Selfhosted

39433 readers

992 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Is it possible to run a reverse proxy only on a specific service or port? (lemmy.world)

submitted 19 hours ago* (last edited 18 hours ago) by FarraigePlaisteach@lemmy.world to c/selfhosted@lemmy.world

24 comments fedilink hide all child comments

I’m happily serving a few websites and services publicly. Now I would like to host my Navidrome server, but keep the contents private on the web to stay out of trouble. I’m afraid that when I install a reverse proxy, it’ll take my other stuff ~~online~~ offline and causes me various headaches that I’m not really in the headspace for at the moment. Is there a safe way to go about doing this selectively?

you are viewing a single comment's thread
view the rest of the comments

[–] foster@lemmy.fosterhangdaan.com 3 points 19 hours ago* (last edited 19 hours ago) (1 children)

First of all, doesn't Navidrome have authentication? So, I don't see why exposing it to the public is a problem.

Second, some reverse proxies support basic auth. This way, you can password-protect some services and is useful if the service does not have its own authentication. Here as an example snippet for Caddy:

example.com {
	basic_auth {
		# Username "Bob", password "hiccup"
		Bob $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx4IjWJPDhjvG
	}
	reverse_proxy myservice:8000
}

You'll have to look up the docs for other reverse proxies.

[–] FarraigePlaisteach@lemmy.world 1 points 18 hours ago* (last edited 17 hours ago) (2 children)

Thanks. You’re right about Navidrome supporting authentication. I’m using HTTP instead of HTTPS, though. I was advised to use a reverse proxy to avoid potential legal issues.

[–] maxwellfire@lemmy.world 1 points 10 hours ago* (last edited 10 hours ago)

How will a reverse proxy help?

Things that a reverse proxy is often used for:

making multiple services hosted on the same IP and port
SSL termination so that the wider world speaks https and the proxy speaks http to the server. This means the server doesn't have to do its own key management
load balancing services so multiple servers can serve the same request (technically a load balancer but I believe some reverse proxies do basic load balancing)
adding authentication in front of services that don't have their own (note that some of the protections/utility is lost if you use http. Anyone who can see your traffic will also be able to authenticate. It's not zero protection though because random internet users probably can't see your traffic)
probably something I'm forgetting

Do any of these match what you're trying to accomplish? What do you hope to gain by adding a reverse proxy (or maybe some other software better suited to your need)?

Edit: you say you want to keep this service 'private from the web'. What does that mean? Are you trying to have it so only clients you control can access your service? You say that you already have some services hosted publicly using port forwarding. What do you want to be different about this service? Assuming that you do need it to be secured/limited to a few known clients, you also say that these clients are too weak to run SSL. If that's the case, then you have two conflicting requirements. You can't simultaneously have a service that is secure (which generally means cryptographically) and also available to clients which cannot handle cryptography.

Apologies if I've misunderstood your situation

[–] tko@tkohhh.social 5 points 16 hours ago (1 children)

What's your reason for using HTTP? That seems like a really bad idea this day in age, ESPECIALLY if that's something you're going to make available on the internet.

[–] FarraigePlaisteach@lemmy.world 2 points 14 hours ago (1 children)

They’re lightweight sites that exist to be accessed by vintage computers which aren’t powerful enough to run SSL.

[–] tko@tkohhh.social 2 points 14 hours ago

Gotcha... as long as you understand that any device that receives that traffic can see exactly what's in it! (no sarcasm intended at all... if you're informed of the risk and OK with it, then all is well!)