So, I have some idea on what a reverse proxy does and will be using nginx (with the neat proxy manager UI) for my setup.

However, I’m not completely clear what exactly I want it to do and how I cn use it to run different services on one machine. I’m especially unclear on the ports configuration … tutorials will say things like “change the listening port to xxx for that service and to port yyy for the other service”

How does this work, which ports can I use and how do I need to configure the respective services?

EDIT: thanks everybody, your replies did help me a lot! I have my basic setup now up and running using portainer + nginx + fail2ban.

  • z3bra
    link
    English
    591 year ago

    ELI5

    So it’s saturday afternoon, a very hot one, so you ask your daddy for an ice cream (hosted service). The shop you go in is very bizarre though, as there is one vendor (TCP port) for each flavor (docker service/virtualhost). But it’s tricky because they’re all roaming in the shop, and you don’t know who’s responsible for each flavor. Your dad is also not very comfortable paying these vendors directly because they only accept cash and do not provide any receipt (self-signed certificate/no TLS).

    Hopefully, there is the manager (reverseproxy) ! This girl is right where you expect her: behind the counter (port 80/443), accept credit cards and has a receipt machine (Domain name + associated certificate). She also knows everyone on her team, and who’s responsible for each flavor !

    So you and your dad come to see the nice lady, ask for a strawberry + chocolate ice cream, and pay her directly. Once done, she forwards your request directly to the vendors responsible for each flavor, and give you back your ice cream + receipt. Life is good, and tasty !

    • DeadGemini
      link
      fedilink
      English
      101 year ago

      Worth noting OP: port 80 is HTTP, and port 443 is HTTPS

      • z3bra
        link
        English
        8
        edit-2
        1 year ago

        That one is easy ! Because in a few years (remember, you’re 5), you’ll be a scout ! And to collect a few dollars for your summer camp, you’ll sell pastries to the neighborhood. It’s easier than ever because it’s 2030, and everyone can just order the pastries on your website, and pay online. All you have to do now is hop on your bike, and deliver the pastries (network connections) to your neighbors (online servers). So you grab the first package, and read the label on it:

        • Mrs. Britneak

        And that’s it ! You have no idea who this person is, or where they live ! So you call out your leader (DNS server):

        • Hi Mr. Leader !
        • … (nobody ever get my UDP jokes)
        • So I got this package to deliver to mrs. Brtineak. But I don’t know where she lives
        • Oh sure, let me lookup the register (zone file). Hold on for a sec… Alright, she’s here: 62.644888, -160.194309

        And then he hangs up immediately (this is UDP, remember?).

        You write it down (local caching DNS server), and look it up. You’re a scout, so you’re trained to read and find GPS coordinates. You go there in a few minutes and deliver the package in time ! Mrs Britneak is happy, and you go on to the next package:

        • Mr. Tomburgh

        Time to call leader again !

      • z3bra
        link
        English
        41 year ago

        Please do ! Networking is beautiful and people need to know it !