this post was submitted on 19 May 2025
91 points (94.2% liked)

Selfhosted

46676 readers
539 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
91
How to reverse proxy? (lemm.ee)
submitted 4 days ago by Octavusss@lemm.ee to c/selfhosted@lemmy.world
76 comments fedilink hide all child comments
 

Hi everybody.

How should I setup reverse proxy for my services? I've got things like jellyfin, immich a bitwarden running on my Debian server in docker. So should i install something like nginx for each of these also in docker? Or should I install it from repository and make configs for each of these docker services?

Btw I have no idea how to use something like nginx or caddy but i would still like to learn.

Also can you use nginx for multiple services on the same port like(443)?

top 50 comments
sorted by: hot top controversial new old
[–] Zwrt@lemmy.sdf.org 3 points 2 days ago (1 children)

I know this is beyond the scope of your question but you are at a very similar place like i was over a year ago.

For the reverse proxy you want ingnx manager and it will handle all of your reverse proxies just fine.

But what i really want to recommend is to change up that debian into proxmox,

Proxmox is a debian based efficient server OS. Basically every service you run now can Easily be run as its own isolated container with very little overhang.

Best of all there is a community for Helper script that will install entire services including Nginx but even nextcloud from a single command.

https://community-scripts.github.io/ProxmoxVE/scripts?id=nginxproxymanager

[–] Octavusss@lemm.ee 2 points 2 days ago

Thx I appreciate the input. I have already a lot of things set up on the server and switching now would be painful and time consuming. I also use docker in conjunction with kvm-qemu and had I known about proxmox a month ago I would not have construct it at such but alas. I will however in the future get another hardware which I will use as a home server and I will definitely give proxmox a shot.

Unrealted but Alpine Linux is based af!

[–] dieTasse@feddit.org 2 points 2 days ago

This video: https://www.youtube.com/watch?v=qlcVx-k-02E or this video: https://www.youtube.com/watch?v=jx6T6lqX-QM That is all you need to know to successfully set it up. They are really good. Good luck! 😊

[–] monogram@feddit.nl 43 points 4 days ago (3 children)

Caddy

It’s three lines of configuration

jellyfin.example.com {
  reverse_proxy http://localhost:8083/
}

Automatic https with let’sencrypt, simplicity of a single binary, downgrade is as simple as replace binary & restart service.

[–] MajesticElevator@lemmy.zip 22 points 4 days ago (1 children)

Fucking hell why do I use Apache 😂

[–] DontNoodles@discuss.tchncs.de 6 points 3 days ago

Because you love the pain that comes with pulling your own hair out, one fistful at a time.

[–] beeng@discuss.tchncs.de 4 points 4 days ago (2 children)

How does my DNS know where to look for this?

[–] WhyJiffie@sh.itjust.works 3 points 3 days ago

if you don't want to rent a domain, but you run a local DNS server (pihole, technitium) for filtering or other reasons, you can register your own domain names in there, for free. but don't use common TLDs to avoid conflicts, and leave ".local" alone too because that's used by mdns/avahi. You may use .home, .lan, or a few others I don't know without looking them up

[–] HelloRoot@lemy.lol 10 points 4 days ago* (last edited 4 days ago) (11 children)

  1. you rent a domain

  2. in the config (provided by the service where you rented the domain) you set it to point to the IP of the device where you run caddy

  3. the service tells the relevant global DNS servers your setting

  4. your DNS does a DNS lookup and a DNS server returns the IP you configured it to point to

Depending on the DNS you use, you can manually add entries to do 1-3 differently, but that will only work for devices that use your DNS and is hard.

load more comments (11 replies)
load more comments (1 replies)
[–] DieserTypMatthias@lemmy.ml 6 points 3 days ago* (last edited 3 days ago) (1 children)

There's Nginx proxy manager if you want to set it up. But I'd rather go with Tailscale instead.

[–] WhyJiffie@sh.itjust.works 5 points 3 days ago (1 children)

tailscale is not the same as nginx or any reverse proxy, though. I don't expose anything publicly, but I still wouldn't stop using a reverse proxy

[–] DieserTypMatthias@lemmy.ml 1 points 3 days ago

Ok, fair enough.

[–] Bishma@discuss.tchncs.de 15 points 4 days ago* (last edited 4 days ago) (2 children)

I use Nginx Proxy Manager running as a docker container. Its a gui that makes administration more straight forward. It points at all my services (docker and otherwise) and handles the SSL for me. Because I don't want to have any ports open I use DNS challenge ACME and NPM has built in support for a number APIs from large public DNS providers to automate that.

[–] CapitalNumbers@lemm.ee 1 points 3 days ago (1 children)

i have nginx proxy manager set up all as well, but haven’t worked out the SSL part yet, so all my internal docker services are still on http

out of interest, how did you set up https with npm?

[–] Bishma@discuss.tchncs.de 1 points 3 days ago* (last edited 3 days ago) (1 children)

First set up your certificate in the SSL tab of NPM. You can either upload a traditional certificate or set up LetsEncrypt. Be aware that starting next spring the maximum length of a certificate will drop to 9 months and continue to decrease over the next few years until its 47 days.

I have mine set up so LetsEncrypt gets a wildcard cert for my domain (via DNS challenge). Some people go with per subdomain certs.

