1

I've got Nginx Proxy Manager set up and it's working wonderfully. However, I have some services I want to be able to access via reverse proxy, so I have SSL and can use a hostname to direct me to a service, but I only want to be able to access them via VPN. My best idea to make this work is to configure access so that only connections from my local network can access certain proxy hosts. This gives all external traffic a 403 on connection attempt. Is this the best or only way to go about it? Short of additional services such as Authelia and Fail2Ban of course, but I wanted to know if I have the right idea.

you are viewing a single comment's thread
view the rest of the comments
[-] Deathmeter@alien.top 1 points 1 year ago

I personally run tailscale on my host and a single traefik instance on docker. Anything that doesn't need to be accessed by other people listen to the hostname and get a 100.64.0.0/10 ip whitelist middleware to only allow connections through tailscale. That way a request sent through the public IP with a custom Host header can't be smuggled in and I don't have to deal with custom ports for a 2nd reverse proxy

this post was submitted on 13 Nov 2023
1 points (60.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS