this post was submitted on 12 Jul 2023
109 points (97.4% liked)

Selfhosted

40113 readers
784 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

So, I have some idea on what a reverse proxy does and will be using nginx (with the neat proxy manager UI) for my setup.

However, I'm not completely clear what exactly I want it to do and how I cn use it to run different services on one machine. I'm especially unclear on the ports configuration .... tutorials will say things like "change the listening port to xxx for that service and to port yyy for the other service"

How does this work, which ports can I use and how do I need to configure the respective services?

EDIT: thanks everybody, your replies did help me a lot! I have my basic setup now up and running using portainer + nginx + fail2ban.

you are viewing a single comment's thread
view the rest of the comments
[–] orangeboats@lemmy.world 10 points 1 year ago* (last edited 1 year ago)

IPv4 version: Think of your public IP:Port as the office building, your internal IP:Port as the floor number, and reverse proxy as the reception on that floor.

(Your public IP:Port is routed to your internal IP:Port by the NAT on your router. The router knows which public port relates to which internal IP:Port due to the port forwarding rules you setup.)

IPv6 version: Think of your public IP:Port as the office, and the reverse proxy as the reception.

The following will be common to both IP protocols.

The port is usually 80 or 443, because reverse proxy is used for HTTP(S) connections, and by default those connections use the aforementioned ports.

When someone connects to your IP:Port, they ask the reverse proxy "hey, can you bring me to Mr. https://my-awesome-plex.xyz ?" and the reverse proxy will act as a middleman between that someone and the actual server that is serving that domain name.

The reverse proxy, as a middleman, forwards your requests to the server, and the server's response is forwarded back to you by the reverse proxy too.

And just to make things complete... Why do we use reverse proxies?

  1. To hide the identity of the actual server. This is easy to understand - you are only ever talking to the proxy, never the actual server. It's just that your messages are continually forwarded to the actual server.

  2. To save IP addresses. (One public address can serve multiple websites, if the actual servers are given only private IP addresses.)

  3. To load balance. The reverse proxy can direct one to another server if the first server is overloaded. This requires a website to be served by more than one server though, and selfhosters like us never really need it.

  4. To prevent attacks. If the reverse proxy realises that someone has been making too many connections to https://my-awesome-nas.com, the reverse proxy can reject subsequent connections. This is how Cloudflare works.

  5. Caching. If the middleman remembers that the server responded "what is the answer to everything" with "42", then the next time someone asks the same question again, the middleman will simply reply with the same response. This takes off the workload on the server.