Comment on issues setting up nginx as an https proxy

<- View Parent
darkan15@lemmy.world ⁨1⁩ ⁨week⁩ ago

Do yourself a favor and use the default ports for HTTP(80), HTTPS(443) or DNS(53)

That way, you can do URLs like app1.home.internal and app2.home.internal without having to add ports on anything outside the reverse proxy.

You could run only one DNS on the laptop connected to Router A (External, connected to internet), and point the domain to Router B (Internal, Connected to Router A, has a WAN IP of 192.168.0.y and Internal IP of 10.0.0.1), redirect for example the domain home.internal or home.lan (recommend better home.internal as it is the intended one to use by convention), to the 192.168.0.y IP, and it will redirect all devices to the server by port forwarding.

If Router B has Port Forwarding of Ports 80 and 443 to the Server 10.0.0.114 all the request are going to reach, no matter the LAN they are from. The devices connected to router A will reach the server thanks to port forwarding, and the devices on Router B can reach anything connected to Router A Network 192.168.0.*, they will make an extra hop but still reach.

Both routers would have to point the primary DNS to the Laptop IP 192.168.0.x (should be a static IP), and secondary to either Cloudflare 1.1.1.1 or Google 8.8.8.8.

That setup would be dependent on having the laptop or another device always turned ON and connected to Router A network to have that DNS working, you could run a second DNS on the server for only the 10.0.0.* LAN, but that would not be reachable from Router A or the Laptop, or any device on that outer LAN, only for devices directly connected to Router B, and the only change would be to change the primary DNS on Router B to the Server IP 10.0.0.114 to use that secondary DNS.

Lots of information, be sure to read slowly and separate steps to handle them one by one, but this should be the final setup, considering the information you have given.

You should be able to setup the certificates and the reverse proxy using subdomains without much trouble, only using IP:PORT on the reverse proxy.

source
Sort:hotnewtop