Build Your First
Reverse Proxy
1
SET UP YOUR DOMAIN
Your reverse proxy requires a domain (such as “yourname.
com”) that you use to “dial” into your services while on the
road. If you already have one, we recommend logging on to your
domain provider’s control panel, and setting up a dedicated
subdomain for the task—for example, “myservers.domain.com.”
You need to investigate ways of pointing this subdomain to your
home network’s public IP address (the one you get when typing
http://www.whatsmyip.com into a browser when you’re at home and
not connected through a VPN).
>> In NameCheap, for example, click “Manage” next to your
domain name under “Domains,” then verify the domain is using
a supported DNS (typically Namecheap Basic DNS) before
selecting the “Advanced DNS” tab. Scroll down to “Dynamic DNS”
and click “Add New Record.” Enter your choice of subdomain
(“services” in our example) in the “Host” field, and your home
network’s current public IP address in the “Value” field. Leave
“TTL” set to “Automatic” and click the check mark [Image A].
>> Once created, typing your new subdomain into your web
browser will attempt to connect you to whatever device on your
home network is currently accepting connections from port 80. If
it’s your router’s administration page, now is the perfect time to
switch that feature off, for obvious security reasons.
>> If you don’t currently have a domain, use a Dynamic DNS
hostname from a provider such as No-IP (www.noip.com), whichOVER THE PAST FEW ISSUES, we’ve shown you how to build a few practical self-hosted servers:
NextCloud for cloud storage, Bitwarden for password management, and Booksonic for
audiobook collections, to name but three. While it’s possible to configure all three for remote
access over the Internet, it’s an awkward process ensuring each individual server has access
to a secure, encrypted Internet connection.
One of the many uses for a reverse proxy is to act as an intermediary between the Internet
and any self-hosted servers you want to access remotely. Simply configure your router to
forward all relevant ports to your reverse proxy, and it does the rest. Why do this? Because
your reverse proxy secures all incoming and outgoing connections, making it easy to obtain and
manage a free SSL certificate that encrypts traffic from all your self-hosted servers from one
convenient location.
In this first of a two-part series, we’re going to set up the nginx reverse proxy with a free,
self-renewing Let’s Encrypt SSL certificate to give you secure access to your NextCloud server
from anywhere in the world. Next issue, we’ll explore more configurations, plus delve deeper
into other uses for your nginx reverse proxy.–NICK PEERSYOU’LL NEED THIS
DEBIAN-BASED LINUX
This includes Ubuntu or the
Rasbian on the RPi, and you
also need your own domain
name. Windows 10 users can
follow this tutorial using the
Linux Bash Shell (see the
box opposite).offers a range of free addresses—how about “yourname-
services.myddns.me,” for example? All you need to do is
manually renew the hostname every 30 days.2
FINISH SETTING UP PREREQUISITES
Your public IP address may change over time, so
it’s important that you follow any instructions to
ensure your subdomain is updated whenever your public
IP address changes. Both Namecheap and No-IP offer
free software downloads, but check your router or NAS:
QNAP owners should investigate the “Network & Virtual
Switch > DDNS” setting, where a handy template for
No-IP and other major DDNS hostname providers exists.
It’s the ultimate set-it-and-forget-it solution.
>> Next, you need to assign the PC running your
reverse proxy a static IP address. To do this in Linux,
open the terminal, and type the following command:
$ sudo nano /etc/network/interfaces
>> Locate the DHCP reference (“eth0” in our example
below), and change it to the following lines, before saving
and closing the file:
auto eth0
iface eth0 inet static
address 192.0.2.7/24
gateway 192.0.2.254
>> Windows users should assign a static IP through
Windows itself via “Settings > Network & Internet >
Change connection properties”—click “Edit” under
“IP settings.”
>> Once done, open your router’s configuration settings
in y o ur b r o w s e r, a n d l o c ate th e p o r t f o r w a r din g s e c tio n —
it may be labeled “ V ir tual Ser vers” or something similar.
You need to create two rules to divert all web traffic on
ports 80 (HTTP) and 443 (HTTPS) to the same ports
on your proxy server’s IP address [Image B].3
INSTALL NGINIX
We’re using the well-known nginx (www.nginx.
com) software in conjunction with Certbot (https://A56 MAXIMUMPC JAN 2020 maximumpc.com
R&D