User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
selfhost:nginx [2025/02/13 11:04] willyselfhost:nginx [2025/03/13 09:29] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== The Reverse Proxy concept ======+====== F) The Reverse Proxy concept ======
  
 The use of a **reverse proxy** is the key at the foundation of ensuring security, isolation and flexibility in accessing your self-hosted services. The use of a **reverse proxy** is the key at the foundation of ensuring security, isolation and flexibility in accessing your self-hosted services.
Line 102: Line 102:
   * All HTTP traffic is redirected to HTTPS   * All HTTP traffic is redirected to HTTPS
   * You have a single Let's Encrypt SSL certificate which covers all the subdomains of your domain (either a wildcard or a comulative cert it's up to you)   * You have a single Let's Encrypt SSL certificate which covers all the subdomains of your domain (either a wildcard or a comulative cert it's up to you)
 +  * You might have more than one main domain
  
 The top-level **mydomain.com** will have it's own folder, then you will create a set of sub-folders stemming from the main domain, one folder for each sub-domains, and inside each folder one configuration file for each sub-path served on that sub-domain. The top-level **mydomain.com** will have it's own folder, then you will create a set of sub-folders stemming from the main domain, one folder for each sub-domains, and inside each folder one configuration file for each sub-path served on that sub-domain.
Line 157: Line 158:
         # Add domains here (only the main config file for each domain!)         # Add domains here (only the main config file for each domain!)
         include com.mydomain/mydomain.conf;         include com.mydomain/mydomain.conf;
 +        
 +        # This is for SSL and needs to be included only once for all the domains
 +        include /etc/letsencrypt/options-ssl-nginx.conf;
 } }
 </file> </file>
Line 173: Line 177:
 # simple catch-all server for the domain # simple catch-all server for the domain
 server { server {
-       # respond both to local, internal, IP directly and to mydomain.com +       # You might want to specify also the internal  
-        server_name 10.0.0.1 mydomain.com;+        server_name mydomain.com;
         # Port for users from outside         # Port for users from outside
         listen 8443 ssl;         listen 8443 ssl;
Line 187: Line 191:
  
        # include all sub-paths for mydomain.com:        # include all sub-paths for mydomain.com:
-       include serviceX.conf+       include serviceX.conf
 + 
 +       # include HTTPS certs stuff: 
 +       include org.gardiol/certbot.conf;
 } }
  
 # include all sub-domains entry points: # include all sub-domains entry points:
 include com.mydomain/y/y.conf; include com.mydomain/y/y.conf;
- 
-# include HTTPS certs stuff: 
-include com.mydomain/certbot.conf; 
 </file> </file>
  
Line 207: Line 211:
 <file - y.conf> <file - y.conf>
 server { server {
-        server_name y.mydomain.com; +       server_name y.mydomain.com; 
-        listen 8443 ssl; # external access +       listen 8443 ssl; # external access 
-        listen 443 ssl; # internal access +       listen 443 ssl; # internal access 
-        access_log /var/log/nginx/y.mydomain.com_access_log main; +       access_log /var/log/nginx/y.mydomain.com_access_log main; 
-        error_log /var/log/nginx/y.mydomain.com_error_log info; +       error_log /var/log/nginx/y.mydomain.com_error_log info; 
-        location / { +       location / { 
-                #Generic proxy pass to proxied service +               #Generic proxy pass to proxied service 
-                proxy_pass http://127.0.0.1:8000; +               proxy_pass http://127.0.0.1:8000; 
-        }+       } 
 +       # include HTTPS certs stuff: 
 +       include org.gardiol/certbot.conf;
 } }
 </file> </file>
Line 240: Line 246:
                 proxy_pass http://127.0.0.1:8000;                 proxy_pass http://127.0.0.1:8000;
         }         }
 +       # include HTTPS certs stuff:
 +       include org.gardiol/certbot.conf;
 } }
 </code> </code>
Line 256: Line 264:
                 proxy_pass http://127.0.0.1:8000;                 proxy_pass http://127.0.0.1:8000;
         }         }
 +       # include HTTPS certs stuff:
 +       include org.gardiol/certbot.conf;
 } }
 </code> </code>
Line 271: Line 281:
                 proxy_pass http://127.0.0.1:8000;                 proxy_pass http://127.0.0.1:8000;
         }         }
 +       # include HTTPS certs stuff:
 +       include org.gardiol/certbot.conf;
 } }
 server { server {
Line 283: Line 295:
                 proxy_pass http://127.0.0.1:8000;                 proxy_pass http://127.0.0.1:8000;
         }         }
 +       # include HTTPS certs stuff:
 +       include org.gardiol/certbot.conf;
 } }
 </code> </code>

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information