Once you have the cert, go you each of your hosts and switch to its SSL tab. Then select your cert. Then I usually turn on "Force SSL"

[–] CapitalNumbers@lemm.ee 2 points 2 days ago (1 children)

does a wild card cert essentially mean i have use one cert which will cover all my subdomains as well as the primary domain?

[–] philpo@feddit.org 3 points 4 days ago

This plus technitium DNS is exactly my approach.

[–] v3ritas@infosec.pub 10 points 4 days ago (5 children)

I prefer doing nginx on the host (vs a container), & have different configs for each service. You can have multiple services on the same port, it can be controlled via DNS instead (i.e.: access Jellyfin.domain.com & bitwarden.domain.com, both of 443).

Ive tried Caddy once or twice but couldn’t get it working, so i just stick with nginx & cert or to automatically get certificates from my internal CA

[–] Octavusss@lemm.ee 4 points 4 days ago (1 children)

Yeah but when I last tried nginx on my bitwarden host and another on my jellyfin host i could access the one for bitwarden on port 81 of my server but couldn't access the other nginx web page on port 85 even though i have written it in docker compose file and the port 85 was also open on my server.

[–] v3ritas@infosec.pub 5 points 4 days ago (1 children)

It looks like jhdeval mentioned this already, but you may need to review your config file. By default, you would likely have nginx listening on ports 80 & 443 for requests to a specific address (i.e.: jellyfin.domain.com) which would be configured in your DNS, & then nginx would direct the jellfin 443 traffic to port 85 to access Jellyfin. Same principle for Bitwarden. If you have your nginx config files, i \ we could take a look & see if we spot any issues.

load more comments (1 replies)
load more comments (4 replies)
[–] matzler@lemmy.ml 5 points 4 days ago (2 children)

Did traefik become uncool? I only read about caddy/nginx/ha here.

[–] WhyJiffie@sh.itjust.works 2 points 3 days ago

my last experience with it was a half empty documentation, and a config structure that signaled to me that they dropped a lot of features for v2 release that they initially wanted to have, which has additionally made understanding their config structure harder. and that hasn't improved for years.

[–] Pastime0293@discuss.tchncs.de 1 points 3 days ago

I think it's still one of the best solutions.

[–] Agosagror@lemmy.dbzer0.com 5 points 4 days ago

Since your a beginner, youll find nginx proxy manager easiest, it has a nice ui, and at this stage you are probably less intrested in the 10/10 fastest lighweight setup and more intrested in getting stuff working.

[–] ohshit604@sh.itjust.works 4 points 4 days ago

Reverse proxying was tricky for me, I started with Nginx Proxy Manager and it started out fine, was able to reverse proxy my services in the staging phase however, once I tried to get production SSL/TLS certificates it kept running into errors (this was a while ago I can’t remember exactly) so that pushed me to SWAG and swag worked great! Reverse proxying was straight forward, SSL/TLS certificates worked well however, overall it felt slow, so now I’m using Traefik and so far have no complaints.

It’s honestly whatever works for you and what you prefer having.

[–] Zozano@aussie.zone 5 points 4 days ago* (last edited 4 days ago)

IMO, look into the linuxserver.io fork of NGINX, called SWAG.

It comes preloaded with a bunch of fantastic addons for security.

Quite easy to get set up, if you've got an idea about how it works.

[–] irmadlad@lemmy.world 4 points 4 days ago

I recommend Caddy. It's very easy to deploy, and configuring it is a snap. This tutorial helped me out a bunch. There is a Docker version of Caddy, tho I have never used it. I figured, Caddy would do better installed on bare metal. I use Caddy in conjunction with Duckdns.org. Caddy also takes care of renewing your certs when it's time.

[–] iAmTheTot@sh.itjust.works 4 points 4 days ago

Nginx Proxy Manager was easy to learn as a beginner. I'd recommend it as a learning tool, if nothing else, and if you want to switch to other solutions later you can.

[–] EncryptKeeper@lemmy.world 3 points 4 days ago (1 children)

What is your goal, simplest to configure? industry standard? Secure options set by default? Do you need a gui or are you fine with config files?

[–] Octavusss@lemm.ee 4 points 4 days ago (1 children)

Something secure and easy to understand and setup for beginner. The easier the better. I don't mind writing config files if I can understand it.

[–] EncryptKeeper@lemmy.world 2 points 3 days ago* (last edited 3 days ago)

Nginx Proxy Manager is probably your best bet at this stage. It’s a simple to use GUI with QOL features like automatic certificate acquisition built on top of the industry standard Nginx. It should do everything you need it to do and it’s hands down the easiest to get started with.

When you reach the point that you’re trying to do something outside the scope of Nginx Proxy Manager’s gui, that would be a good time to get into another solution that’s config file based. My weapon of choice here is Caddy. I LOVE how simple and minimal the configuration is and it does a lot of things by default that other solutions don’t.

Plain Nginx is a solid tool but working with it directly will be the least straightforward and beginner friendly of all the solutions. Only reason I’d recommend straight Nginx is if you want experience with it for work.

Traefik, don’t bother with until you have an actual reason to use it over other solutions (Like you’re getting into clustering or kubernetes or anything else that requires dynamic configuration instead of static.)

load more comments
view more: next ›