so i am new to reverse proxies but i think i got it setup and it makes sense to me, just want to make sure this in fact is the correct for my setup.
i use synology’s free ddns service and i use that ddns for my vpn in order to be connected when not physically here. i have not forwarded the synology ip on my router to the internet. i have forwarded port 1194 for the ip that my vpn runs on.
i mainly wanted to setup a reverse proxy for HA to use the voice functionality. i have always seen reverse proxies, but now decided to give it a shot. i run two piholes locally and my router uses the piholes ip for all my devices on my network.
i ended up going with nginx reverse proxy on docker. i created a macvlan on docker and assigned nginx container a static ip. i forwarded ports 80 and 443 to the nginx docker container ip on my router. correct me if i am wrong, but this will allow nginx to create and renew certs from let’s encrypt and then let me access whatever proxy hosts i specified with public access?
the first thing i did was create a ssl cert for my ddns name (domain) when i try to test server reachability i am getting an error Communication with the API failed, is NPM running correctly?
But if i ignore and agree to lets encrypt terms and hit save. it comes up and shows active and when it will be renewed…(i guess it worked?)
then i proceeded to make a host proxy and add ssl cert to it, but this time i put a name before my ddns (domain) say plex.ddns.here. the proxy is added successfully and cert applied to it and shows as separate cert in ssl certs.
now i can access that service with that link whether i am on my network or have no connection to my network at all. i made an access list and specified my private internal networks (vlans) and assigned that to specific proxy hosts. The hosts that are under local access i can only access locally if i am on the subnet specified on that access list. the public proxy hosts i can access locally on network or on the internet.
does it seem like i did this to my liking correctly and i understand this? thanks !!
Is there something wrong with using Synology’s built-in reverse proxy?