49 lines
No EOL
1.4 KiB
Markdown
49 lines
No EOL
1.4 KiB
Markdown
# Reverse Proxy Setup
|
|
|
|
My setup for exposing my home server to the internet without Port Forwarding.
|
|
|
|
## Tailscale
|
|
|
|
I use Tailscale to connect my home server with the docker in the VPS. This way I don't need to open ports in order to
|
|
connect this two endpoints.
|
|
|
|
## nginx
|
|
|
|
I use nginx to route my VPS traffic to the various services I have inside my home server.
|
|
|
|
## DNS Setup
|
|
|
|
First, I create an A record pointing to my server, this A record could be used for a specific service, but there I just
|
|
serve the default nginx page:
|
|
|
|
```
|
|
vps.gerardgascon.com. IN A 146.190.236.48
|
|
```
|
|
|
|
All subsequent domains I want to point to a home server service will have a CNAME pointing to that base A record:
|
|
|
|
```
|
|
git.gerardgascon.com. IN CNAME vps.gerardgascon.com.
|
|
```
|
|
|
|
## Steps to add a new service
|
|
|
|
1. Add CNAME record to DNS
|
|
2. Modify nginx.conf to add support for the new service:
|
|
```nginx configuration
|
|
server {
|
|
listen 443 ssl;
|
|
server_name <<url>>;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/<<url>>/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/<<url>>/privkey.pem;
|
|
|
|
location / {
|
|
proxy_pass http://<<tailnet_ip>>:<<service_port>>/;
|
|
}
|
|
}
|
|
```
|
|
3. Request SSL certificate and deploy:
|
|
```shell
|
|
docker compose stop nginx && certbot certonly --standalone -d <<url>> --expand && docker compose up -d
|
|
``` |