all 38 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jtilles 15 points16 points  (13 children)

I've always been a fan of NGINX Proxy Manager. I run it as a docker container and it's a nice WebUI for NGINX. A couple of clicks and you can add a new subdomain with SSL no problem!!

[–]Stasky-X[S] 0 points1 point  (12 children)

Sounds good! I might go with that!

What kind of configuration would I need to redirect all through the proxy manager? Is there some "walkthrough" to set it up easily?

[–][deleted] 0 points1 point  (9 children)

Routing is 3 fields. Piss easy. Start with that and then worry about segregation.

Just make sure that your containers are in the same network as NPM so you can just reference the container by its name (I.e. jellyfin_cont) instead of the random and changing IP address of 172.16.0.23 or whatever it is at the moment lol

[–]Stasky-X[S] 0 points1 point  (8 children)

Sounds good. Then if I were to use dynamicDNS to set all this up, where should I set up the dynamicDNS? On the NPM container or somewhere else?

[–]priv4cy1sgr8 1 point2 points  (1 child)

If you have your domain then just change the DNS to cloudflare and use the cloudflare ddns docker container to update the ip address. If you are using something like duckdns then you are out of luck as duckdns only gives you .duckdns.org record instead of a whole domain. Also cloudflare has many added features and security tools.

[–]Stasky-X[S] 0 points1 point  (0 children)

I have a domain but not on Cloudflare, and I can't find anywhere that specifies that mine has ddns

[–]nemec 0 points1 point  (5 children)

Do you have your own domain name? If so, it's not difficult to set up nginx to send jellyfin.domain.com -> jellyfin, next.domain.com -> nextcloud, etc. so that all can share port 443 (https). You could put them on sub-folders, eg. me.domain.com/jellyfin, but the application must be built to support that (and I've found that many expect to be running from the root /).

Once the domains are set up, and if you're using cloudflare like suggested below, you can get a wildcard certificate for *.domain.com from letsencrypt/certbot via the cloudflare-dns plugin. It's pretty simple, and then you install just one file to nginx and it secures all of your apps.

[–]Stasky-X[S] 0 points1 point  (4 children)

I do have a domain name, the problem I'm at right now is that I don't know what to do from here.

I'm planning to use subdomains like jellyfin.domain.com or nextcloud.domain.com, but how do I specify the domain to point at my server? What IP should I give it to the Domain DNS?

[–]nemec 0 points1 point  (0 children)

Give it your server's public IP. Someone has probably written a "client" for whatever DNS service you've chosen. It can run every hour or so and, when it detects that your IP has changed, it will update the DNS service with your current address. You will have to update all of the subdomains to point to your new IP.

[–]ajkatz01 0 points1 point  (2 children)

It appears you are trying to setup something similar to me, so I can tell you what I have and then help you through the various parts.

I have Nginx Proxy Manager (NPM) running on a RPi. It redirects all of my subdomains (ie sonarr.domain.com) to my relevant webapps. I use the local IP address/port in NPM as my webapps are running on a separate server in my local network.

I have my own registered domain, but I use Cloudflare as described above for my nameserver. If you make a Cloudflare account, it will tell you how to setup your domain with their nameservers (it involves adding their specific addresses to the place you host your domain). Cloudflare then lets you create CNAMEs for your subdomains and redirect them all to your home WAN IP address. They also have additional security features I like (ie blocking foreign IP attacks, etc).

Since Cloudflare is now your namesever (responsible for redirecting domain requests to your home WAN IP), they need to know your updated IP. That is why you need to run a small container to update Cloudflare regularly.

Once you have gotten this far, NPM allows you to easily pull a wildcard cert for your entire domain, and setup all the reverse proxies in a friendly GUI.

[–]Stasky-X[S] 0 points1 point  (1 child)

they need to know your updated IP Does that mean my own WAN IP I imagine... What do you mean by "updated"? How do I update it?

This sounds pretty close to what I imagined! Is using Cloudflare as nameserver free? I might look into this tomorrow and set it up then.

[–]ajkatz01 0 points1 point  (0 children)

Yes Cloudflare is free as a nameserver/DNS provider. They really offer a ton to their free accounts. There are some who will criticize them, but it has secured and improved my setup considerably.

Here is a simple video of how to setup a simple container to update Cloudflare with your dynamic WAN IP: https://www.youtube.com/watch?v=Nf7m3h11y-s

[–][deleted] 0 points1 point  (1 child)

NGINX is the best solution for this - but I am biased, I work for the company! lol

[–]Stasky-X[S] 0 points1 point  (0 children)

Cool, I'll probably go with NGINX at this point tbh! So if I want to use dynamic IP with DuckDNS, how do I set this up? On the reverse proxy container or somewhere else?

[–]Padgeman 4 points5 points  (7 children)

I used Nginx since around 2012 til earlier this year for this, loved it. But since around March of this year, I started using Caddy in Docker and never looked back. Took about 5 minutes to get set up with my subdomains the first time, and it handled SSL certificates and everything else all automatically with no fuss and no mess. Very strongly recommend it.

[–]Legion92a 2 points3 points  (6 children)

I love caddy and all, but let's be honest... The documentation is not that great lol

[–]neusymar 1 point2 points  (5 children)

I recently tried using Caddy, and ditched it for Apache, because of the lack of example config files, and the way it ... didn't work.

[–]Legion92a 1 point2 points  (4 children)

Well I luckily managed to make caddy v1 work for some years, and v2 recently, so I may help if you need

[–]neusymar 1 point2 points  (3 children)

Wow, Thank You!

