Reverse proxy - hosting web app locally

Woyager

New Member
Nov 6, 2018
6
0
1
Hello guys.

I am currently working on a project where I would like to be able to access my web App N.1 (currently accessible only via IP:pORT) trough HTTPS and domain (https://www.example.eu/Application1) web App N.2 (https://www.example.eu/Application2) etc...

To be honest i am pretty clueless on how to actually do it as i am totally new in this area. I did find some info on reddit but those tutorials are mainly for linux and not windows 10. Secondly, they are all written in a pretty advanced level so I am not really able to follow them.

I already have the domain name bought.
I know I have to use NGINX or apache (or other reverse proxy - I dont know which one is better).
DNS is cloudflare - I´ve found somewhere that they have better routing with lower latency.


Any help would be much appreciated.
 

BackupProphet

Well-Known Member
Jul 2, 2014
799
285
63
Stavanger, Norway
kingmakers.no
Windows also has a /etc/hosts file somewhere where you can put your custom domains. You don't actually need to buy a domain for local use. I have no idea about configuring Apache nor Nginx for Windows. But what you usually want is to configure for a new site/domain as a virtual host.
 

kapone

Well-Known Member
May 23, 2015
772
368
63
You only need a reverse proxy if you don't want to expose your web server(s) to the Internet.

So, the question is do you want to expose the web server(s) or not? If not, why not?
 

Woyager

New Member
Nov 6, 2018
6
0
1
People who are accessing the current domain are complaining about me not using HTTPS (they are loging into the web app with their login info and exposing it) I know that I can not use HTTPS if I am not using a domain. Secondly, as I have already bought the domain name, it would be much easier for them to use that, instead of the IP and port numbers which are also hard to memorize.
 

kapone

Well-Known Member
May 23, 2015
772
368
63
People who are accessing the current domain are complaining about me not using HTTPS (they are loging into the web app with their login info and exposing it) I know that I can not use HTTPS if I am not using a domain. Secondly, as I have already bought the domain name, it would be much easier for them to use that, instead of the IP and port numbers which are also hard to memorize.
HTTPS has nothing to do with using a domain name or not, it has to do with how the web server(s) is configured.

Again, back to my original question.
 

Woyager

New Member
Nov 6, 2018
6
0
1
Well I don't really care if my server is exposed as long as the information that is in there stays safe and will be accessible only by those who have the login credentials.

The only thing that I want to do is for the users to be able to access the web app trough domain with https. The way with reverse proxy was only mentioned here because i have read on one forum that they did it with reverse proxy.
 

kapone

Well-Known Member
May 23, 2015
772
368
63
Well I don't really care if my server is exposed as long as the information that is in there stays safe and will be accessible only by those who have the login credentials.

The only thing that I want to do is for the users to be able to access the web app trough domain with https. The way with reverse proxy was only mentioned here because i have read on one forum that they did it with reverse proxy.
And there in lies the rub. Securing a web server exposed to the web is *not* a trivial task. A reverse proxy can only mitigate some of it, not all. You still have to harden the entire web server stack.
 

kapone

Well-Known Member
May 23, 2015
772
368
63
What could that actually mean to me as a layman ?
It means...to be honest...

1. Don't run a server exposed to the internet.
2. Learn what you need to, to do #1
3. Hire someone who knows how to do #1.
 

Woyager

New Member
Nov 6, 2018
6
0
1
So that basically means that even now when i am running the web app trough ip and port it is not that particularly safe?

Secondly, if I choose to use the reverse proxy to "mitigate some of it" and not "all of it" as the info that they are actually enter is nothing like security IDs nor card numbers, just nickname and password they created for my services? The actual number of people who will when know about the web site is max 40 as it is only to my friends. Is there a way to do it ?

Or just enable them to use the domain and https whatever way it is possible?
 

kapone

Well-Known Member
May 23, 2015
772
368
63
Web server/stack hardening is an industry on its own... :) That tells you the complexity level.

I have no way of answering your questions to any degree of completeness, without a very thorough discussion of what you're doing. Any answers I give will potentially be incorrect or misleading, without that level of information, and that's not something you should disclose publicly. Especially not without some level of legal protection.

I understand this may be just a hobby type thing, but the principles are the same.
 

Joel

Active Member
Jan 30, 2015
811
162
43
38
So that basically means that even now when i am running the web app trough ip and port it is not that particularly safe?
Yes. Plenty of hackers run ip/port scanners nonstop looking for open ports.

Secondly, if I choose to use the reverse proxy to "mitigate some of it" and not "all of it" as the info that they are actually enter is nothing like security IDs nor card numbers, just nickname and password they created for my services? The actual number of people who will when know about the web site is max 40 as it is only to my friends. Is there a way to do it ?
You need SSL (HTTPS) first if you want any sort of restriction. If you don’t, any passwords you send will be unencrypted and could be intercepted.

Or just enable them to use the domain and https whatever way it is possible?[/QUOTE]

I’m still working through this stuff myself so that I would be able to access my NAS at home while I’m sitting at a Starbucks either down the street or 1000 miles away.
 

Woyager

New Member
Nov 6, 2018
6
0
1
Yes. Plenty of hackers run ip/port scanners nonstop looking for open ports.



You need SSL (HTTPS) first if you want any sort of restriction. If you don’t, any passwords you send will be unencrypted and could be intercepted.

Or just enable them to use the domain and https whatever way it is possible?
I’m still working through this stuff myself so that I would be able to access my NAS at home while I’m sitting at a Starbucks either down the street or 1000 miles away.[/QUOTE]

Okay, so the next step is to do the ssl on my side. How should this be done ?
Then install the reverse proxy?
Then connect it somehow to the domain?
 

Callan05

New Member
Nov 8, 2018
18
7
3
If you just want to access your nas remotely, then I think a VPN is a better option than reverse proxy.
Some nas units have vpn servers available.

I run both for different reasons, and the reverse proxy is a seperate machine behind a firewall. Not a trivial setup.