Self-Hosting all the things (Part 2 – nginx reverse proxy and VPN)

  • by

Setting up a reverse proxy w/ nginx

Now that we have “linked” our two servers, the VPS will act as a gateway to the rest of the internet for all of our locally hosted services. Your VPS has a static IP which will be used to access the locally hosted services. Right now, we are going to set up a basic reverse proxy with no SSL encryption. In a later tutorial I will cover how to use certbot to retrieve a SSL certificate for a wildcard domain to properly encrypt all of our traffic.

Let’s get started with a basic reverse proxy for now. Make sure all your sources and packages are updated.

apt update && apt dist-upgrade

After that, get nginx installed and enabled.

apt install nginx && systemctl enable nginx --now

If nginx is successfully installed you will see the page below when you visit your IP address (make sure that port 80 is open on your VPS).

Nginx Default Page | Dracula Servers Tutorials

Now that we have confirmed that nginx is up and running it is time to edit the default server config to set up a reverse proxy for our service. Each application has it’s own setup for reverse proxy but if it’s a simple application not utilizing any websockets or streaming, then the following should work. Start to edit the default config and delete everything in the file using vim or nano or whatever text editor you want to use.

sudo vim /etc/nginx/sites-available/default

For example let’s say I was running an instance of a RSS feed reader, miniflux on port 7000 then I would put that port for the <APP PORT> and also make sure that the IP provided by our VPN is correct for <HOMELAB MANAGED IP>.

server {
    listen          80;

    location / {
        proxy_pass http://<HOMELAB MANAGED IP>:<APPPORT>;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Once that is done, save the file and then restart nginx.

systemctl restart nginx

Now if you visit your VPS’ IP address you should see your service live! If something goes wrong, when you try to restart nginx it will tell you to check the status of the service, which you can do with this command

systemctl status nginx

That should give you some sort of clue as to what has gone wrong. From there, stack overflow will be your friend!

For the next tutorial, I will be showing you how to reverse-proxy multiple services that are encrypted using SSL and certbot that will automatically renew a wildcard domain name certificate. This will involve creating a slightly more involved nginx configurations along with getting a domain name, and create DNS aliases for each of our services if are going to serve them using subdomains such as rss.yourdomain.com, plex.yourdomain.com or coolapp.yourdomain.com while all of them are being hosted on your home lab!

This guide is still in it’s infancy and I hope to make it a lot better in the future, but this is the best I can do for now! There is so much you can do with this now that you can expose your self-hosted apps to the internet. You can host your own instance of GitLab, or your own wiki with Outline and much much more!

Have fun!

Pages: 1 2