this post was submitted on 19 May 2025
86 points (94.8% liked)

Selfhosted

46672 readers
448 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
86
How to reverse proxy? (lemm.ee)
submitted 4 days ago by Octavusss@lemm.ee to c/selfhosted@lemmy.world
60 comments fedilink hide all child comments
 

Hi everybody.

How should I setup reverse proxy for my services? I've got things like jellyfin, immich a bitwarden running on my Debian server in docker. So should i install something like nginx for each of these also in docker? Or should I install it from repository and make configs for each of these docker services?

Btw I have no idea how to use something like nginx or caddy but i would still like to learn.

Also can you use nginx for multiple services on the same port like(443)?

you are viewing a single comment's thread
view the rest of the comments
[–] DevotedOtter@lemm.ee 2 points 4 days ago (6 children)

I'm looking to do something like this. I'm uneasy about having the registered domain pointing towards my IP address (partially because I'm unsure of the exact risks and partially because I'd rather do it internally if possible).

You said you were using pihole. What did you change to and why did you change? Pihole seems the most recommended from what I've seen?

[–] Scrath@lemmy.dbzer0.com 1 points 3 days ago (5 children)

You are lucky I haven't deleted my pi-hole VM yet ;D

In the Pi-Hole DNS settings I have the following configuration:

  • Upstream DNS Servers => Quad9 (filtered, DNSSEC) both checkboxes for IPv4 checked
  • Under Custom DNS servers I added a line with my routers IP
  • Under Interface settings => Permit all origins. Note the warning written regarding this setting and check whether it applies for your setup!
  • Under Advanced DNS settings I have enabled "Never forward non-FQDN A and AAAA queries" and "Never forward reverse lookups for private IP ranges". Since according to the warning this would block local hostname resolution note the next setting.
  • Under conditional forwarding I have added this line true,192.168.1.0/24,192.168.1.1,fritz.box. fritz.box was my local DHCP domain name but has since been changed to lan.

The other settings in Pi-Hole were under the Local DNS Records menu where I added my domain name (let's call it example.com) to the list of local DNS records and pointed it at the IP of the server running my reverse-proxy. Finally I added each subdomain I wanted to use to the List of local CNAME records and pointed it at the domain I just entered to the other list.

I can't perfectly tell you what my router settings were unfortunately since I have recently moved and replaced my fritzbox with a mikrotik router. The main thing you have to do though is to go to the DHCP server settings of your router and set the pi-holes IP address as the DNS server. Note that in the case of the pi-hole being offline for any reason you will be unable to resolve any domains while in this network

It might be possible to do some sort of failover setup by running a second pi-hole with identical settings but I did not want my network connectivity depending on any device other than my router being on. Hence my move back to using my mikrotiks built-in DNS server which fortunately also supports adding lists for DNS adblocking.

[–] Eldaroth@lemmy.world 1 points 3 days ago (1 children)

If your router allows it you can set your gateway IP from the router (i.e. 192.168.1.1) as the second DNS address in the DHCP settings. So your routers DNS settings would then act as fail over in case your pi-hole is down. That's at least how I have done it on my ISP router.

[–] Scrath@lemmy.dbzer0.com 1 points 3 days ago

I don't think that's how it works with my router. I read a bit about DNS failover and the consensus seemed to be that all DNS servers listed should return equal results since requests are spread round-robin between them (at least for mikrotik routers).

load more comments (3 replies)
load more comments (3 replies)