I’m a network engineer by trade and like many of us enjoy having an extensive home lab where I can run servers, learn and experiment in my free time. Not only do I find it very satisfying to build a “production” infrastructure at home, but it also helps me with my day-to-day work at my real job. A few years back I started converting my home lab to Hyper-V. I found a visualized environment easier to manage, plus I was able to work on various technologies without running multiple pieces of hardware (think electric bill)
Residential Internet Service = ONE IP ADDRESS
The only issue was talking to all my various projects from outside the network. I have residential internet service and am only allowed ONE IP address. This causes issues running services on separate internal servers on the same port and trying to reach them from the internet.
Why do we care?
For example, lets say we were running two WordPress sites on separate servers or separate VM guests behind your single public IP address. One could run on port 80, but the other would have to answer on a different port such as 8080. Why do we care? If you are running a public site, or hobby site most users are not going to type http://www.MySite.com:8080. It just feels odd, plus I do not believe Google is going to be able to index sites on port 8080.
What are our options?
In the past my quick and easy solution was just to run everything on the same server or VM Guest. This is great until you want to run more than one technology, like a Windows IIS server and a Linux LAMP server. The next solution is a reverse proxy. A reverse proxy will answer all inbound requests on your single IP address and redirect them to the servers on the inside of your network.
NGINX is a great choice!
I searched the internet and found a few solutions. Originally I tried to make IIS do the job, but it was complicated and did’t work as expected. I then thought to have a Raspberry Pi do the work, but for some reason I couldn’t get that working properly either. Finally I installed Ubuntu 18.04 in a VM and was successful at getting the reverse proxy to work!
Ngnix is super lightweight and is packed with features. There are so many features that googling exactly for what I need proved difficult. I just wanted the simplest configuration that would make this work.
My configuration that WORKS!
server {
listen 80;
listen [::]:80;
server_name yourdomain.net www.yourdomain.net;
location / {
proxy_pass http://www.yourdomain.net/;
}
}
server {
listen 80;
listen [::]:80;
server_name www.second_domain.net;
location / {
proxy_pass http://www.second_domain.net/;
}
}
Just keep adding server blocks as shown above to keep redirecting to your back-end. Keep in mind this is as simple as it gets. There are more advanced options regarding host headers and passing back the inbound ip address. I may cover some of them in a future post.
One Final Thought – SSL
I’m not going into making your site SSL, there are tons of posts. However a few important SSL items. Your proxy server needs SSL certs for the domin names you are using. Your proxy server also needs to know where the fullchain and private key files are stored. (See Below)
server {
listen 443 ssl;
server_name my.domain.com;
ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem;
location / {
proxy_pass https://my.domain.com/;
}
}
I hope this helps someone, It took me a long time to find these configuration options without all the extra commands and things I didn’t need.
Thank you for reading my blog,
Joe
If you feel inclined visit my Etsy store – www.geekgearstore.,com