Hi everyone!

I’m looking into self-hosting, and I currently have dynamic DNS set up to point to my home IP.

My question: is it worth getting a dedicated IP through a VPN?

I’m pretty technically savvy, but when it comes to networking I lack practical experience. My thought is that pointing my domain to a dedicated IP and routing that traffic to my home IP would be safer - especially if I only allow traffic on certain ports from that IP. Just curious if that idea holds up in practice, or if it’s not worth the effort.

  • atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    Nginx isn’t for security it’s to allow hostname-based proxying so that your single IP address can serve multiple backend services.

    • kakes@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Thanks, I’m only very vaguely familiar with NGINX, so I appreciate the clarification.

      • atzanteol@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        6 months ago

        To provide a bit more detail then - you would setup your proxy with DNS entries “foo.example.com” as well as “bar.example.com” and whatever other sub-domains you want pointing to it. So your single IP address has multiple domain names.

        Then your web browser connects to the proxy and makes a request to that server that looks like this:

        GET / HTTP/1.1
        Host: foo.example.com
        

        nginx (or apache, or other reverse proxies) will then know that the request is specifically for “foo.example.com” even though they all point to the same computer. It then forwards the request to whatever you want on your own network and acts as a go-between between the browser and your service. This is often called something like host-based routing or virtual-hosts.

        In this scenario the proxy is also the SSL endpoint and would be configured with HTTPS and a certificate that verifies that it is the source for foo.example.com, bar.example.com, etc.