Our great sponsors
-
Nginx Proxy Manager
Docker container for managing Nginx proxy hosts with a simple, powerful interface
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Now for accessing the services: after you start them as explained above, they are already accessible at http://your-vps-ip:port. However, it is a bad idea to leave them like this exposed to the internet without any type of security. Depending on what you want and what your needs are, you can do different things here. One thing that I've did in the past was to install Tailscale on my servers as well as on all the client devices. Tailscale is a zero-config VPN service based on the WireGuard protocol which basically creates an overlay private network between all your devices. It is free for up to 20 devices I think. If you go this route, then you will still be able to access your services via the IP and port (or via the machine name and port) but you need to make sure that the firewall on the VPS blocks access on the "normal" IP for port 80 and serves this traffic only on the tailscale interface (there are guides on the Internet on how to do this, see for example here). This solution works only if you can install Tailscale on all the devices which will be used to access the services (i.e. the client devices).
If you want to publicly expose the services on the internet, then you would need something like a reverse proxy. I personally recommend NGINX Proxy Manager which is quite easy to install and to configure. You would also need a domain and an SSL certificate (here I recommend to use Cloudflare which has a very nice free plan which includes a free SSL certificate which is valid up to 15 years). For NGINX Proxy Manager there are quite a few guides on YouTube, I personally followed and liked the ones from [https://www.youtube.com/c/DBTechYT](DB Tech). Traefik is also a reverse proxy but for my personal taste it was too complicated to setup and use.
One problem I was struggling with was securing the server with ufw while using Docker, as Docker tends to ignore ufw settings. What do you do about that issue? On this sub ufw-docker was recommended. Do you use it? https://github.com/chaifeng/ufw-docker
Related posts
- BunkerWeb: Nginx-based open-source Web Application Firewall (WAF)
- DevOps Simplified: Easy-to-Use Container Projects Deployment
- :latest or :version for supporting services?
- Questions about selfhosted-gateway for Docker containers: VPN and Traffic Routing
- Stumped: Jellyfin + wireguard + vps X-forwarded for settings