So, I have some idea on what a reverse proxy does and will be using nginx (with the neat proxy manager UI) for my setup.

However, I’m not completely clear what exactly I want it to do and how I cn use it to run different services on one machine. I’m especially unclear on the ports configuration … tutorials will say things like “change the listening port to xxx for that service and to port yyy for the other service”

How does this work, which ports can I use and how do I need to configure the respective services?

EDIT: thanks everybody, your replies did help me a lot! I have my basic setup now up and running using portainer + nginx + fail2ban.

  • thisNotMyName@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    Since you already got a lot of ELI5s, here is a basic to-do to get you up and running. From my experience, since I use the exact same setup as you describe.

    1. Set up your containers in a way you can reach them from you local network (e.g. http://123.456.789.10:123)
    2. Get a domain name (you can get one at the registrar of your choice, e.g. mydomain.com)
    3. Set up NGINX proxy manager (NPM) (default address of webui would be http://123.456.789.10:81)
    4. Set up a new proxy host in NPM:
      • Domain name: mycontainer.mydomain.com
      • Scheme: http
      • Forward Hostname/IP: 123.456.789.10 (if you get an error later on, you can use the docker container name if NPM and your container are connected to the same Docker network)
      • Port: 123
      • Via access lists you can provide a very basic username/pw login to protect your sites (you can do more and cooler stuff with Authelia)
      • In the SSL tab you can (and should) setup the SSL encryption: https://www.youtube.com/watch?v=TBGOJA27m_0
    5. Go to the DNS management of your registrar
      • Add an A-record for mydomain.com and the public IP of your server (you can google public IP to find it out)
      • Add a CNAME record for the subdomain with name mycontainer and target mydomain.com
    6. open port 443 of your server in your router If everything worked right, you can visit mycontainer.mydomain.com, your DNS server will resolve this to your public IP and forwards the request to nginx, which will serve the data of your local container
  • z3bra@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    ELI5

    So it’s saturday afternoon, a very hot one, so you ask your daddy for an ice cream (hosted service). The shop you go in is very bizarre though, as there is one vendor (TCP port) for each flavor (docker service/virtualhost). But it’s tricky because they’re all roaming in the shop, and you don’t know who’s responsible for each flavor. Your dad is also not very comfortable paying these vendors directly because they only accept cash and do not provide any receipt (self-signed certificate/no TLS).

    Hopefully, there is the manager (reverseproxy) ! This girl is right where you expect her: behind the counter (port 80/443), accept credit cards and has a receipt machine (Domain name + associated certificate). She also knows everyone on her team, and who’s responsible for each flavor !

    So you and your dad come to see the nice lady, ask for a strawberry + chocolate ice cream, and pay her directly. Once done, she forwards your request directly to the vendors responsible for each flavor, and give you back your ice cream + receipt. Life is good, and tasty !