this post was submitted on 19 May 2025
88 points (95.8% liked)

Selfhosted

46672 readers
984 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
88
How to reverse proxy? (lemm.ee)
submitted 2 days ago by [email protected] to c/[email protected]
72 comments fedilink hide all child comments
 

Hi everybody.

How should I setup reverse proxy for my services? I've got things like jellyfin, immich a bitwarden running on my Debian server in docker. So should i install something like nginx for each of these also in docker? Or should I install it from repository and make configs for each of these docker services?

Btw I have no idea how to use something like nginx or caddy but i would still like to learn.

Also can you use nginx for multiple services on the same port like(443)?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 2 minutes ago

I know this is beyond the scope of your question but you are at a very similar place like i was over a year ago.

For the reverse proxy you want ingnx manager and it will handle all of your reverse proxies just fine.

But what i really want to recommend is to change up that debian into proxmox,

Proxmox is a debian based efficient server OS. Basically every service you run now can Easily be run as its own isolated container with very little overhang.

Best of all there is a community for Helper script that will install entire services including Nginx but even nextcloud from a single command.

https://community-scripts.github.io/ProxmoxVE/scripts?id=nginxproxymanager

[–] [email protected] 5 points 1 day ago* (last edited 1 day ago) (1 children)

There's Nginx proxy manager if you want to set it up. But I'd rather go with Tailscale instead.

[–] WhyJiffie 5 points 18 hours ago (1 children)

tailscale is not the same as nginx or any reverse proxy, though. I don't expose anything publicly, but I still wouldn't stop using a reverse proxy

[–] [email protected] 1 points 9 hours ago

Ok, fair enough.

[–] [email protected] 40 points 2 days ago (3 children)

Caddy

It’s three lines of configuration

jellyfin.example.com {
  reverse_proxy http://localhost:8083/
}

Automatic https with let’sencrypt, simplicity of a single binary, downgrade is as simple as replace binary & restart service.

[–] [email protected] 1 points 22 hours ago

Wow

[–] [email protected] 22 points 1 day ago (1 children)

Fucking hell why do I use Apache 😂

[–] [email protected] 6 points 1 day ago

Because you love the pain that comes with pulling your own hair out, one fistful at a time.

[–] [email protected] 5 points 2 days ago (2 children)

How does my DNS know where to look for this?

[–] WhyJiffie 3 points 18 hours ago

if you don't want to rent a domain, but you run a local DNS server (pihole, technitium) for filtering or other reasons, you can register your own domain names in there, for free. but don't use common TLDs to avoid conflicts, and leave ".local" alone too because that's used by mdns/avahi. You may use .home, .lan, or a few others I don't know without looking them up

[–] [email protected] 10 points 1 day ago* (last edited 1 day ago) (11 children)

  1. you rent a domain

  2. in the config (provided by the service where you rented the domain) you set it to point to the IP of the device where you run caddy

  3. the service tells the relevant global DNS servers your setting

  4. your DNS does a DNS lookup and a DNS server returns the IP you configured it to point to

Depending on the DNS you use, you can manually add entries to do 1-3 differently, but that will only work for devices that use your DNS and is hard.

load more comments (11 replies)
[–] [email protected] 14 points 2 days ago* (last edited 1 day ago) (2 children)

I use Nginx Proxy Manager running as a docker container. Its a gui that makes administration more straight forward. It points at all my services (docker and otherwise) and handles the SSL for me. Because I don't want to have any ports open I use DNS challenge ACME and NPM has built in support for a number APIs from large public DNS providers to automate that.

[–] [email protected] 1 points 18 hours ago (1 children)

i have nginx proxy manager set up all as well, but haven’t worked out the SSL part yet, so all my internal docker services are still on http

out of interest, how did you set up https with npm?

[–] [email protected] 1 points 17 hours ago* (last edited 14 hours ago)

First set up your certificate in the SSL tab of NPM. You can either upload a traditional certificate or set up LetsEncrypt. Be aware that starting next spring the maximum length of a certificate will drop to 9 months and continue to decrease over the next few years until its 47 days.

I have mine set up so LetsEncrypt gets a wildcard cert for my domain (via DNS challenge). Some people go with per subdomain certs.

Once you have the cert, go you each of your hosts and switch to its SSL tab. Then select your cert. Then I usually turn on "Force SSL"

[–] [email protected] 3 points 1 day ago

This plus technitium DNS is exactly my approach.

[–] [email protected] 5 points 1 day ago

Since your a beginner, youll find nginx proxy manager easiest, it has a nice ui, and at this stage you are probably less intrested in the 10/10 fastest lighweight setup and more intrested in getting stuff working.

[–] [email protected] 4 points 1 day ago (2 children)

Did traefik become uncool? I only read about caddy/nginx/ha here.

[–] WhyJiffie 1 points 18 hours ago

my last experience with it was a half empty documentation, and a config structure that signaled to me that they dropped a lot of features for v2 release that they initially wanted to have, which has additionally made understanding their config structure harder. and that hasn't improved for years.

[–] [email protected] 1 points 1 day ago

I think it's still one of the best solutions.

[–] [email protected] 9 points 2 days ago (7 children)

I prefer doing nginx on the host (vs a container), & have different configs for each service. You can have multiple services on the same port, it can be controlled via DNS instead (i.e.: access Jellyfin.domain.com & bitwarden.domain.com, both of 443).

Ive tried Caddy once or twice but couldn’t get it working, so i just stick with nginx & cert or to automatically get certificates from my internal CA

load more comments (7 replies)
[–] ohshit604 4 points 1 day ago

Reverse proxying was tricky for me, I started with Nginx Proxy Manager and it started out fine, was able to reverse proxy my services in the staging phase however, once I tried to get production SSL/TLS certificates it kept running into errors (this was a while ago I can’t remember exactly) so that pushed me to SWAG and swag worked great! Reverse proxying was straight forward, SSL/TLS certificates worked well however, overall it felt slow, so now I’m using Traefik and so far have no complaints.

It’s honestly whatever works for you and what you prefer having.

[–] iAmTheTot 4 points 2 days ago

Nginx Proxy Manager was easy to learn as a beginner. I'd recommend it as a learning tool, if nothing else, and if you want to switch to other solutions later you can.

[–] [email protected] 4 points 2 days ago* (last edited 2 days ago)

IMO, look into the linuxserver.io fork of NGINX, called SWAG.

It comes preloaded with a bunch of fantastic addons for security.

Quite easy to get set up, if you've got an idea about how it works.

[–] [email protected] 3 points 2 days ago

I recommend Caddy. It's very easy to deploy, and configuring it is a snap. This tutorial helped me out a bunch. There is a Docker version of Caddy, tho I have never used it. I figured, Caddy would do better installed on bare metal. I use Caddy in conjunction with Duckdns.org. Caddy also takes care of renewing your certs when it's time.

[–] [email protected] 3 points 2 days ago (1 children)

What is your goal, simplest to configure? industry standard? Secure options set by default? Do you need a gui or are you fine with config files?

[–] [email protected] 4 points 2 days ago (1 children)

Something secure and easy to understand and setup for beginner. The easier the better. I don't mind writing config files if I can understand it.

[–] [email protected] 2 points 21 hours ago* (last edited 21 hours ago)

Nginx Proxy Manager is probably your best bet at this stage. It’s a simple to use GUI with QOL features like automatic certificate acquisition built on top of the industry standard Nginx. It should do everything you need it to do and it’s hands down the easiest to get started with.

When you reach the point that you’re trying to do something outside the scope of Nginx Proxy Manager’s gui, that would be a good time to get into another solution that’s config file based. My weapon of choice here is Caddy. I LOVE how simple and minimal the configuration is and it does a lot of things by default that other solutions don’t.

Plain Nginx is a solid tool but working with it directly will be the least straightforward and beginner friendly of all the solutions. Only reason I’d recommend straight Nginx is if you want experience with it for work.

Traefik, don’t bother with until you have an actual reason to use it over other solutions (Like you’re getting into clustering or kubernetes or anything else that requires dynamic configuration instead of static.)

[–] [email protected] 3 points 2 days ago

A lot of people aren't big fans of Nginx Proxy Manager, which is separate from Nginx. But I like it. It's got a nice gui, and the part I really like is the letsencrypt ssl certs baked in. You can get a new one, for a new service with a click of a button, and it auto renews your certs, so you don't have to worry about it once it's set up.

load more comments
view more: next ›