of local CNAME records and pointed it at the domain I just entered to the other list.

                I can’t perfectly tell you what my router settings were unfortunately since I have recently moved and replaced my fritzbox with a mikrotik router. The main thing you have to do though is to go to the DHCP server settings of your router and set the pi-holes IP address as the DNS server. Note that in the case of the pi-hole being offline for any reason you will be unable to resolve any domains while in this network

                It might be possible to do some sort of failover setup by running a second pi-hole with identical settings but I did not want my network connectivity depending on any device other than my router being on. Hence my move back to using my mikrotiks built-in DNS server which fortunately also supports adding lists for DNS adblocking.

                • DevotedOtter@lemm.eeEnglish
                  1·
                  4 hours ago

                  Awesome, thanks for the reply. I can understand not wanting to be stuck without DNS if your pihole goes down.

                  I’m hoping to use just pihole for internal only resolution, so some sort of split DNS, but it may be outside of my capabilities at the moment

                • Eldaroth@lemmy.worldEnglish
                  1·
                  5 hours ago

                  If your router allows it you can set your gateway IP from the router (i.e. 192.168.1.1) as the second DNS address in the DHCP settings. So your routers DNS settings would then act as fail over in case your pi-hole is down. That’s at least how I have done it on my ISP router.

                  • Scrath@lemmy.dbzer0.comEnglish
                    1·
                    4 hours ago

                    I don’t think that’s how it works with my router. I read a bit about DNS failover and the consensus seemed to be that all DNS servers listed should return equal results since requests are spread round-robin between them (at least for mikrotik routers).

          • themadcodger@kbin.earth
            3·
            1 day ago

            I’ve got the external IP addresses down pat. I’m with you in that I’ve never quite figured out how to do the same with local IP addresses.

          • PlexSheep@infosec.pubEnglish
            1·
            1 day ago

            If you want DNS only in your LAN, you need to self host a DNS server and register this domain locally (by putting it in some config file of yours)