Hi all, I’m rather new to the whole selfhosting stuff and only have limited experience (ran everything on my Raspberry). Now I’ve finally a real server I can use and I’m currently planning what I want to host.

There will be multiple service which have an web interface, like portainer, wireguard, nhost and so on and then there will be my personal developer portfolio website. Everything dockerized.

Say I have the domain “domain.com” which should point at my website. The other services either run on different ports, say domain.com:1234 or with different paths like domain.com/service. Both isn’t great. I could either use a reverse proxy which redirects to subdomains or use virtualhosts. Both should work imo (any thoughts on what to use?). Now that every ports other than 80, 443 and 22 are closed things should be somewhat safe. Anyways, I’m a bit concerned about having tens of webservers for each service, how can I be sure that all of them are safe and up to date?

That leads to my question: could I use a single webserver for all the service webinterfaces? And if so, how would I configure that?

Thanks!

  • eddyizm@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Dealing with this on a couple of servers at the moment. I find the hardest part is actually the ssl. Let me know if you need help. I’ve used apache in the past bit using nginx this time around.

    • Annual-Advisor-7916@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Thanks! What exactly do you mean with SSL is the hardest part?

      I’m going to use NGINX for my website since I used it a few times and I don’t need any of Apaches features.

  • dazchad@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m not sure I understand the multiple web servers issue. If you forward your wan port to a web server in your network, only that one web server will be exposed. Unless you are mistakenly forwarding the other ports (eg 1234) as well?

    In any case the way to go is reverse proxy. Mine have both subdomains and subpath, and they work perfectly together

    • Annual-Advisor-7916@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That is a great solution, thank you! Not exactly what I wanted but since eveything is secured behind a login interface, no webservers should be exposed, that sounds great.

  • SensualHobo@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Another +1 for reverse proxy to do this. Caddy is a good option. I am a fan of Nginx Proxy Manager myself. I have a domain name and in the DNS servers I redirect to the local IP of my host server. This way my website or subdomains can only be accessed if someone is connected to my home network.

    After you do this, you need to know the port you exposed the web server on (e.g: 127.0.0.1:9090 ), then go into your proxy manager and make a rule where 'mydomain.com/service points to this. However, I prefer to use sub-domains like ‘service.mydomain.com’. The only downside of a reverse proxy is that setting up services that use CORS can be quite fiddly to set up.

    edit: I ported my domain to Cloudflare dns servers since it’s easy to create an SSL wildcard certificate to force https on my sites. No ports are exposed outside of the local network so it’s relatively safe.