So, at the moment I’m using Nginx Proxy Manager, but lately I started seeing it moving slower and slower and even though I tried traefik some time ago, I didn’t manage to make it work.

Anyway, I want to start using traefik again, but I want to use it like this:

  • I want to access all my services/containers in my LAN through http (port 80) on something like sub.mylan.home
  • I want to access some of my services over the internet through https (port 443) on sub.mydomain.com

I know this is possible, but I don’t get the hang of the configuration. Somone care to share some tips?

  • calm.like.a.bomb@lemmy.dbzer0.comOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    8 months ago

    Thanks for the great explanation.

    So, currently, as I said, I’m using nginx proxy manager and do this:

    • reverse proxy to all my services inside the internal network on http: *arr stuff, rss reader, jellyfin and some other minor things. All of them use name.local.home notation. I’m using a local DNS for this, of course.
    • reverse proxy to just two services externally on https under wildcard certificates - both are non-standard names and the names are not related to the services themselves. For both these services I use Authelia with 2FA, so even if an attacker guesses the subdomain name, they’ll have to bypass that. As far as I can see in my logs, there are no attempts to breach my services. This is what I want to replicate and I’m planning on testing it.

    On the other hand, You gave me a good idea about using *.lab.domain.com getting resolved by the local DNS and the main *.domain.com by my public DNS. I’ll give this a try too in the near future. Another plan for me is to start using Authentik, as I saw it’s a bit better than Authelia in some areas, even though it may be overkill for a little project - I’ll have to see.

    • lemmyvore
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      Since your reverse proxy is nginx you can also look at vouch-proxy. It’s smaller and more light-weight than either Authelia or Authentik, but of course it doesn’t have all their features, basically just login with an external service.