We are still actively working on the spam issue.

Home Server/Reverse proxy

From InstallGentoo Wiki
Jump to: navigation, search

Here's a simplified explanation of how you can use Nginx to unify all your internal services.

Install and Configure Nginx

First, you need to install Nginx on a server that is accessible from the internet. This server will act as the gateway to your internal services.

Create Subdomains

For each internal service, you need to create a subdomain (like plex.example.com or nextcloud.example.com). These subdomains should point to your external WAN IP address.

Create an A record pointing to your external WAN address. Then, create a CNAME record for each subdomain with the content @ to tell clients to resolve your subdomains to the root A record.

Cross-Site Scripting

Warning: Host different services on different subdomains, not subpaths!

Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to a variety of attacks, such as stealing user data and session hijacking. When you use subpaths (like example.com/plex and example.com/nextcloud) to serve different applications, you're essentially serving all these applications from the same domain. This means they all share the same origin as defined by the same-origin policy, a critical security concept in web application security.

Port Forward

Port forward ports 80 and 443 to the IP of the server your Nginx reverse proxy runs on.

Configure Nginx for Each Service

For each service, you need to create a server block in the Nginx configuration file. This block should include the server name (the subdomain you created), and the location blocks that define how to proxy requests to the internal service.

These config files sit at /etc/nginx/sites-enabled/ where each file defines a separate site. The default file defines the basic server when clients connect to its IP address (not a domain).

Here's a simplified example for a Plex server, where 192.168.1.202 is the IP of your the server running Plex.

server {
    listen 80;
    server_name plex.example.com;

    location / {
        proxy_pass http://192.168.1.202:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

This configuration tells Nginx to listen for requests on port 80 for the domain plex.example.com and forward them to the service running on localhost port 8080.

Reload Nginx

After you've configured Nginx for all your services, you need to reload or restart Nginx to apply the changes.

HTTPS and SSL

Self-signed certificates aren't trusted by browsers. You can get a free trusted HTTPS cert from Let's Encrypt: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04