I found Nginx Proxy Manager to be the easiest to configure when I was starting out my homelab! I think the GUI played a big part in that, but it's also just pure NGINX under the hood, so when you get more comfortable with the concepts, you could easily transition to that for even lower overhead (welp, I just had a look at my docker stats, NPM is sitting at 3.2 MB of ram with ~10 proxy hosts, not sure how necessary that even is...)
Technology
Rumors, happenings, and innovations in the technology sphere. If it's technological news, it probably belongs here.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
If you're going to be jumping straight into text based config files.... Caddy's Caddyfile format is a lot easier to work with then nginx configs IMO.
Well, I've been self hosting for a few years now, haven't really had the need to jump into a text config for NGINX yet (apart from the rare custom configs some services need, but those are still done in the GUI). Caddy has it's draws, as does traefik, but I think it's easier to learn the concepts with the ease of use a GUI offers!
I mean, yeah. That is true, a GUI would be easier for someone to learn. But once you do, config files are way faster.
Honestly, I first moved to traefik (from caddy) because it let me put my proxy configuration next to the application it's for. (When I was using docker-compose files to manage this.)
Yeah, I seriously considered traefik for that convenience alone! When I inevitably outgrow this setup, traefik is the next stop, for sure.
I live mostly on the command line - I'm not afraid to edit .conf files by hand and its how I do most all things - maybe that's why I'm having trouble with this setup!! LOLZ
Please correct me if I'm wrong, but here's what I think the situation is:
- you have two different sevices that you have domains for, e.g. lemmy and bitwarden.
- you have two domains, lets call them lemmy.com and bitwarden.com .
- you have one (public?) IP address. let's call that 123.123.123.123 .
- you want to use this IP address for both domains (e.g. bitwarden.alpha.com and lemmy.beta.com)
In that case you need both domains to connect to the same computer (because that's the one with that IP address) which routes it to the correct location (either on the same computer or on a different one).
You basically have two solutions (that you already mentioned)
1. single machine
- You run both services on a single machine, listening on different ports on localhost/127.0.0.1 .
- lemmy listens on port 1234 and bitwarden on port 8080.
- You use nginx (or caddy/apache) to listen on the web ports (80, 443) and reverse proxy(!) the content.
- if the domain is lemmy.com it proxies from localhost:1234
- if the domain is bitwarden.com it proxies from localhost:8080 This is the easiest solution IMO.
2. different machines.
This is essentially the same, but instead of the services running locally, one or both run on different machines.
- you run both services on different machines
- lemmy on 10.0.0.10:1234
- bitwarden on 10.0.0.20:8080
- You use nginx again as reverse-proxy(!):
- if the domain is lemmy.com it proxies from 10.0.0.10:1234
- if the domain is bitwarden.com it proxies from 10.0.0.20:8080
- be sure to check the firewall settings of the machines, that allow it.
In both cases the IP address points to the machine running nginx.
If you can run both services on the same machine with docker, you should just use this: https://github.com/nginx-proxy/nginx-proxy
Thanks so much for the reply; others have mentioned the same, or similar, but your response spelled it out... I knew this was what I needed to do [scenerio 2] but I just didn't have experience with setting up the proxy - I'm technical enough to RTFM and will get this setup today; one thing that was kinda fudging me up was that my Bitwarden machine, where the domain currenty forwards to, runs in a docker container - so I think I'll actually forward the OTHER domain to the 'lemmy' [although its not lemmy, just using your example as the reference..] machine that's just an Ubuntu server running apache2 for serving the website - and I'll probably end up using Apache's Name Based Virtual Host Support instead of your nginx-proxy suggestion - either way, I think its accomplishing the same.
Appreciate your, and all the other, replies - this thread literally performed better than on the /r/ platform! I'm sold on LemmyNet!
Both nginx and apache are webservers and can do what you need.
Apache calls this Name-based Virtual Hosts. (see ServerName/ServerAlias)
Nginx calls this Name-based virtual servers (see server_name in the docs)
Either will listen on ports 80/443 on the IP and proxy the request depending on the hostname used. If you're not really familiar with either, I would recommend nginx. It's very popular, the documentation is good and the syntax is a lot better IMO.
I hear caddy is also a nice alternative with even simpler syntax, but I haven't used it myself.
Good luck!
I can see how you're not yet familiar with all these terms :p Both nginx and apache are http servers and work the exact same in your case.
The server (apache or nginx) listens on the IP on port 80 and 443. Depending on the hostname that is used to connect, the request is proxied to a different location. Apache calls this virtual hosts, nginx call this virtual servers
Cloudflare tunnel free is pretty good, and I use it for my on-prem (in house) services because it can work through CGNAT, though you are subject to the standard cloudflare terms of use.
