Enable Multiple Servers/Sites Behind One Public IP With A Reverse Proxy
Most home Internet users only have one public IP address. That is very limiting if you want to expose multiple services/servers/sites to the Internet. A reverse proxy solves that problem. In this tutorial, we will walk through how to install and configure NGINX as a reverse proxy as well as some additional steps to enhance the security of the hosting system.
Index
- Securing SSH – 01:42
- Basic UFW/NGNIX Setup – 03:55
- Configuring NGNIX – 05:36
- Installing a Certificate – 11:56
SSH
#ssh cert authmkdir -p ~/.sshnano ~/.ssh/authorized_keyschmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keysls -l /etc/ssh/sshd_config.d/#force cert use for SSHsudo nano /etc/ssh/sshd_config.d/50-cloud-init.confPermitRootLogin noPasswordAuthentication nosudo systemctl restart sshd
UFW
sudo apt list --installed | grep -i ufwsudo apt install ufwsudo ufw default allow outgoingsudo ufw default deny incomingsudo ufw allow sshsudo ufw allow http/tcpsudo ufw allow https/tcpsudo ufw statussudo ufw enablesudo ufw disable
NGINIX – default
sudo nano /etc/nginx/sites-available/default#server_name _;return 444;
NGINX – site
sudo nano /etc/nginx/sites-available/rp.missingremote.com.confserver {server_name rp.missingremote.com;listen 80;listen [::]:80;set $remoteserver 192.168.13.172:80;location / {return 444;#proxy_pass http://$site;# include proxy_params;}location /site {rewrite ^/site(.*)$ $1 break;proxy_pass_header Authorization;proxy_pass $scheme://$remoteserver;# proxy_pass http://$remoteserver;include proxy_params;}}sudo ln -s /etc/nginx/sites-available/rp.missingremote.com.conf /etc/nginx/sites-enabled/rp.missingremote.com.conf
NGINIX – commands
sudo nginx -tsudo service nginx reload
CERTBOT – LetsEncrypt
sudo apt install certbotsudo apt install python3-certbot-nginxsudo certbot --nginx -d rp.missingremote.com