65
submitted 3 years ago by Sekoia to c/selfhosted@lemmy.world

I have a few selfhosted services, but I'm slowly adding more. Currently, they're all in subdomains like linkding.sekoia.example etc. However, that adds DNS records to fetch and means more setup. Is there some reason I shouldn't put all my services under a single subdomain with paths (using a reverse proxy), like selfhosted.sekoia.example/linkding?

you are viewing a single comment's thread
view the rest of the comments
[-] fbartels@lemmy.one 2 points 3 years ago

You’ll have to use http://192etc:port. So no httpS for internal access

This is not really correct. When you use http this implies that you want to connect to port 80 without encryption, while using https implies that you want to use an ssl connection to port 443.

You can still use https on a different port, Proxmox by default exposes itself on https://proxmox-ip:8006 for example.

Its still better to use (sub)domains as then you don't have to remember strings of numbers.

[-] TemperateFox@beehaw.org 0 points 3 years ago* (last edited 3 years ago)

I understand, though if the services you're hosting are all http by themselves, and https due to a reverse proxy, if you attempt to connect to the reverse proxy it'll only serve the root service. I'm not aware of a method of getting to subdomains from the reverse proxy if you try to reach it locally via ip.

[-] macgregor@lemmy.world 4 points 3 years ago

Generally a hostname based reverse proxy routes requests based on the host header, which some tools let you set. For example, curl:

curl -H 'Host: my.local.service.com' http://192.168.1.100

here 192.168.1.100 is the LAN IP address of your reverse proxy and my.local.service.com is the service behind the proxy you are trying to reach. This can be helpful for tracking down network routing problems.

If TLS (https) is in the mix and you care about it being fully secure even locally it can get a little tricky depending on whether the route is pass through (application handles certs) or terminate and reencrypt (reverse proxy handles certs). Most commonly you'll run into problems with the client not trusting the server because the "hostname" (the LAN IP address when accessing directly) doesn't match what the certificate says (the DNS name). Lots of ways around that as well, for example adding the service's LAN IP address to the cert's subject alternate names (SAN) which feels wrong but it works.

Personally I just run a little DNS server so I can resolve the various services to their LAN IP addresses and TLS still works properly. You can use your /etc/hosts file for a quick and dirty "DNS server" for your dev machine.

[-] Goldenderp@lemmy.world 1 points 3 years ago

TLS SNI will take care of that issue just fine, most reverse proxies will just handle it for you especially if you use certbot i.e. usually letsencrypt

this post was submitted on 14 Jun 2023
65 points (100.0% liked)

Selfhosted

60426 readers
223 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS