Enable Multiple Servers/Sites Behind One Public IP With A Reverse Proxy

Most home Internet users only have one public IP address. That is very limiting if you want to expose multiple services/servers/sites to the Internet. A reverse proxy solves that problem. In this tutorial, we will walk through how to install and configure NGINX as a reverse proxy as well as some additional steps to enhance the security of the hosting system.


Index

  • Securing SSH – 01:42
  • Basic UFW/NGNIX Setup – 03:55
  • Configuring NGNIX – 05:36
  • Installing a Certificate – 11:56

SSH


#ssh cert auth
mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

ls -l /etc/ssh/sshd_config.d/

#force cert use for SSH

sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf

PermitRootLogin no
PasswordAuthentication no

sudo systemctl restart sshd

UFW


sudo apt list --installed | grep -i ufw
sudo apt install ufw
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
sudo ufw allow https/tcp
sudo ufw status
sudo ufw enable
sudo ufw disable

NGINIX – default


sudo nano /etc/nginx/sites-available/default
#server_name _;
return 444;

NGINX – site


sudo nano /etc/nginx/sites-available/rp.missingremote.com.conf

server {
server_name rp.missingremote.com;
listen 80;
listen [::]:80;

set $remoteserver 192.168.13.172:80;

location / {
return 444;
#proxy_pass http://$site;
# include proxy_params;
}

location /site {
rewrite ^/site(.*)$ $1 break;
proxy_pass_header Authorization;
proxy_pass $scheme://$remoteserver;
# proxy_pass http://$remoteserver;
include proxy_params;
}
}

sudo ln -s /etc/nginx/sites-available/rp.missingremote.com.conf /etc/nginx/sites-enabled/rp.missingremote.com.conf

NGINIX – commands


sudo nginx -t
sudo service nginx reload

CERTBOT – LetsEncrypt


sudo apt install certbot
sudo apt install python3-certbot-nginx

sudo certbot --nginx -d rp.missingremote.com