Hi everybody.
How should I setup reverse proxy for my services? I’ve got things like jellyfin, immich a bitwarden running on my Debian server in docker. So should i install something like nginx for each of these also in docker? Or should I install it from repository and make configs for each of these docker services?
Btw I have no idea how to use something like nginx or caddy but i would still like to learn.
Also can you use nginx for multiple services on the same port like(443)?
This video: https://www.youtube.com/watch?v=qlcVx-k-02E or this video: https://www.youtube.com/watch?v=jx6T6lqX-QM That is all you need to know to successfully set it up. They are really good. Good luck! 😊
I know this is beyond the scope of your question but you are at a very similar place like i was over a year ago.
For the reverse proxy you want ingnx manager and it will handle all of your reverse proxies just fine.
But what i really want to recommend is to change up that debian into proxmox,
Proxmox is a debian based efficient server OS. Basically every service you run now can Easily be run as its own isolated container with very little overhang.
Best of all there is a community for Helper script that will install entire services including Nginx but even nextcloud from a single command.
https://community-scripts.github.io/ProxmoxVE/scripts?id=nginxproxymanager
Caddy
It’s three lines of configuration
jellyfin.example.com { reverse_proxy http://localhost:8083/ }Automatic https with let’sencrypt, simplicity of a single binary, downgrade is as simple as replace binary & restart service.
Wow
IMO, look into the linuxserver.io fork of NGINX, called SWAG.
It comes preloaded with a bunch of fantastic addons for security.
Quite easy to get set up, if you’ve got an idea about how it works.
Reverse proxying was tricky for me, I started with Nginx Proxy Manager and it started out fine, was able to reverse proxy my services in the staging phase however, once I tried to get production SSL/TLS certificates it kept running into errors (this was a while ago I can’t remember exactly) so that pushed me to SWAG and swag worked great! Reverse proxying was straight forward, SSL/TLS certificates worked well however, overall it felt slow, so now I’m using Traefik and so far have no complaints.
It’s honestly whatever works for you and what you prefer having.
I use Nginx Proxy Manager running as a docker container. Its a gui that makes administration more straight forward. It points at all my services (docker and otherwise) and handles the SSL for me. Because I don’t want to have any ports open I use DNS challenge ACME and NPM has built in support for a number APIs from large public DNS providers to automate that.
i have nginx proxy manager set up all as well, but haven’t worked out the SSL part yet, so all my internal docker services are still on http
out of interest, how did you set up https with npm?
First set up your certificate in the SSL tab of NPM. You can either upload a traditional certificate or set up LetsEncrypt. Be aware that starting next spring the maximum length of a certificate will drop to 9 months and continue to decrease over the next few years until its 47 days.
I have mine set up so LetsEncrypt gets a wildcard cert for my domain (via DNS challenge). Some people go with per subdomain certs.
Once you have the cert, go you each of your hosts and switch to its SSL tab. Then select your cert. Then I usually turn on “Force SSL”
does a wild card cert essentially mean i have use one cert which will cover all my subdomains as well as the primary domain?
yes
