Setup
NGINX allows you to quickly and effectively implement a reverse proxy, basically a single HTTPS entrypoint for all the HTTP services in your LAN.
E.g. the gitlab docker image serving plain HTTP content over the local network http://192.168.0.200:8000/ will be accessible through "https://your.domain/gitlab/" from the internet.
Installation is as simple as:
sudo apt install nginx
Since this is a reverse proxy for the whole site, I put every record in the "default" file: /etc/nginx/sites-available/default
You might have to "enable" it by creating a symlink in the "sites-available" like so: sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/
Domain and HTTPS
Your domain
The choice depends on your needs.
If you're not interested in mail services, you can get a free subdomain, e.g. from afraid.org. You can easily create one from the many available and find instructions on how to keep the IP up to date through a RESTful API call.
Otherwise, I'd recommend purchasing a domain from cloudflare. They're cheap and fully customizable with MX, TXT and all the records a mailserver needs.
Configuration and SSL certificates
If you want a public website, a secure HTTP is a must. For that, you obviously need a private key and a public certificate.
One option is to generate the pair yourself (so-called self-signed certificate), but browsers will complain that no independent third-party can validate it as it's typical of dodgy websites that want to operate anonymously.
Letsecrypt is a free service that provides verified/validated certificates for your domain. This will suppress browser warnings and show "green/valid certificate" icons next to the web address.
You need to make sure ports 80 and 443 are forwarded in your internet router before you begin.
First, install certbot:
sudo apt install certbot
Then make sure you have an entry point for your domain in /etc/nginx/sites-available/default like so:
server
{
server_name YOUR.DOMAIN;
}last, issue the following (and follow the guided procedure):
sudo certbot run -d your.domain --nginx
More at https://certbot.eff.org/instructions?ws=nginx&os=snap
The file should then look more or less like this:
server
{
server_name YOUR.DOMAIN;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/<YOUR DOMAIN>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<YOUR DOMAIN>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server
{
if ($host = YOUR.DOMAIN) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name YOUR.DOMAIN;
listen 80;
return 404; # managed by Certbot
}
Main site
I recommend Drupal as the main website content manager, you can find setup and configuration instructions in the link.
If you want to just test NGINX with static pages you can insert this in your main "server" block, the one listening on port 443:
location /
{
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
root /var/www/html;
}Back to top
Comments