How to Setup a Reverse Proxy on Home Network

Описание к видео How to Setup a Reverse Proxy on Home Network

In this video, I explain how to set up a reverse proxy on your home network to eliminate the need to attach port numbers when you try to browse to your locally-hosted services. (Instead of typing "https://service.lan:8080", you can just type "https://service.lan") This is only one of the functions of a reverse proxy so if you are looking for an in-depth video on reverse proxies...this is not it.

We will be using NGINX as our reverse proxy and we will be configuring it to proxy our requests for UNMS, Unifi Controller, Plexpy (Tautulli), and Pihole. For this to work, you need to have local DNS already configured. I have a video on how to set this up using Pihole on a Raspberry Pi.

Timestamps:
Drawing it out: 1:34
Installing NGINX: 6:08
Beginning Configuration: 8:30
Generating Certificates: 17:20
Updating DNS Records: 20:50
Verifying Everything Works: 22:56
Troubleshooting: 24:12
Rambling Outro: 25:09


Below are some of the configurations and commands I use in the video. Just modify them to suit your needs.





Regular port 80 proxy.

server{
listen 80;
server_name myserver.domain;

location / {
proxy_pass "http://xx.xx.xx.xx:xxxx";
}
}

Port 80 redirect to 443

server{
listen 80;
server_name myserver.domain;

location / {
return 301 http://$host$request_uri;
}
}

Port 443 proxy using SSL (Used for UNMS or similar)

server{
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/mydomaincert.crt;
ssl_certificate_key /etc/nginx/ssl/myprivatekey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

server_name myserver.domain;

location / {
proxy_pass "https://xx.xx.xx.xx:xxxx";
}
}

Port 443 proxy using SSL and header modification (Used for Unifi Controller

server{
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/mydomaincert.crt;
ssl_certificate_key /etc/nginx/ssl/myprivatekey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

server_name myserver.domain;

location / {
proxy_pass "https://xx.xx.xx.xx:xxxx";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
location /wss {
proxy_pass "https://xx.xx.xx.xx:xxxx";
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
}

Ubuntu command to generate certificates and create SSL directory

sudo mkdir /etc/nginx/ssl/

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/myprivatekey.key -out /etc/nginx/ssl/mydomaincert.crt

Ubuntu command if restarting NGINX fails due to .PID file missing.

sudo mkdir /etc/systemd/system/nginx.service.d
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" | \
sudo tee /etc/systemd/system/nginx.service.d/override.conf
sudo systemctl daemon-reload
sudo systemctl restart nginx

Комментарии

Информация по комментариям в разработке

Похожие видео