Yeah but when I last tried nginx on my bitwarden host and another on my jellyfin host i could access the one for bitwarden on port 81 of my server but couldn’t access the other nginx web page on port 85 even though i have written it in docker compose file and the port 85 was also open on my server.
Comment on How to reverse proxy?
v3ritas@infosec.pub 10 months ago
I prefer doing nginx on the host (vs a container), & have different configs for each service. You can have multiple services on the same port, it can be controlled via DNS instead (i.e.: access Jellyfin.domain.com & bitwarden.domain.com, both of 443).
Ive tried Caddy once or twice but couldn’t get it working, so i just stick with nginx & cert or to automatically get certificates from my internal CA
Octavusss@lemm.ee 10 months ago
v3ritas@infosec.pub 10 months ago
It looks like jhdeval mentioned this already, but you may need to review your config file. By default, you would likely have nginx listening on ports 80 & 443 for requests to a specific address (i.e.: jellyfin.domain.com) which would be configured in your DNS, & then nginx would direct the jellfin 443 traffic to port 85 to access Jellyfin. Same principle for Bitwarden. If you have your nginx config files, i \ we could take a look & see if we spot any issues.
Octavusss@lemm.ee 10 months ago
I’m currently cannot post it here and also since it didn’t work the first time I’m using only http for jellyfin and immich but i can later post the docker config for bitwarden.
avidamoeba@lemmy.ca 10 months ago
I’m doing the same with Apache in a container. Using Let’s Encrypt with DNS challenge for SSL certificate. The DNS records point to the reverse proxy IP which is only accessible via VPN (Tailscale). 😂
v3ritas@infosec.pub 10 months ago
nginx + certbot \ acme for certs from my local Step-CA, proper DNS & I just use a WireGuard VPN on-demand for when I leave my house. As soon as I’m off my Wi-Fi I have the VPN active so I don’t need to expose anything more than 1 port for that to work =]
I might look at Tailscale, if only because I’ve seen plenty of people say that’s how they connect, so worth looking into =]
avidamoeba@lemmy.ca 10 months ago
If you want to stay fully self-hosted, look into Headscale. You could run it locally with a port open, or you could throw it on the tiniest cloud VM somewhere and have zero ports open locally.
v3ritas@infosec.pub 10 months ago
Thanks! I’ll take a look at that.