Caddy would be possible.
https://caddy.community/t/example-docker-nextcloud-fpm-caddy-v2-webserver/9407
Because caddy is able to build automatic renewable ssl-certs on internal IP address.
The link isn't a perfect copy&paste solution, just a hint in the right direction for the config file.
Caddy is an ACME client (the protocol making automated cert issuance from Let's Encrypt possible). Having it built into the server means that you get access to more advanced features with certificate management that you can't get with other servers.
A big one for many companies is On-Demand TLS, which is a mode of operations where Caddy will have certificates issued on the fly for domains that it doesn't have a certificate for yet, for example if a customer of yours wants to use a custom domain for your SaaS. No other server does this.
Honestly, I could keep typing for days listing all the features. I suggest you look at everything it can do https://caddyserver.com/v2 and read the docs https://caddyserver.com/docs/
Yeah, just check out their site, it's got tons of walkthroughs for different scenarios and also forums to get help from and the dev is active on the forums. https://caddyserver.com/v2
So I run my stuff through subdomains like you. It's really simple, here's the gist of it:
1) either install caddy or run it via docker 2) make sure your gateway is pointing ports 80 and 443 to teh server running caddy(as it is what is listening on those ports) 3) set up dynamic DNS through your gateway and domain provider 4) create a "caddyfile" 5) profit
So the caddy file is dead simple. here's a write up on what you're doing. https://caddy.community/t/using-caddy-as-a-reverse-proxy-in-a-home-network/9427
Well its simple to setup but in my case im using several things specific to my setup.
Whit this its only a matter of Creating your Calibre DB on your NAS and pointing your Calibre-web to this DB.
If more info is needed feal free to PM me but a warning in advanced i may take some time to replay as i check reddit irregularly
So I know you found a solution, but here's what my setup looks like:
So, I have fun.domain. People can navigate to foundry.fun.domain, Cloudflare directs that to my IP address (which is kept updated by HomeAssistant). Caddy sees it coming in as foundry.fun.domain and proxys it over to the Foundry container/port.
Edit: Another benefit is that I don't have any ports open except for 80 and 443, which helps with security.
Look into a reverse proxy. You only keep 80 (HTTP) and 443 (HTTPS) open, and the request goes to your RP. RP takes a look at the request and, depending how you've set it up, moves things around.
As an example:
Not sure if that made ANY sense, but yeah, look into Caddy, Traefik, Nginx, etc. and always use a password.
cool, thanks. there are some really good DASH servers out there, such as Caddy2, Hypercorn, go-quic, so give those a go first, before writing your own... That said, writing from scratch is super cool, and so much fun...
I have not compared against Nginx, been too busy writing it :)
Best advise is download and give a whirl...
I think the best part of this work, is that, yes it is a HAS player with lots of cools features, but it is also a framework for prototyping your own work... so lots of functions can be added/changed at the client and server side to suit whatever you want to do...
So completely hackable, without having to start from scratch...
This is an initial beta version, and we hope to release v2.0 in the coming weeks, and that lots, lots more (such as collaborative players, real-time QoE modelling, WSGI and ASGI TCP/QUIC streaming...). I'll post here once I'm happy to release it...
I would suggest you take a look at Caddy instead. I'm not all that well versed in reverse proxies either but I've tried to do NGINX reverse proxies in the past and failed. Caddy, on the other hand, was simple to get started.
Caddy would handle the SSl certs for you with no extra work. It's so damned easy.
To give you an idea of how the config looks, this is mine.
files.DOMAIN.org { reverse_proxy ubuntu_nextcloud:80 }
guac.DOMAIN.org { redir / /guacamole/ 308 reverse_proxy guac:8080 { flush_interval -1 } }
jelly.DOMAIN.org { redir / /web/index.html 308 reverse_proxy ubuntu_jellyfin:8096 }
I didn't have to do shit for configuring SSL certs - Caddy does it for you as long as your DNS looks OK. I don't bother to SSL on my LAN so it just forwards unencrypted after it gets inside the LAN.