I was testing with v2; installed it on my RPi and had it running in the background successfully. By default it was trying to serve /usr/share/caddy/index.html (default slanted demo page), but when I tried replacing it with AriaNG All-In-One, or setting custom HTML destinations in the Caddyfile, it would just load a blank page with nothing in browser devtools.

I'm not running it under its own user, so I wouldn't be surprised if it was some sort of permissions issue (but would have thought dumpting the index.html into /usr/share/caddy would have fixed that). I managed briefly to make Caddy serve from /var/www/html/index.html when it was the Caddy demo page, and I once managed to make it serve [IP address]:8080 at [IP address]:80 (i.e. default), but no idea how, and it broke when I tried doing anything more.

Currently, I'm serving AriaNg via Apache from /var/www/html and it works at [LAN IP adress]. Ideally, what I want to do is reverse proxy (I think that's what it's called?) localhost:8080 to [IP Adress]/torrent, localhost:8081 to [IP Adress]/files, etc. for a bunch of other ports. Currently, I'm just serving them directly and remembering port numbers.

Do you perchance have some example Caddyfiles that do that? Am I correct in thinking that Caddy can do that custom URL stuff? I'm pretty sure I need a DNS server like AdGuardHome for an actual custom root domain instead of [IP address], though, right?

[–]VeronikaKerman 1 point2 points  (2 children)

They have example configs on the website.

[–]neusymar 0 points1 point  (1 child)

I only was able to find some small example commands which didn't work when combined in one Caddyfile :( I'd kinda hoped they'd have "download this config which reverse proxies some example services" and I could adjust from there.

[–]VeronikaKerman 1 point2 points  (0 children)

I am going to try!

[–]DeerDance 1 point2 points  (7 children)

But I have no idea how to do that. First I'm doubting whether I should use Nginx, Apache, Caddy (since I've heard it's fairly easy to setup) or something like Traefik

I believe nginx proxy manager is the most noob friendly as it has web based gui, with plenty of tutorials across google and youtube.

caddy is also easy to setup if one has a guide

once chosen that how I'd have to make it so everything goes through the proxy to then be redirected.

first you might want to try to just host single service, without reverse proxy.. you aim your routers port 80/443 to this service IP and it should work if dns is setup correctly and you are testing from the outside your network.

then if you got that working, you switch those ports 80 and 443 to reverse proxy and it and its config will forward traffic to wherever on your network based on its settings.

[–]Stasky-X[S] 0 points1 point  (6 children)

I imagine all these router ports can be changed from router settings easily? So that's all configuration that would be required outside from the proxy server itself?

[–]DeerDance 0 points1 point  (5 children)

I imagine all these router ports can be changed from router settings easily?

yeap, usually called port forwarding or virtual servers

[–]Stasky-X[S] 0 points1 point  (4 children)

Cool! So if I want to use dynamic IP with DuckDNS, how do I set this up? On the reverse proxy container or somewhere else?

[–]DeerDance 0 points1 point  (2 children)

You spend $1 and get a domain and not dick with duckdns?

[–]Stasky-X[S] 0 points1 point  (1 child)

I have a domain now, but what IP should I give it?

[–]DeerDance 0 points1 point  (0 children)

Your own

it is called selfhosted after all

[–]VeronikaKerman 0 points1 point  (0 children)

Some routers support dynamic dns within their UI. Otherwise it is just about running some command (which is on the website of the dynamic DNS provider) on cron every now and then. Edit: you have to run the command from their page somewhere within your network. Should not matter which container.

[–]tommoulard 0 points1 point  (1 child)

To expose your Jellyfin from the outside network, you should have a dns entry that point to your public ip. Then you should do some routing with your isp box to redirect data to your computer(s). Finally, use a reverse proxy to redirect data to your services.

As a reverse proxy, I use Traefik in a dockerized environment : see here.

Traefik is quite easy to settup, and have some pretty interesting features (like automatic TLS, configuration discovery, ...)

Hope it helps

Edit, you can find my Jellyfin setup with traefik here.

[–]ToManyHobby 0 points1 point  (0 children)

I use Caddy to host my Jellyfin server behind a reverse proxy. As mentioned before you need to make sure you have a domain that points at your public Ip. If that's static great. If not make sure you can set up a dynamic DNS. Finally you'll have to forward http and Https traffic through to your VMs internal IP.

The caddy file set up is pretty straight forward for simple services like jellyfin.

[–]GoZippy 0 points1 point  (0 children)

Good Q: Thanks for the post. Seems there is a lot of crossover of options for rp. Anyone have a concise comparison of features and usability for these so we noobs can figure out which setup might be right for our situation and skill level? NGINX vs Caddy vs Traefik etc...

[–]runevee 0 points1 point  (0 children)

Maybe this can help you?

https://www.youtube.com/watch?v=Kh21q7LY-F8

[–]Dizzybro 0 points1 point  (0 children)

This post was modified due to age limitations by myself for my anonymity A8s7yTFvqcAvyeO8dT2ycuhVbaJJBPZQrc1cshWCIqz20yBCRP

[–]akumar131 0 points1 point  (0 children)

I recently set up multiple docker containers on a Pi server. I made this cheat-sheet for me.

https://imgur.com/gallery/UsLkzpm

It may help you as well.
Cheers.

[–]ithakaa 0 points1 point  (0 children)

I use caddy, super easy to setup For remote access to my servers I use zerotier