I have an openwrt router at home which also acts as my home server. It’s running a bunch of services using docker (Jellyfin, Nextcloud, etc.)

I have set up an SSH tunnel between my openwrt router and VPS and can access jellyfin successfully.

I understand that I need to set up a reverse proxy to access multiple services and have https.

But I’m confused if I should set up this reverse proxy on the VPS or on the router itself. Is nginx the easiest option? Should i add subdomains in cloudflare for every service?

Pease don’t recommend vpns since they are all blocked where i live (wireguard, tailscale openVPN, etc.) I’m limited to using ssh tunneling only.

Thanks

  • just_another_person@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    4
    ·
    edit-2
    8 months ago

    Firstly…why are you routing your home stuff through a VPS? I’m confused on what is happening here.

    If you just want to access your things remotely, setup a VPN server on the router, and connect to it that way. You also dont need a reverse proxy or SSL if you’re already accessing things over a secured connection. Where did you get this info from?

      • just_another_person@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        8 months ago

        That was added later, obviously. Even still, you don’t need a VPS for this. This is overly complex .

        If SSH works, just forward ports and be done with it.

      • refalo@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        That’s not how VPNs work, you can’t just “block all of them”. I think OP just needs to use a pure-TLS VPN solution (like SoftEther) or an obfuscated one like shadowsocks/obfs from a not-super-well-known provider (or self-host it on a VPS/etc.) and they should be golden.

        • Felix_lm22@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 months ago

          They sniffing the traffic with DPI and block vpn tech on protocol level, so easy detectable things like OpenVPN, Wireguard and Tailscale doesn’t work anymore