irmadlad@lemmy.world 1 day ago
I’m not sure what order to do those steps in: DNS servers, buying a domain, getting certs, configuring reverse proxy.
You have a lot of avenues and approaches available to you. Caddy has been a mainstay for some users. Setting up Caddy with letsencrypt is fairly straight forward. Traefik, Pangolin, Nginx, HAproxy are good candidates. Pangolin being a self-hosted tunneled reverse proxy. You could also go with the Cloudflare Tunnel/Zero Trust route. You will have to have a domain name that you can change the nameservers on to the ones Cloudflare assigns you. Most people get a cheapo domain name from NameServers or Pork Bun. From there, you install Cloudflare Tunnel/Zero Trust on your server, and connect to your Cloudflare account. The beauty of Cloudflare Tunnel/Zero Trust is that you don’t have to fiddle with opening ports and such, other than port 22 to admin the server. Cloudflare takes care of all of that.
I’m not sure what OS to put on it.
I run Ubuntu Jammy server, but there are other options. Is it imperative you have a GUI? I realize that the CLI can be daunting, but it is quite effective. I guess you could have a desktop OS to serve up services tho I’ve never done that. I’ve always just used the minimal server install of Ubuntu, then add whatever I needed later. As far as an OS recommendation, I’m a fan of Ubuntu. Mainly because that’s what I started with so I know how to drive that bus fairly well.
I think the tunnel method you’re suggesting is different than what I’m after, and a lot of the “complexity” in learning this stuff is coming from all the different methods we have available to achieve similar results. I ought to be able to just expose 443 once I’m fully up and running, and it will route to the various services through the reverse proxy and subdomains. My “zero trust” separation for security ought to be my VLANs. So if I’m not going exactly that route, where would my DNS servers come from, and why would I need something other than what’s there by default?
I know the CLI is effective. My daily driver has been Kubuntu since 2017, and I dabbled with Ubuntu for a decade before that. But I’m so much slower on the command line, because I have to think so much harder about each command, and the outputs are often unintuitive to read and parse out what I’m looking for.
Security in depth for me. I tend to be a little heavy on security: lemmy.world/post/43533409
I feel that, and it’s understandable. I seriously doubt that even Linus Torvalds knows every command and sequence off the top of his head. However, it would seem to me that at some point, the GUI will not have the options you need to deploy xyz app, and you’re going to have to use the cli. I keep a ‘note pad’ on my dashboard full of commands because my brain is shit and this helps me as much as it may seem rudimentary. LOL The list goes on for quite a ways past what is visible in the screen shot.
Image
In that vein I always encourage users to take prolific notes. You’ll never remember everything you did 6 months from now. So, write down everything during the deployment, then distill the notes into what actually worked, and include them in your 3,2,1 back up scheme.
My 2p. Best of luck. Do share your journey.