Hi everybody.

How should I setup reverse proxy for my services? I’ve got things like jellyfin, immich a bitwarden running on my Debian server in docker. So should i install something like nginx for each of these also in docker? Or should I install it from repository and make configs for each of these docker services?

Btw I have no idea how to use something like nginx or caddy but i would still like to learn.

Also can you use nginx for multiple services on the same port like(443)?

  • Octavusss@lemm.eeOPEnglish
    0·
    3 days ago

    Well I already got static IP from my ISP and configured Wireguard on my directly on my router so I think I’m good.

    • ippocratis@lemmy.mlEnglish
      0·
      3 days ago

      The funnel exposes your local services to the public over https . Like what you want to accomplish with reverse proxy . Its just more straightforward for a beginner.

      Personally I closed my router ports and switched to tailscalr funnels after using caddy with mutual TLS for years.

      • WhyJiffie@sh.itjust.worksEnglish
        0·
        3 days ago

        The funnel exposes your local services to the public over https . Like what you want to accomplish with reverse proxy .

        they did not say they want it public, and that’s an additional security burden they may not need

        • ippocratis@lemmy.mlEnglish
          0·
          2 days ago

          He he didnt but thats what he meant

          I mean 99% of users use reverse proxy for https public access

          Also read the threat replies …

          That’s what this thread is about

          No?

          • WhyJiffie@sh.itjust.worksEnglish
            0·
            2 days ago

            if that’s true, I assume it is because they don’t know about the security consequences, nor about more secure ways. and for 99% that is the worst solution, because they won’t tighten security with a read only filesystem, DMZ and whatnot, worse, they won’t be patching their systems on schedule, but maybe in a year.

            99% users should not expose any public services other than wireguard or something based on it. on a VPS the risk my be lower, but on a home network, hell no!

            • ippocratis@lemmy.mlEnglish
              0·
              2 days ago

              Ok I’m not any networking expert but I think you are overestimating the risk here.

              Opening a port doesn’t mean you are opening your whole home network just the specific services you want. And those not directly but with a web server in front of them . Web servers talked in this tgread that sit in front of open ports are well audited . I think that measures like mtls a generic web server hardening are more than ok to not ever be compromised.

              But yeah I’m surely interested to listen if you could elaborate.

              Thanks

      • CapitalNumbers@lemm.eeEnglish
        0·
        3 days ago

        maybe silly question but does tailscale tunnel operate in a similar fashion to a cloud flare tunnel? as in you can remotely access your internal service over https?