Noob Question Why Is A Domain And Reverse Proxy Safer Than Exposing Ports
Welcome to this comprehensive guide on securing your self-hosted infrastructure by using a domain and reverse proxy instead of directly exposing ports. This approach is beneficial for home labs, DevOps.
# Noob Question: Why Is a Domain and Reverse Proxy Safer Than Exposing Ports?
Welcome to this comprehensive guide on securing your self-hosted infrastructure by using a domain and reverse proxy instead of directly exposing ports. This approach is beneficial for home labs, DevOps projects, and any other open-source endeavors that require a secure setup.
Prerequisites
To follow along with this tutorial, you’ll need the following tools:
- Ubuntu Server 20.04 LTS or higher with root access
- Docker version 20.10.8 (or the latest stable release) -
apt install docker-ce=20.10.8 - Docker Compose version 1.27.4 (or the latest stable release) -
apt install docker-compose=1.27.4 - Nginx server, preferably version 1.19 or higher -
apt install nginx
Solution Steps
Step 1: Set Up a Reverse Proxy with Nginx
Install and configure the reverse proxy by modifying the default Nginx configuration file (located at /etc/nginx/sites-available/default).
1
2
# Edit the Nginx configuration file
sudo nano /etc/nginx/sites-available/default
Replace the contents with the following example:
1
2
3
4
5
6
7
8
9
10
11
server {
listen 80 default_server;
server_name yourdomain.com; # Replace with your domain name
location / {
proxy_pass http://localhost:8080; # Replace with your service's listening port
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Don’t forget to create a symbolic link for your configuration:
1
2
3
4
5
6
7
8
# Enable the new configuration
sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/
# Test the Nginx configuration file
sudo nginx -t
# Restart the Nginx service to apply changes
sudo systemctl restart nginx
Step 2: Deploy Your Service with Docker Compose
Create a docker-compose.yml file for your service, such as a web application or database container. Here’s an example configuration:
1
2
3
4
5
6
7
8
version: '3'
services:
app:
image: yourusername/your-app:latest
ports:
- "8080:80" # Adjust to your desired listening port
volumes:
- ./app:/app # Mount the local application directory
Now deploy the service using Docker Compose:
1
2
# Build and run the Docker image, creating a container with the defined configuration
docker-compose up --build
Troubleshooting
- Ensure that your domain name is correctly configured and resolves to your server’s IP address.
- Check the Nginx error log (
/var/log/nginx/error.log) for any issues. - Use
docker logs container_nameto view the application’s logs if needed.
Conclusion
By using a domain and reverse proxy instead of exposing ports, you improve the security of your self-hosted infrastructure. This setup allows for better automation, scalability, and flexibility in managing your DevOps projects. Furthermore, it enables easy SSL integration and provides performance optimizations through caching and load balancing.