Reverse Proxy Clarification
by nooobeee from LinuxQuestions.org on (#5BW0K)
I've been setting up a homelab and am looking at making some additional services available externally. With only one public IP address, I am looking to setup a reverse proxy to enable me to do this without having to setup unique ports for each web-related service.
I already had nextcloud setup with a letsencrypt cert which was working. I figured it'd be quick to just setup nginx to reverse proxy that. Turns out that it doesn't seem to be quite that simple.
I think part of the problem is with my understanding of the underlying architecture. When setting up nginx as a reverse proxy, it is my understanding that typically the nginx reverse proxy system handles the public facing certificates. This seems beneficial so that this system can handle the letsencrypt renewals for all my servers.
The main question I have right now is the setup of the backend servers. If I'm using something like certbot to renew letsencrypt certs, do I just set that up on the reverse proxy? Then does that mean I should disable ssl on the backend servers? Or is there a way to setup nginx so everything is relayed including the tasks necessary for the certbot cert renewal?
I already had nextcloud setup with a letsencrypt cert which was working. I figured it'd be quick to just setup nginx to reverse proxy that. Turns out that it doesn't seem to be quite that simple.
I think part of the problem is with my understanding of the underlying architecture. When setting up nginx as a reverse proxy, it is my understanding that typically the nginx reverse proxy system handles the public facing certificates. This seems beneficial so that this system can handle the letsencrypt renewals for all my servers.
The main question I have right now is the setup of the backend servers. If I'm using something like certbot to renew letsencrypt certs, do I just set that up on the reverse proxy? Then does that mean I should disable ssl on the backend servers? Or is there a way to setup nginx so everything is relayed including the tasks necessary for the certbot cert renewal?