So I've got a debian home server running a Jellyfin media server and a L.A.M.P stack for hosting my website. I've got domain names for both of them and set up Caddy as a reverse proxy so I can run them on the same machine.
On another Debian home server (a Dell Optiplex I bought from a local business) I want to run a Nextcloud instance.
The issue is that Nextcloud really wants to use port 443 but that's already taken, and I can't use my reverse proxy because it's on a completely different machine.
Any suggestions for how to fix this?
CRIME Shirt $21.68 |
DMT Has Friends For Me Shirt $21.68 |
CRIME Shirt $21.68 |
Unironically: Docker. Map whatever port you want on your host to 443 inside the container and it should just werk
Does docker work on different machines? I'm hosting Nextcloud on a completely different, physically separate, machine than my website, which is already using port 443. I'm not hosting my website and Nextcloud on the same machine.
Anon, if they’re already on different machines, what exactly is the issue? Trusted machines can address by IP directly and shouldn’t have to go through the reverse proxy (obviously a bigger setup open to the public internet shouldn’t do this but you get the idea). Set up some basic HTTP auth and whitelist your IPs and you should be good to go
Both my website and Nextcloud want to use port 443 on my router and you can't forward 2 different internal IPs to the same port.
It's my understanding that SSL certs have to use port 443. Or am I mistaken.
run nginx on 1 machine and reverse proxy to the other based on hostnames
or be a chad and run nginx on your router
I probably can't run nginx on my current router, but I have been toying with the idea of setting up a pfsense router. That'll definitely be something I look into when it do!
that sounds like a good way to ddos yourself. i doubt most consumer grade routers have enough cpu and ram to handle more than a few connections concurrently before it locks up.
you don't run nginx on a consumer grade arm shitter router anon, pfsense is x86 anyhow
https://ip.ip.ip.ip:port will work bro
You should always change default port of services, or you will get instantly hacked.
Easiest would be to run nexcloud in docker and map 8443 on the optiplex to 443 in the container. Then port forward to 8443 in your router
> The issue is that Nextcloud really wants to use port 443 but that's already taken, and I can't use my reverse proxy because it's on a completely different machine.
Any suggestions for how to fix this?
Your caddy server can reverse proxy over the network. Run Nexcloud on another port, doesn't matter which, and set the reverse_ proxy stanza in the Caddyfile to point to it using the IP:port of the optiplex nextcloud instance. Make sure nextcloud is listening on your LAN address and not 127.0.0.1.
Holy shit bro it worked! I didn't know Caddy could do that Thanks so much! That was much less of a PITA than I was expecting.
>I can't use my reverse proxy because it's on a completely different machine.
Too stupid to be allowed to live. Consider suicide.
You can do what you want with an ingress router and kubernetes. They allow any number of apps to be exposed using the same port (80 or 443). The only thing is that you need to set a different DNS name for each app and use only that DNS name to go for them as the ingress controller uses that name for routing.
I'm not certain if you can use an ingress controller without kubernetes, as using kubernetes for this is overkill, but I believe it's possible to do it.
The other only possibility is to add another machine that does this same routing for you, but I don't know much about Nginx to do that.
OP has like 5 machines at best, kubernetes is the definition of overkill here
how do you get away with running a webserver from a residential connection? i hear most ISP's frown on that sort of thing.
Idk beats me 乁( 0͡ Ĺ̯ 0͡ ) ㄏ? My website is just some static pages that act as a sort of rèsume, and only a few friends and I use the Jellyfin server. I guess I just don't use enough bandwidth to get on their radar.
It's mostly asymmetric connections like cable modem providers that sometimes get pissy about it unless you pay them more money to have a "business" connection which means you trade in your modem for an older slower piece of shit modem running some microsoft crap and aspx management pages. Many / most fiber providers will go as far as to give you FCrDNS for your connection using one of your domains if you wish, assuming you pay a few bucks extra per month for a static IP.
why can't you use the reverse proxy? isn't directing traffic to other machines what they were designed to do?
>Any suggestions for how to fix this?
Wildcard cert, then use Caddy or HAProxy to send one name to nextcloud and another name to your lamp stack. You can have millions of different sites on 443 using SNI which just about everything supports. LetsEncrypt supports making wildcard certs. Caddy or HAProxy could be running on your router.