On the other hand, what you're looking for is called a reverse proxy. I'd recommend Caddy or Nginx Proxy Manager for you.
I personally use Traefik, but I'm also running on a kubernetes cluster so....
The setup for my home network is:
- caddy
- tailscale
- PiHole
I have several machines running different services.
Tailscale is in each one of them with the MagicDNS setting pointing to the tail IP of the PiHole.
In the PiHole's DNS I have my different addresses pointing to the machine running caddy (for jellyfin, for PiHole itself, for each of the projects I sometimes run)
(this will be replaced by your domains pointing to your public IP where you'll be running caddy).
Now in the CaddyFile you'll have something like this
jellyfin.pe1uca.local {
reverse_proxy <service_tail_ip>:<port>
}
pihole.pe1uca.local {
reverse_proxy <service_tail_ip>:<port>
}
And the rest of your services in the same way.
Thanks for the three replies so far; BTW, Lemmy is beating out /r/eddit on this thread!!! :P
Yea, I know that I'm needing a reverse proxy - it was just how to implement one since the two sites aren't using the same host software; apache2 and nginx... so I think I should run a 3rd VM and route the traffic out to the other 2 local IPs; OR condense the two sites into one VM - which I don't really want to do...
Or, maybe I pick a [free, paid if needed] Cloudflare tunnel for the lesser used site - and only have to forward to one VM from my IP.
I guess one more solution would be switching the apache2 over to nginx - can I route to a separate local IP from nginx reverse proxies??? Will research...
Thanks for thinking this thru with me - and I'll keep checking back for other suggestions. :P Appreciated!
With Cloudflare tunnels, I found I could only authorise one top level domain (perhaps multiple is a paid feature, I'm not sure), but I found I could run a second cloudflared in docker to authorise the second.
If you're running VMs, you can probably use tunnels no problem, with Cloudflare routing to the appropriate domain.
If you're against Cloudflare, there should be no reason you can't have nginx grab all traffic then forward the request to your apache2 server based on the host name.
I'd only need Cloudflare for one of the sites/VMs; or, both if it'll handle it easily - I'll be hosting both sites on my hardware. No sites data will be on Cloudflare, I was only thinking about using a tunnel from them to take care of one, or both, the sites.
Thank you for the reply - I'm blown away that I've gotten all these suggestions on LemmyNet before one reply on /r/!
Reddit has loads of people asking and not enough answering. Lemmy has lots of new users and not enough posts to answer, so you got lucky :)
The spirit of (small) community shines here, it would seem 😀
YES; I am loving the LemmyNet; I'll be here for awhile.
I mean, if you already have nginx OR apache, you could set up a vhost with the other domain name and do a proxy_pass or similar thing to the other one?
They don't need to be the same host software, you'd just need to configure one of them to know how to route it to the other instance. It's just plain HTTP(s) after all.
Reverse proxying is a feature in both nginx and apache after all. Though I'd recommend using nginx for that.
OK ; this reply gets traction with me... YES; I can get either site up; right now the bitwarden.domain1.com is live, and the domain2.com isn't getting ports - but I could switch that around... making domain2.com active/live - then yer saying I could use apache2 vhosts to route bitwarden.domain2.com traffic to a different local IP? Thats exactly what would work easiest for me - I can figure out apache2 vhosts... only I only have experience routing to two sites on the ONE apache2 instance; if I can pass that bitwarden.domain1.com traffic to an external local IP [another proxmox VM running the bitwarden container] that would be perfect.
You could use apache2 vhosts to route bitwarden.domain2.com traffic to wherever the heck you want. Even to another server on the internet.
Think of a vhost as uh... another set of apache server configuration that ONLY applies if the incoming traffic is for that domain/hostname.
That's determined by the Host header in the request, or the TLS SNI value if you're using HTTPS.
Then in that vhost, you'd just configure it like you would any apache instance, like say, for the root location, have it do a proxy_pass, etc.
I'll give you an example of my setup.
Every server has it's own instance of Nginx Proxy Manager (not needed, but helps with using docker networking), then every service I run on docker, I just use docker networks to talk to the rproxy.
My network is designed such that all my externally available services are on one server, so I just forward 80 & 443 to that.
For every other service (not on docker), I just use 127.0.0.1 + port.
For services on other servers on my LAN, I use Internal IP + port.
Understood ; I run all my services on different Proxmox VMs/containers... this isn't usually an issue until two needed the same 80/443 ports... I suppose I could change the ports for my Bitwarden, as I'm the only user connecting [aside from a partner or 2...] and I could modify the links used to connect accordingly.
I feel like I'm missing some EASY thing; like can't my apache2 just route the bitwarden.domain1.com traffic to another local IP address...
