Ddns or domain name + reverse proxy
Ddns or domain name + reverse proxy
I have been using no-ip for around two years to remotely access my hosted service, I mostly use their free service except for a few 5 months offers I bought.
Recently, I received a full year offer in email for 8$ (COUPON CODE: MAY8), and I was wondering whether to get that or buy a 2 years domain for the same price (FROM hostinger or namecheap).
I have never bought a doamain before and my knowledge is limited to what I mostly read here. So, per your opinion, what would be better in term of usability and security, a DDNS on the router and a port open per hosted-service? or a domain with reverse proxy?
You're viewing a single thread.
I opted for dynamic dns and reverse proxy. I configured my reverse proxy to use TLS and also to require client certificates, which I install on my devices. You get so much flexibility and added consistency to your application security that I feel it is a must.
Would you please share what dynamic dns provider you use? I remember trying to set nginx pm to use my no-ip hostname (xyz.ddns.net) but I could not figure out how to link my hosted-services as subdomains (say portainer.xyz.ddns.net)
I’m using Dynu for DDNS. They support subdomains as part of their DNS. You can configure nginx to service/route requests to each subdomain differently.
Another option is subpaths: xyz.ddns.net/portainer
Just one open port, to your reverse proxy (nginx or other).
The client updating no-ip with your dynamic IP is independent of the reverse proxy software.
Another option is subpaths: xyz.ddns.net/portainer
While you can do that, you should be aware of the security implications (every application can see and modify every other application's cookies). If at all possible, I would try to avoid this setup.
I second that. This practice comes from a time where domain names were expensive, in many ways: SNI didn't exist/wasn't wide-spread, so each domain name on HTTPS needed a dedicated IP, Certificates weren't democratized yet via letsencrypt/acme and most hosts were big enough to run multiple services, because virtualization wasn't as widely available yet. So putting apps on sub-paths made sense.
Now all of those things are basically dealt with and putting each app on its own sub-domain just makes way more sense.