this post was submitted on 19 May 2025
92 points (95.1% liked)

Selfhosted

46680 readers
350 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
92
How to reverse proxy? (lemm.ee)
submitted 5 days ago by [email protected] to c/[email protected]
75 comments fedilink hide all child comments
 

Hi everybody.

How should I setup reverse proxy for my services? I've got things like jellyfin, immich a bitwarden running on my Debian server in docker. So should i install something like nginx for each of these also in docker? Or should I install it from repository and make configs for each of these docker services?

Btw I have no idea how to use something like nginx or caddy but i would still like to learn.

Also can you use nginx for multiple services on the same port like(443)?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 days ago (1 children)

Ok I'm not any networking expert but I think you are overestimating the risk here.

Opening a port doesn't mean you are opening your whole home network just the specific services you want. And those not directly but with a web server in front of them . Web servers talked in this tgread that sit in front of open ports are well audited . I think that measures like mtls a generic web server hardening are more than ok to not ever be compromised.

But yeah I'm surely interested to listen if you could elaborate.

Thanks

[–] [email protected] 1 points 3 days ago

Opening a port doesn't mean you are opening your whole home network just the specific services you want.

until a new high severity vulnerability gets discovered and some bot exploits it on your server, taking it over. and you won't even know. if they were a bit smart, you won't notice it ever either.

but there's more! its not only the reverse proxy that can be exploited! over the past few years, jellyfin has patched a dozen vulnerabilities, some of which allowed execution of arbitrary system commands. one of the maintainers have expressed that nobody should be running those old versions anymore, because they are not safe even only on the LAN. and this was just jellyfin.