I’m doing the same with Apache in a container. Using Let’s Encrypt with DNS challenge for SSL certificate. The DNS records point to the reverse proxy IP which is only accessible via VPN (Tailscale). 😂
Comment on How to reverse proxy?
v3ritas@infosec.pub 1 day ago
I prefer doing nginx on the host (vs a container), & have different configs for each service. You can have multiple services on the same port, it can be controlled via DNS instead (i.e.: access Jellyfin.domain.com & bitwarden.domain.com, both of 443).
Ive tried Caddy once or twice but couldn’t get it working, so i just stick with nginx & cert or to automatically get certificates from my internal CA
avidamoeba@lemmy.ca 22 hours ago
v3ritas@infosec.pub 21 hours ago
nginx + certbot \ acme for certs from my local Step-CA, proper DNS & I just use a WireGuard VPN on-demand for when I leave my house. As soon as I’m off my Wi-Fi I have the VPN active so I don’t need to expose anything more than 1 port for that to work =]
I might look at Tailscale, if only because I’ve seen plenty of people say that’s how they connect, so worth looking into =]
avidamoeba@lemmy.ca 21 hours ago
If you want to stay fully self-hosted, look into Headscale. You could run it locally with a port open, or you could throw it on the tiniest cloud VM somewhere and have zero ports open locally.
v3ritas@infosec.pub 21 hours ago
Thanks! I’ll take a look at that.
Octavusss@lemm.ee 1 day ago
Yeah but when I last tried nginx on my bitwarden host and another on my jellyfin host i could access the one for bitwarden on port 81 of my server but couldn’t access the other nginx web page on port 85 even though i have written it in docker compose file and the port 85 was also open on my server.
v3ritas@infosec.pub 1 day ago
It looks like jhdeval mentioned this already, but you may need to review your config file. By default, you would likely have nginx listening on ports 80 & 443 for requests to a specific address (i.e.: jellyfin.domain.com) which would be configured in your DNS, & then nginx would direct the jellfin 443 traffic to port 85 to access Jellyfin. Same principle for Bitwarden. If you have your nginx config files, i \ we could take a look & see if we spot any issues.
Octavusss@lemm.ee 1 day ago
I’m currently cannot post it here and also since it didn’t work the first time I’m using only http for jellyfin and immich but i can later post the docker config for bitwarden.