I have a nextcloud instance being hosted from my home network. The URL associated with it points directly at my home’s IP. I don’t want to host the instance on a VPS because disk space is expensive. So, instead, I want to point the URL at the VPS, and then somehow route the connection to my home’s nextcloud instance without leaking my home’s ip.
How might I go about doing this? Can this be achieved with nginx?
EDIT: Actually, not leaking my home’s IP is not essential. It is acceptable if it is possible to determine the IP with some effort. What I really want is to be able to host multiple websites with my single home IP without those websites being obviously connected, and to avoid automatic bots constantly looking for vulnerabilities in my home network.
You can setup HTTP reverse proxy on your VPS. You’ll need to point the domain to your VPS for that to work.
What I really want is to be able to host multiple websites with my single home IP without those websites being obviously connected
That’s easy. You have two ways:
- Host the websites under different paths in the same domain. If your websites are static this is fine, but if they are “services” this may not be feasible (and could be very complicated if it is feasible).
- Host them under different sub-domains. The way it works is you create a bunch of NS records in your DNS, pointing the subdomains to your root domain, and setup one “virtual host” for each of them in your HTTP server. Both Apache and Nginx have the ability to match virtual host by domain name.
to avoid automatic bots constantly looking for vulnerabilities in my home network.
I’m not sure how you would eliminate bots by separating the websites though.
I have done this before by setting up a Wireguard VPN link between my home server and a VPS, and then running a reverse proxy (such as Caddy) on the VPS, which basically forwarded web requests to my home server. This works well for most things, although there was a definite performance hit by routing traffic through the extra hop.
By using the VPN connection, you wouldn’t even need to open a port on your home network which is a great starting point for security as well.
Reverse proxy with caddy?
If all you’re wanting to do is hide your home ip, could you just put it behind cloudflare?
You can set up nginx to do reverse proxy to your home IP, and then limit the traffic on your home IP to the VPS IP.
You can also setup a wireguard VPN between VPS and your home machine, so the traffic between VPS and your hoke machine is encrypted.
For DNS you just point to the VPS, and manage connections there, and on home network allow only VPS IP to connect. Then manage your security on the VPS.
You could do the VPN / VPS option with a reverse proxy like nginx proxy manager. Or, you could use Cloudflare tunnels. Worth noting that from a privacy perspective you’d be putting a lot of trust in Cloudflare. The same is also true for whoever you pick as your VPS provider
Thanks! Wireguard was suggested as a VPN, and I am currently playing with that.
