There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

TCB13 , (edited )
@TCB13@lemmy.world avatar

@foremanguy92_ ,

Step 1: get a cheap VPS, or even a free one (www.oracle.com/cloud/free/)

Step 2: If you’ve a static IP at home great, if you don’t get a dynamic DNS from freedns.afraid.org or www.duckdns.org

Step 3: Install nginx on the VPS and configure it as reverse proxy to your home address. Something like this:


<span style="color:#323232;">server {
</span><span style="color:#323232;">    listen 80;
</span><span style="color:#323232;">    server_name example.org; # your real domain name you want people to use to access your website
</span><span style="color:#323232;">    location / {
</span><span style="color:#323232;">        proxy_pass http://home-dynamic-dns.freeprovider... # replace with your home server IP or Dynamic DNS.
</span><span style="color:#323232;">        proxy_set_header Host $host;
</span><span style="color:#323232;">        proxy_set_header X-Real-IP $remote_addr;
</span><span style="color:#323232;">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</span><span style="color:#323232;">        proxy_redirect off;
</span><span style="color:#323232;">    }
</span><span style="color:#323232;">}
</span>

Step 4: Point your A record of example.org to your VPS.

Step 5: there’s a potential security issue with this option: nginx.org/en/docs/…/ngx_http_realip_module.html#s… and to get around this you can do the following on the home server nginx config:


<span style="color:#323232;">http {
</span><span style="color:#323232;">(...)
</span><span style="color:#323232;">        real_ip_header    X-Real-IP;
</span><span style="color:#323232;">        set_real_ip_from  x.x.x.x; # Replace with the VPS IP address.
</span><span style="color:#323232;">}
</span>

This will make sure only the VPS is allowed to override the real IP of the client.

Step 6: Once your setup works you may increase your security by using SSL / disabling plain HTTP setup letsencrypt in both servers to get valid SSL certificates for real domain and the dynamic DNS one.

Proceed to disable plain text / HTTP traffic. To do this simply remove the entire server { listen 80 section on both servers. You should replace them with server { listen 443 ssl; so it listens only for HTTPs traffic.

Step 7: set your home router to allow incoming traffic in port 443 and forward it into the home server;

Step 8: set the home server’s firewall to only accept traffic coming from outside the LAN subnet on port 443 and if it comes from the VPS IP. Drop everything else.

Another alternative to this it to setup a Wireguard tunnel between your home server and the VPS and have the reverse proxy send the traffic through that tunnel (change proxy_pass to the IP of the home server inside the tunnel like proxy_pass http://10.0.0.2). This has two advantages: 1) you don’t need to setup SSL at your home server as all the traffic will flow encrypted over the tunnel and 2) will not require to open a local port for incoming traffic on the home network… however it also has two drawbacks: you’ll need a better VPS because WG requires extra processing power and 2) your home server will have to keep the tunnel connected and working however it will fail. Frankly I wouldn’t bother to setup the tunnel as your home server will only accept traffic from the VPS IP so you won’t gain much there in terms of security.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •