Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Yes, and wouldn't the traffic between his friend and his home server be encrypted as well? :)
The OP should first figure out how to do this with basic HTTP and then once it works he can do a more fancy setup like setup letsencrypt on the local server in order to have his website protected with a valid certificate.
Then he can configure the VPS Nginx instance to do SSL pass-thru on port 443. This makes it so the VPS will be able to receive HTTPS traffic and send it back to his home server without having to do SSL termination / decryption / dealing with SSL certificates. Only the home server will have the certificates thus be able to decrypt the traffic.
Once the website can be accessed from both servers directly with SSL he can proceed to disable plain text HTTP traffic. To do this simply remove the entire
server { listen 80
section on both servers. The home server should end upserver { listen listen [::]:443 ssl;
section so it listens in both IPv4 and IPv6 for HTTPs traffic. The VPS should only have thestream
at/etc/config/nginx.conf
as described above - make sure the previous server block entry is removed from the VPS as it is no longer needed.If the OP goes through all those steps then none of the servers will accept plain HTTP traffic and the VPS will only proxy encrypted data back to his home. The beauty of SSL pass-thru is that the VPS doesn't have the means to decrypt the traffic, you won't have to manage certificates in across two servers and it's way easier to setup than a WG tunnel.