this post was submitted on 14 Nov 2023
1 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
communick@selfhosted.forum
1
Reverse Proxy for internal network and VPS for external network - how to correctly setup? (alien.top)
submitted 11 months ago by SgtKayos@alien.top to c/main@selfhosted.forum
1 comments fedilink hide all child comments
 

Hey guys, what is the common practice for chaining two reverse proxies together? I have an instance of Nginx Proxy Manager (i.e., npm) setup on my local network and a public IP pointed to that to access internal services.

Recently I stood up a VPS with an instance of npm running to attempt to get around my work firewall from blocking my internal services and it seems to work. That said, how do I:

โ€‹

  1. Point the external reverse proxy to my internal proxy/ip?

For my domain, I imagine I would point the dns to the external VPS, allow 80/443 and point to my private IP. Is this the correct way to set this up?

References:

- VPS as gateway

- Use VPS as reverse proxy

you are viewing a single comment's thread
view the rest of the comments
[โ€“] zfa@alien.top 1 points 11 months ago

You can either point the first proxy to the second proxy, or point it to the backends directly. Depends if you have firewalls in the way that stop the VPS proxy reaching your backends directly; or if that internal nginx instance is dong anything clever like handling auth, adding headers etc. etc.

In your instance I'd more likely have the VPS locked down and unable to access my internal resources and just open up its access to my internal nginx instance. Therefore chaining proxies would be my approach but there's no right or wrong.