hmmm... i am stuck. i have some services running on different ports on the same host. is there a simple way to point a sub-domain onto a port instead of a directory? as in service.domain.tld points to ip:port, but without the need to specify the port after the tld every time?
retoot appreciated!
Edit: Solved. see my response to this toot please! thank you to everyone who helped, you are awesome! <3
=> More informations about this toot | More toots from Kamikazepinguin@chaosfurs.social
@Kamikazepinguin A common way to do this is SRV records, but the client accessing the service in question has to support it.
Otherwise, you'll almost certainly need a reverse proxy setup. Nginx is pretty much the default these days and it's pretty easy to setup. I have such a setup running.
Nginx takes the requests on port 443 (which is the default for HTTPS so users don't have to specify it) and forwards them to the service internally.
Another advantage of this setup is, that the services on the other ports don't have to be exposed to the Internet directly. You can bind them to the loopback interface (::1 and 127.0.0.1 respectively) and can then use Nginx to only forward requests that you consider "safe".
Thereby, Nginx becomes a makeshift firewall for the services behind it and you can use all of it's capabilities to limit access to your services.
=> More informations about this toot | More toots from RandomHost@tech.lgbt
@RandomHost @Kamikazepinguin If youโre hosting different HTTP services, it might be worth to take a look into traefik or caddy as well. Their configuration is a tad easier and they handle certificate management for encrypted connections for you as well.
=> More informations about this toot | More toots from NikTheDusky@chaos.social
@NikTheDusky @Kamikazepinguin I have work based trauma from building unmaintainable technology stacks.
The more "fancy shit" you pile up, the more stuff you have to maintain.
You never learn how these things that you abstract away work internally.
And when the creators of "fancy shit" decide that they got bored of it or developed themselves into a corner, they abandon it and talk you into adopting "fancy shit reloaded" which is sooooo much better but sadly has a dozen new dependencies which you also have to maintain.
And then you end up always chasing the latest bleeding edge prestige project that might not even be the best choice for your particular use case, just because everybody else adopted it already so you can't possibly miss out.
I've seen that go wrong SO many times.
Exploring options is fine, but always going for the "hype" solution is a pretty short-sighted strategy and usually comes back to bite you later.
=> More informations about this toot | More toots from RandomHost@tech.lgbt
@RandomHost @Kamikazepinguin Iโm running traefik for three years now and it never had any problem, but yes, I know what you mean. x3
=> More informations about this toot | More toots from NikTheDusky@chaos.social
@Kamikazepinguin a) No b) What you can do is run a proxy on the standard port that then interprets the URL or the hostname in the headers and sends it to different internal ports.
=> More informations about this toot | More toots from penguin42@mastodon.org.uk This content has been proxied by September (3851b).Proxy Information
text/gemini