All these replies are helping - I just gotta pick the solution and GO; just trying to find the easiest, best solution.. :P
I feel like I'm missing some EASY thing; like can't my apache2 just route the bitwarden.domain1.com traffic to another local IP address...
Yes. It can. https://httpd.apache.org/docs/2.4/vhosts/name-based.html
Thankyou for the link - I'm good at Linux stuff w/ the right info - trust me, I've tried to find this data... :P
Appreciate yer help!
It doesn't matter what the 2 sites are using for your reverse proxy in the front. All you need to do is have a simple reverse proxy up front - I use HAProxy - that routes to one or the other VM's IP address and port for its server based on the hostname coming in. That way, Site1 will receive all the traffic for Site1 as if it had been contacted directly, and Site2 will receive all of its own traffic too.
The web servers all speak the same language - they're just forwarding on HTTP(S) requests, not communicating in any special way between each other.
LOL... it'll be easy, I tell ya!
So I dove in this afternoon, thinking I had all the info I needed to easily get a setup w0rking... I changed my port forwards to the domain2.com machine - the one running apache2 on a webiste; leaving the bitwarden.domain1.com not seeing traffic. Then, I created a new virtual host file on the domain2.com machine;
cat bitwarden.domain1.com.conf
<VirtualHost *:80>
ServerName bitwarden.domain1.com
ProxyPass / http://10.0.0.155/ nocanon
ProxyPassReverse / http://10.0.0.155/
ServerAdmin [email protected]
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =bitwarden.domain1.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
And ran certbot to get https certs - certification would only be on the domain2.com machine; all proxied data would be sent over http, but I figured that was OK as its just me accessing the domain1.com service.
BUT alas, the setup didn't work; I have some suspicions... bitwarden is running inside a docker container, so... I dunno if that has something to do with how its listening, and its running nginx; what I thought was that apache2 would simply send all traffic from the bitwarden.domain1.com domain over to my local IP 10.0.0.155 machine and that machine would just pick it up simple pimple and display to the user going to that domain. Another thought - maybe its because Docker/Bitwarden HAS https in that container - ohhhh, thats a thought; however it still didn't function correctly before I ran certbot on the domain2.com setup.
UGH... more to come - I'm trying options. :/ Grrrrrr. :P
PS; posting code in Lemmy doesn't work so great, does it? I used a backtick but didn't get the results I'm accustomed to...
PS; posting code in Lemmy doesn’t work so great, does it? I used a backtick but didn’t get the results I’m accustomed to…
it might be because lemmy uses commonmark instead of regular markdown, so the formatting is slightly different from... most markdown things, i guess?
Everyone here is awesome for ALL the replies. :P Thank you!!
I decided to try a Cloudflared tunnel, but that didn't work out because I can't get the main domain1.com domain to go thru the tunnel... only 'apps', like blog.domain1.com. :P
And, I'm still ironing out how to pass nginx to another local IP on my network; I just haven't gotten it to click yet. All the info needed is right here - I promise to come back when I iron out the setup and post how I managed to do it...
I can figure out how to pass nginx [or apache2, for that matter] to another PORT on the same local IP - I think I have both domains listening on ports 80/443 - and I'll have to change that in order to route the data correctly... let alone getting out to another local IP.
Again appreciate all the info - sometimes I just have to learn a bit more since I have all the documents right here. :P
Alright, I wanted to come back now that my setup is complete... special thanks to those of you who suggested nginx-proxy-manager - its very nicely put together and really makes reverse proxies a breeze...
Long story short, I just created a brand new VM... started with the proxy manager and built on top of that. Next up was my static Hugo website; it was too easy to point change Apache2's ports.conf to 8097 instead of 80, and use nginx-proxy-manager for the SSL certs... that one was basically plug and play.
The Bitwarden bit was a bit more involved, but not too bad... at first I just redirected traffic to the original (other machine) Bitwarden VM - but no one wants an extra VM to backup and support... so I went with a fork Docker of bitwarden_rs/vaultmaster - it comes w/ e-mail setup in the container, so one less thing to worry about... I had to swap around some docker-compose.yml ports and just point nginx-proxy-manager at it... this time, tho, I used the SSL certs from the docker; I didn't wanna dig in and remove what they already had running.
In the middle I was still fighting with myself and not taking ya'lls good suggestions - I tried to go the Cloudflared route; which is a cool service... but you can't tunnel root domains unless you're a paid user. Cloudflared tunnels would be great for exposing the Plex, TrueNAS, etc's of the world... but I didn't NEED/want subnets.
Thanks to the Beehaw community... TechHeart.life is up and running. :P (Don't worry, the Bitwarden is on a private domain. Phhhbbbbtttt.)