Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
selfhost:nginx [2025/02/13 11:04] – willy | selfhost:nginx [2025/03/13 09:29] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== The Reverse Proxy concept ====== | + | ====== |
The use of a **reverse proxy** is the key at the foundation of ensuring security, isolation and flexibility in accessing your self-hosted services. | The use of a **reverse proxy** is the key at the foundation of ensuring security, isolation and flexibility in accessing your self-hosted services. | ||
Line 102: | Line 102: | ||
* All HTTP traffic is redirected to HTTPS | * All HTTP traffic is redirected to HTTPS | ||
* You have a single Let's Encrypt SSL certificate which covers all the subdomains of your domain (either a wildcard or a comulative cert it's up to you) | * You have a single Let's Encrypt SSL certificate which covers all the subdomains of your domain (either a wildcard or a comulative cert it's up to you) | ||
+ | * You might have more than one main domain | ||
The top-level **mydomain.com** will have it's own folder, then you will create a set of sub-folders stemming from the main domain, one folder for each sub-domains, | The top-level **mydomain.com** will have it's own folder, then you will create a set of sub-folders stemming from the main domain, one folder for each sub-domains, | ||
Line 157: | Line 158: | ||
# Add domains here (only the main config file for each domain!) | # Add domains here (only the main config file for each domain!) | ||
include com.mydomain/ | include com.mydomain/ | ||
+ | | ||
+ | # This is for SSL and needs to be included only once for all the domains | ||
+ | include / | ||
} | } | ||
</ | </ | ||
Line 173: | Line 177: | ||
# simple catch-all server for the domain | # simple catch-all server for the domain | ||
server { | server { | ||
- | # | + | # |
- | server_name | + | server_name mydomain.com; |
# Port for users from outside | # Port for users from outside | ||
listen 8443 ssl; | listen 8443 ssl; | ||
Line 187: | Line 191: | ||
# include all sub-paths for mydomain.com: | # include all sub-paths for mydomain.com: | ||
- | | + | |
+ | |||
+ | # include HTTPS certs stuff: | ||
+ | | ||
} | } | ||
# include all sub-domains entry points: | # include all sub-domains entry points: | ||
include com.mydomain/ | include com.mydomain/ | ||
- | |||
- | # include HTTPS certs stuff: | ||
- | include com.mydomain/ | ||
</ | </ | ||
Line 207: | Line 211: | ||
<file - y.conf> | <file - y.conf> | ||
server { | server { | ||
- | | + | server_name y.mydomain.com; |
- | listen 8443 ssl; # external access | + | |
- | listen 443 ssl; # internal access | + | |
- | access_log / | + | |
- | error_log / | + | |
- | location / { | + | |
- | #Generic proxy pass to proxied service | + | |
- | proxy_pass http:// | + | |
- | } | + | |
+ | # include HTTPS certs stuff: | ||
+ | | ||
} | } | ||
</ | </ | ||
Line 240: | Line 246: | ||
proxy_pass http:// | proxy_pass http:// | ||
} | } | ||
+ | # include HTTPS certs stuff: | ||
+ | | ||
} | } | ||
</ | </ | ||
Line 256: | Line 264: | ||
proxy_pass http:// | proxy_pass http:// | ||
} | } | ||
+ | # include HTTPS certs stuff: | ||
+ | | ||
} | } | ||
</ | </ | ||
Line 271: | Line 281: | ||
proxy_pass http:// | proxy_pass http:// | ||
} | } | ||
+ | # include HTTPS certs stuff: | ||
+ | | ||
} | } | ||
server { | server { | ||
Line 283: | Line 295: | ||
proxy_pass http:// | proxy_pass http:// | ||
} | } | ||
+ | # include HTTPS certs stuff: | ||
+ | | ||
} | } | ||
</ | </ |